Never Ending Security

It starts all here

Tag Archives: No Script

Blocking FTP for better privacy, against deanonymising and IP leaking

If you are using a VPN, then you are good to go. Because all traffic inclusive FTP traffic will be routed true the VPN adapter. But if you are using some kind of proxy without a vpn connection, like let’s say if you are tunneling your internet traffic true a SSH proxy, SOCKS proxy, SSL proxy or even if you are connected to the TOR network directly from your home network without being first connected to some VPN provider. In any of these situations the FTP protocol is a dangerous threat to your privacy, because FTP services are routed outside of the tunneled proxy you are using and could expose your real identity. So blocking FTP is a important thing when you want to protect your privacy.
To block FTP services, you can use the so called portfiltering on your router or firewall for port 21 that’s the standard port used by ftp.
Portfiltering works by blocking all traffic on a specific port.
But blocking all trafic on port 21 won’t give you a full protection against this kind of threat. Because someone can config a server to use the ftp protocol on a different port, for example let’s say on port 80. That’s the same port that is used by HTTP services, and would make portfiltering pretty useless to defeat against some nasty traps.
A better option to completly block FTP can be done by setting up a custom filter group with the Adblock Plus Add-on in your browser. The Addblock Plus Add-on can be downloaded for almost any browser. But please take in mind that the Adblock Plus filters are ONLY working if you have javascript activated in your browser! Be aware of the fact when you are having javascript activated you are vurnable to so called hidden iframes, with a size of 1 by 1 pixel these can’t almost not be seen with the naked eye. One can use the No-Script add-on to block iframes. But at all make sure that javascript is not blocked by the No-Script add-on in order get Adblock Plus working correctly.
After installing Adblock Plus in your browser, go to the Adblock preferences -> custom filters -> add filter group. And add the following 4 rules to your custom filter group:

Then save the settings you have changed, and restart your browser to have them get activated and working.
To check if your custom filters are working correctly you can use the Jondonym IP-check at because this test tries to read out your real IP-address by using the FTP protocol.
If your browser is still leaking your real IP, then reactivate your custom filter group in the Adblock Plus settings and try again.