Switch and cables

Reports that eBay has been running port scans against the computers of visitors to the platform have caused alarm over potential security issues.

Port Scans

Port scanning is something that many people associate with cyberattacks and penetration (‘pen’) testing.  Scripts are used to determine which ports a system is listening to. To do this packets of information are sent to a user’s machine and the destination port is varied. It can help an attacker to determine what services may be running on the system. Thereby gaining information that could identify the operating system the target has.

However, port scan can be used to counter the activities of cybercriminals by scanning for remote-control access ports. This detects any criminals that may be logged into a user’s computer in order to impersonate them on various platforms/sites.


According to US-based security researcher Charlie Belmer, and recorded on his nullsweep.com blog. In recent observations of port scans by eBay he reports that they appeared to be look for VNC services being run on the host (the same thing that was reported for bank sites).  The ports scanned by eBay are generally used for remote access and remote support tools e.g. Windows Remote Desktop, VNC, TeamViewer and others.

Mr Belmer has listed the 14 different ports he observed as being scanned by eBay. He concluded that the port scanning he observed being run from eBay was “clearly malicious behaviour and may fall on the wrong side of the law”.


On his blog, Mr Belmer urges anyone else who observes this port scanning behaviour to “complain to the institution performing the scans, and install extensions that attempt to block this kind of phenomenon in your browser, generally by preventing these types of scripts from loading in the first place”.

Maybe Just Fighting Fraud

We should bear in mind that there were reports 4 years ago of cybercriminals taking over users’ computers using TeamViewer to make fraudulent purchases on eBay. It may be likely that the port scanning observed is simply part of eBay’s efforts to fight fraud. By trying to detect if a compromised computer is being used to make fraudulent purchases on its platform.

What Does This Mean For Your Business?

Being an auction site, eBay clearly must take measures to ensure that fraudulent purchases cannot be made. Also they must guard against problems similar to those experienced with TeamViewer four years ago. 

It is understandable, however, that a practice often associated with criminal activity and penetration testing may cause alarm among those familiar with the more technical aspects of Internet security.

Although the matter has been reported by Mr Belmer on his blog, it is unclear yet what action or statements, if any, are likely to come from eBay.

Lastly, if you would like to discuss your technology requirements please:

Back to Tech News