1. Just because something is listening on localhost doesn't also mean it's listening on the machine's network IP address.
2. Most ISPs supply routers that have NAT firewalls enabled by default, so a machine listening on a private address behind one of those is unlikely to be accessible from the public IP address of the router.
3. If you're not banner grabbing how do you know what's actually listening?
4. I'm pretty sure ISPs do or used to do port scans of customer's public IP addresses, Virgin/Telewest definitely used to do that to me years ago. Does that still happen?
5. I'm slightly concerned that client side JavaScript could be scanning any local IP addresses on my internal network, and wonder what's the legitimate use for this functionality in a web browser? Seems like a drive by IoT disaster waiting to happen.
Biting the hand that feeds IT
