info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to Ship: Block HTTP ports 69, 137, 161, 1719, 1720, 1723, 6566, 10080
364 views
Skip to first unread message
Frederik Braun
Jan 29, 2021, 2:31:39 AM1/29/21
to dev-platform
Hi,
A couple of weeks ago, I have added the ports mentioned above to the
existing list of blocked ports.
The additional port blocking is in response to an improvement of last
year's "NAT slipstreaming" attack, see footnote [1] for more.
Again, we acknowledge that this stops an instance of the attack rather
than solving the problem, which will have to happen elsewhere.
This announcement was delayed for the sake of coordinated disclosure
with other vendors.
Bugs: 1677940 and 1677047
Standard: If all goes well, this will be in fetch
<https://github.com/whatwg/fetch/pull/1148>
Platform coverage: on all paltforms
Preference: We can revert this using the existing
network.security.ports.banned.override pref
DevTools bug: N/A
Other browsers: Blink shipped
web-platform-tests: Coming.
Thanks,
Freddy
[1]
<https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/>
A couple of weeks ago, I have added the ports mentioned above to the
existing list of blocked ports.
The additional port blocking is in response to an improvement of last
year's "NAT slipstreaming" attack, see footnote [1] for more.
Again, we acknowledge that this stops an instance of the attack rather
than solving the problem, which will have to happen elsewhere.
This announcement was delayed for the sake of coordinated disclosure
with other vendors.
Bugs: 1677940 and 1677047
Standard: If all goes well, this will be in fetch
<https://github.com/whatwg/fetch/pull/1148>
Platform coverage: on all paltforms
Preference: We can revert this using the existing
network.security.ports.banned.override pref
DevTools bug: N/A
Other browsers: Blink shipped
web-platform-tests: Coming.
Thanks,
Freddy
[1]
<https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/>
0 new messages