Intent to Ship: Block HTTP ports 69, 137, 161, 1719, 1720, 1723, 6566, 10080

333 views
Skip to first unread message

Frederik Braun

unread,
Jan 29, 2021, 2:31:39 AMJan 29
to dev-platform
Hi,

A couple of weeks ago, I have added the ports mentioned above to the
existing list of blocked ports.
The additional port blocking is in response to an improvement of last
year's "NAT slipstreaming" attack, see footnote [1] for more.
Again, we acknowledge that this stops an instance of the attack rather
than solving the problem, which will have to happen elsewhere.

This announcement was delayed for the sake of coordinated disclosure
with other vendors.


Bugs: 1677940 and 1677047

Standard: If all goes well, this will be in fetch
<https://github.com/whatwg/fetch/pull/1148>

Platform coverage: on all paltforms

Preference: We can revert this using the existing
network.security.ports.banned.override pref

DevTools bug: N/A

Other browsers: Blink shipped

web-platform-tests: Coming.


Thanks,
Freddy

[1]
<https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/>
Reply all
Reply to author
Forward
0 new messages