Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add port 5060 to bad ports (SIP) #1108

Closed
ricea opened this issue Nov 2, 2020 · 2 comments
Closed

Add port 5060 to bad ports (SIP) #1108

ricea opened this issue Nov 2, 2020 · 2 comments
Labels
addition/proposal New features or enhancements security/privacy There are security or privacy implications security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. topic: port blocking

Comments

@ricea
Copy link
Collaborator

ricea commented Nov 2, 2020

Packets on port 5060 are treated specially by some NAT devices. It may be possible to trick them with a carefully-crafted HTTP request body.

See https://samy.pl/slipstream.
@annevk
Copy link
Member

annevk commented Nov 3, 2020

Thank you for filing this. Firefox is looking into this as well, and potentially 5061 even though it's technically for TLS.

https://bugzilla.mozilla.org/show_bug.cgi?id=1674735

cc @mozfreddyb

@annevk annevk added addition/proposal New features or enhancements security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. security/privacy There are security or privacy implications labels Nov 3, 2020
@mozfreddyb
Copy link
Collaborator

Thanks! This will likely go into Firefox 84 (currently Firefox Nightly), unless we hit breakage which we are able to address with a preference update.

mozfreddyb added a commit to mozfreddyb/fetch that referenced this issue Nov 3, 2020
@mozfreddyb
Fix whatwg#1108: Adding ports 5060, 5061 to the list of blocked ports
5d47e22
mozfreddyb added a commit to mozfreddyb/fetch that referenced this issue Nov 3, 2020
@mozfreddyb
Fix whatwg#1108: Adding ports 5060, 5061 to the list of blocked ports
c7a999a
ghostd added a commit to ghostd/servo that referenced this issue Nov 4, 2020
@ghostd
Update the "bad ports" list
9b31533 
whatwg/fetch#1108
@ghostd ghostd mentioned this issue Nov 4, 2020
Merged
5 tasks
@annevk annevk closed this as completed in 124d9e8 Nov 5, 2020
bors-servo added a commit to servo/servo that referenced this issue Nov 19, 2020
@bors-servo
Auto merge of #27738 - ghostd:update-bad-ports, r=jdm
30347a4 
Update the "bad ports" list

whatwg/fetch#1108

<!-- Please describe your changes on the following line: -->

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)

<!-- Either: -->
- [x] There are tests for these changes OR
- [ ] These changes do not require tests because ___

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
addition/proposal New features or enhancements security/privacy There are security or privacy implications security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. topic: port blocking
Milestone
No milestone
Development

No branches or pull requests
3 participants
@annevk @mozfreddyb @ricea