Why do browsers block some ports?
I\'m playing around with websockets and it appears, that all browsers with native websocket support I tested with (Safari, Chrome) block some ports. If I try to connect to m
-
To add a fresh list to the old question:
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
// The general list of blocked ports. Will be blocked unless a specific // protocol overrides it. (Ex: ftp can use ports 20 and 21) const int kRestrictedPorts[] = { 1, // tcpmux 7, // echo 9, // discard 11, // systat 13, // daytime 15, // netstat 17, // qotd 19, // chargen 20, // ftp data 21, // ftp access 22, // ssh 23, // telnet 25, // smtp 37, // time 42, // name 43, // nicname 53, // domain 77, // priv-rjs 79, // finger 87, // ttylink 95, // supdup 101, // hostriame 102, // iso-tsap 103, // gppitnp 104, // acr-nema 109, // pop2 110, // pop3 111, // sunrpc 113, // auth 115, // sftp 117, // uucp-path 119, // nntp 123, // NTP 135, // loc-srv /epmap 139, // netbios 143, // imap2 179, // BGP 389, // ldap 427, // SLP (Also used by Apple Filing Protocol) 465, // smtp+ssl 512, // print / exec 513, // login 514, // shell 515, // printer 526, // tempo 530, // courier 531, // chat 532, // netnews 540, // uucp 548, // AFP (Apple Filing Protocol) 556, // remotefs 563, // nntp+ssl 587, // smtp (rfc6409) 601, // syslog-conn (rfc3195) 636, // ldap+ssl 993, // ldap+ssl 995, // pop3+ssl 2049, // nfs 3659, // apple-sasl / PasswordServer 4045, // lockd 6000, // X11 6665, // Alternate IRC [Apple addition] 6666, // Alternate IRC [Apple addition] 6667, // Standard IRC [Apple addition] 6668, // Alternate IRC [Apple addition] 6669, // Alternate IRC [Apple addition] 6697, // IRC + TLS };讨论(0) -
For the completeness of the answer, a more complete list can be found on those links :
- http://www-archive.mozilla.org/projects/netlib/PortBanning.html
- http://code.google.com/p/browsersec/wiki/Part2#Port_access_restrictions
讨论(0) -
Okay, I found the answer. Sometimes you just don't see the forest for the trees.
First off, handling cases of blocked ports is trivial. A simple
try/catchdoes the trick. I was simply confused by the way Chrome displayed that exception and didn't recognize it as such right away (I usually use Firefox).Secondly, the WebSockets API Specification explicitly states that
If port is a port to which the user agent is configured to block access, then throw a SECURITY_ERR exception. (User agents typically block access to well-known ports like SMTP.)
What ports exactly are meant by that appears to be up to the browser's Websocket implementation. My tests have shown that Chrome and Safari block the following ports (only ports below 1024 were tested):
- 1: TCPMUX
- 7: Echo Protocol
- 9: Discard Protocol
- 11: systat service
- 13: Daytime Protocol
- 15: Netstat service
- 17: Quote of the Day
- 19: Character Generator Protocol
- 20: FTP
- 21: FTP
- 22: SSH
- 23: Telnet
- 25: SMTP
- 37: TIME protocol
- 42: nameserver/WINS
- 43: WHOIS
- 53: DNS
- 77: RJE Service
- 79: Finger
- 87: link
- 95: supdup
- 101: NIC host name
- 102: ISO-TSAP
- 103: gppitnp
- 104: ACR/NEMA
- 109: POP2
- 110: POP3
- 111: SunRPC
- 113: ident
- 115: SFTP
- 117: UUCP Path Service
- 119: NNTP
- 123: NTP
- 135: Microsoft EPMAP
- 139: NetBIOS Session Service
- 143: IMAP
- 179: BGP
- 389: LDAP
- 465: Cisco protocol
- 512: comsat
- 513: rlogin
- 514: Syslog
- 515: Line Printer Daemon
- 526: tempo
- 530: RPC
- 531: IRC
- 532: netnews
- 540: UUCP
- 556: RFS
- 563: NNTPS
- 587: SMTP
- 601: unknown
- 636: LDAPS
- 993: IMAPS
- 995: POP3S
The associated services are taken from the list of TCP and UDP port numbers on Wikipeda.
讨论(0)
加载中...
- 热议问题