Until now, Google Chrome blocked access via FTP, HTTP and HTTPS to ports 69, 137, 161, 554, 1719, 1720, 1723, 5060, 5061 and 6566. Now the port is added 10080, which has already been blocking Firefox for half a year in order to prevent attacks from NAT Slipstreaming 2.0.
11 ports blocked by Google Chrome
It all started at the beginning of the year, when researchers Sammy Kamkar, Ben Seri and Gregory Vishnipolsky discovered a new version of the NAT Slipstreaming attacks. These types of failures allow malicious websites to execute scripts in the browser that allow bypass NAT firewall by sending a series of modified data packets that allows them to access any TCP and UDP port on the user’s local network. With this, an attacker can perform various types of attack, including modifying the router’s configuration and accessing services that should only be accessible locally.
This port is quite a sweet tooth because it is used as an alternative to port 80 and does not require root privileges to use it. Google has had discussions with other web browsers about whether or not to block the port, and they have only detected that software such as Amanda O VMWare vCenter use those ports, and would not be affected by the block. Google knows which ports are scanned most frequently and are susceptible to receiving this type of attack, hence they have decided to block it.
ERR_UNSAFE_PORT: the error that will appear when entering those websites
Developers will be able to continue using this port, for which they will add a policy that will allow them to bypass the blockade. With this, when the port begins to be blocked in the next versions of Chrome, and we try to access a website that uses it, we will see the ERR_UNSAFE_PORT error when trying to access it. To check if we have it blocked, we can access the URL that we want, and add a colon and the specific port that we want to test, as shown in the following image.
Thanks to this action by Google and other web browsers, it is not necessary to have to manually block ports on the firewall to prevent this type of unwanted access. It is likely that in the future they will continue blocking ports while they cannot solve the origin of this vulnerability.