W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > January 2020

Re: [webrtc-pc] Use of icecandidateerror in port scanning (#2426)

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Fri, 03 Jan 2020 10:14:09 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-570528505-1578046448-sysbot+gh@w3.org>
I think we should state that ICE-TCP ports should not connect to ports on the Fetch "bad ports" list - https://fetch.spec.whatwg.org/#port-blocking
I'm not clear on exactly what should happen instead - the platform might just silently ignore the candidate, or the platform might return a NotAllowedError to AddIceCandidate or SetRemoteDescription - but we shouldn't send out a TCP SYN across the network for those ports.

For non-blocked ports, mitigation isn't that easy.

-- 
GitHub Notification of comment by alvestrand
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2426#issuecomment-570528505 using your GitHub account
Received on Friday, 3 January 2020 10:14:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:36 UTC