Re: [webrtc-pc] Use of icecandidateerror in port scanning (#2426) from Harald Alvestrand via GitHub on 2020-01-03 (public-webrtc-logs@w3.org from January 2020)

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Fri, 03 Jan 2020 10:14:09 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-570528505-1578046448-sysbot+gh@w3.org>

I think we should state that ICE-TCP ports should not connect to ports on the Fetch "bad ports" list - https://fetch.spec.whatwg.org/#port-blocking
I'm not clear on exactly what should happen instead - the platform might just silently ignore the candidate, or the platform might return a NotAllowedError to AddIceCandidate or SetRemoteDescription - but we shouldn't send out a TCP SYN across the network for those ports.

For non-blocked ports, mitigation isn't that easy.

-- 
GitHub Notification of comment by alvestrand
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2426#issuecomment-570528505 using your GitHub account

Received on Friday, 3 January 2020 10:14:11 UTC