Internet Browsers Blocking Some Ports Due To Security Vulnerabilities. If you rely on TCP port 554, you’ll probably want to do a bit of reconfiguration.
Last year, security researchers discovered a new version of the NAT Slipstream vulnerability that allowed hackers to deploy malicious scripts to bypass a website visitor’s NAT firewall and access any TCP/UDP port on the visitor’s internal network.
If this issue sounds vaguely familiar, it’s because in internet browsers blocking isn’t the first time it has come up. When first reports of the problem, Google released Chrome 87, which began blocking HTTP and HTTPS access to TCP ports 5060 and 5061. In January of this year (2021) Google expanded its efforts, blocking HTTP, HTTPS, and FTP access to ports 69, 137, 161, 1719, 1720, 1723, and 6566.
Google has, in the past, also blocked port 554, but when they did so initially, they received push back from Enterprise users who asked to unblock the ports. Google did so but has now reversed course, and port 554 is once again on the blocked list.
Google isn’t alone
Google isn’t alone. In addition to Chrome 89, Firefox 84+ and Apple’s Safari browser are already blocking Port 554. So if you host a website on any of the ports mentioned above, you should reconfigure to allow visitors to continue to have unfettered access.
If you don’t currently utilize that port, there’s nothing to do here. If you’re not sure, you will be soon enough because you’re apt to get complaints from users who can no longer access your site or whatever web-based application you’re running that relies on it.
Despite some back and forth on the matter, this appears to be the path forward. So kudos to Mozilla, Google, and Apple for getting on the same page and putting a halt to the threat, even if it took a bit longer than usual for the browser ecosystem’s major forces to all wind up on the same page.