14 DAY TRIAL // With the advent of Internet Explorer 8 Microsoft has expanded the list of ports blocked by the browser, in comparison to previous versions of IE, namely IE6 and IE7. While past releases of Internet Explorer blocked eight ports, with IE8 Microsoft has extended the list to no less than 10. This behavior is by default and is designed as an extra mitigation set up to protect end users. With its 10 blocked ports, Internet Explorer 8 trails behind rival browsers, which are blocking a more extensive list of ports.
“Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. For instance, an attacker could use HTML Forms to send a request to an unprotected mail server such that the mail server interprets the request as a poorly-formatted, but valid request, to send an email message. Such attacks are obviously interesting to spammers and other bad guys,” revealed Eric Lawrence, a program manager on the Internet Explorer team.
Lawrence revealed that IE6, IE7 and IE8 all blocked the following ports: 19 (chargen), 21 (ftp), 25 (smtp), 110 (pop3), 119 (nntp), 143 (imap2), 220 (imap3), 993 (secure imap). To this list, IE8 also added 220 and 993. “Attempts to use these ports in HTTP/HTTPS URLs will result in a connection failure. At this time, WinINET does not offer users or administrators a mechanism to block additional ports or unblock ports,” Lawrence added.
Makers of Firefox, Safari, Opera, Chrome, and Android have taken the measure of blocking more ports compared to IE8. Here is the full set, supplied by Google: 1 (tcpmux), 7 (echo), 9 (discard), 11 (systat), 13 (daytime), 15 (netstat), 17 (qotd), 19 (chargen), 20 (ftp-data),21 (ftp), 22 (ssh), 23 (telnet), 25 (smtp), 37 (time), 42 (name), 43 (nicname), 53 (domain), 77 (priv-rjs), 79 (finger), 87 (ttylink), 95 (supdup), 101 (hostriame), 102 (iso-tsap), 103 (gppitnp), 104 (acr-nema), 109 (pop2), 110 (pop3), 111 (sunrpc), 113 (auth), 115 (sftp), 117 (uccp-path), 119 (nntp), 123 (ntp), 135 (loc-srv), 139 (netbios), 143 (imap2), 179 (bgp), 389 (ldap), 465 (ssl smtp), 512 (exec), 513 (login), 514 (shell), 515 (printer), 526 (tempo), 530 (courier), 531 (chat), 532 (netnews), 540 (uucp), 556 (remotefs), 563 (ssl nntp), 587 (smtp submission), 601 (syslog), 636 (ssl ldap), 993 (ssl imap), 995 (ssl pop3), 2049 (nfs), 4045 (lockd), 6000 (X11).
Internet Explorer 8 (IE8) RTW is available for download here (for 32-bit and 64-bit flavors of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).
Firefox 3.5 RC1 for Windows is available here.
Firefox 3.5 RC1 for Linux is available here.
Firefox 3.5 RC1 for Mac OS X is available here.
The latest development milestone of Google Chrome is available for download here.
Opera 10.0 Beta is available for download here.