V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
selfcreditgiving
V2EX  ›  Docker

docker port 10080 映射不了

  •  
  •   selfcreditgiving · 2021-12-02 13:00:40 +08:00 · 1667 次点击
    这是一个创建于 1088 天前的主题,其中的信息可能已经有所发展或是发生改变。

    今天测试 docker-compose.yml 文件。发现一个很奇怪的问题,把 express 容器的端口映射到 10080

    docker-compose up -d 都正常没有报错,但是使用 10080 端口就是访问不了。

    docker exec 进入 容器里面 用 curl 直接访问容器内的端口也是正常的。

    一直想是不是程序哪里弄错了,后面找不出 bug 没办法一通乱试,最后换一个端口 49160 竟然就可以了。

    google 一下 port 10080 关键字 才发现是 chrome 把 10080 端口给封了。

    还有很多其他端口也是。(见下面链接)

    https://www.bleepingcomputer.com/news/security/google-chrome-blocks-port-10080-to-stop-nat-slipstreaming-attacks/

    Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks By Lawrence Abrams April 8, 2021 04:50 PM 0 Google Chrome

    Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.

    Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.

    Using these vulnerabilities, threat actors can perform a wide range of attacks, including modifying router configurations and gaining access to private network services.

    Illustration of the NAT Slipstreaming 2.0 attack Demonstration of a NAT Slipstreaming 2.0 attack As this vulnerability only works on specific ports monitored by a router's Application Level Gateway (ALG), browser developers have been blocking vulnerable ports that do not receive a lot of traffic.

    Currently, Google Chrome is blocking FTP, HTTP, and HTTPS access on ports 69, 137, 161, 554, 1719, 1720, 1723, >5060, 5061, and 6566.

    Today, Google has stated that they intend to block TCP port 10080 in Chrome, which Firefox has already blocked since November 2020.

    我想,浏览器要屏蔽端口,是不是应该有个什么提示会友好点呢?

    仔细看 chrome 的错误页面,还真有个提示:ERR_UNSAFE_PORT 这个提示也太不明显了。。。

    chrome-port-10080

    4 条回复    2021-12-02 15:52:07 +08:00
    ijrou
        1
    ijrou  
       2021-12-02 13:33:00 +08:00
    我觉得很清晰了,毕竟这是给开发者看的,unsafe_port
    CEBBCAT
        2
    CEBBCAT  
       2021-12-02 14:11:56 +08:00
    这贴发得有点水
    cinhoo
        3
    cinhoo  
       2021-12-02 14:14:23 +08:00
    This address is restricted

    This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.

    Firefox 的提示
    selfcreditgiving
        4
    selfcreditgiving  
    OP
       2021-12-02 15:52:07 +08:00
    @CEBBCAT @ijrou

    80 端口映射成 10080 用于测试,这个概率很大吧。

    如果 chrome 的提示这么不明显,不是耽误我时间嘛。而且提示的中文部分也不对, “网页暂时无法连接” 和 端口是被他自己故意屏蔽了这个事情都对不上。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2833 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 57ms · UTC 09:26 · PVG 17:26 · LAX 01:26 · JFK 04:26
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.