Why would Roblox want to block a VPN protocol? It makes no sense to me.
Their new terms of service prohibits using VPNs. It looks like Roblox is enforcing it.
IIRC, even Chrome and Firefox restrict accessing content from a large number of ports under 1024. SoâŚwe still have like 98% of all ports available for use. Sounds good to me.
2 Likes
You can find a list of all the ports that Chrome blocks at https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/net/base/port_util.cc
Will Discord webhooks be affected by this?
The Roblox Terms of Use, which includes the updated Roblox Community Standards does not prevent the use of VPNs. It prevents the use of VPNs âto mask your location in order to gain unauthorized access to the Roblox platform, a specific feature, or another userâs accountâ. This changed in the revision.
This change affects only OpenVPN and not Wireguard or any other the other VPN protocols out there. Nor does it change the question I asked before
Who in the world is trying to get terminal access via the public IP of the container and not just using vpn.roblox.com or awsvpn.roblox.com or any number of entry-points to hit the actual physical server and going into the container that way, pushing it a SSH connection. That is an odd note which should be clarified, âpreventing abuseâ is an odd move here.
1 Like
But they now allow VPNs when playing Roblox, they announced the change of thier TOS in Twitter or something.
No they wonât be affected. Discord webhooks are having issues currently, though thatâs entirely unrelated to this change (which wonât even happen until the date state in this announcement).
Effectively any public REST endpoint you might want to hit will be using the default HTTP or HTTPS port and be unaffected by this.
6 Likes
This change does not affect me at all.
However out of curiosity, why? Just want to know from a technical perspective, would be awesome to chat about the technical details. What is the potential security implication of allowing IANA reserved ports, how does it improve the security of Roblox game servers?
You could potentially probe services listening on these ports, but thatâs not really a security issue, more of an issue ending up in bad rep lists, you could just use nmap for better results.
Quoted from rfc6335:
Assignment of a service name or port number does not in any way imply
an endorsement of an application or product, and the fact that
network traffic is flowing to or from an assigned port number does
not mean that it is âgoodâ traffic, or even that it is used by the
assigned service. Firewall and system administrators should choose
how to configure their systems based on their knowledge of the
traffic in question, not based on whether or not there is an assigned
service name or port number.
Per the above standard, there should be no security implication, incoming packets should be inspected by a firewall, which would de-encapsulate the packet, detect the application-level data is HTTP, drop the packet, and then send a RST probably.
Web browsers block some of the reserved ports, as theyâre built for end users.
A HTTP service listening on a reserved port isnât necessarily safer than a HTTP service on an unassigned port. On Windows Server, a non-administrator user can create a socket listening on a reserved port. On Linux, you do need to initiate it with root iirc, however on both youâd probably need local administrator/root permissions anyway to open the port on the hbfw and serve your malicious content.Also if you gain low-priv access to a server, there is a much greater ROI for just trying to move laterally through the network.
10 Likes
When accessing the internet, you use ports along with the IP within the packet/data being sent.
Ports prevent data being broadcast into every application on your computer. In simple, itâs a lane on a highway, except thereâs thousands of them. Without ports, the internet connection to your computer would be a one-way road and the data wouldnât know what application to hit.
Every âportâ is formatted a little differently and is for different things. For example, IMAP is a port used for emailing servers.
I think the reason ROBLOX is preventing any ports except 80 and 443 below 1024 is because thereâs a lot of number ports below 1024 that can be more easily used with malicious intent. (Most ports below 1024 sadly are used often, so it is at the same time pretty limiting)
The data limit is certainly to both help ROBLOXâs servers and prevent spamming.
Of course if you are a major developer, your game can probably be whitelisted to bypass these limits like you can with data stores.
For the rest of us though, it can be limiting.
3 Likes
Anyone care to explain to me why 1194? It just seems so odd to just block a specific number too
Itâs not a random number â itâs the standard port for OpenVPN. Google is your friend.
1 Like
This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.