Internet Explorer and port 220

A classic case of “a Microsoft update broke my server”. We have a web service hosted on port 220 on IIS. The web service is used extensively and has been working for about 4 years without any hazzles.

At the begging of the month as per normal process our IT department rolled the latest MS patches and updates and low and behold our service stops working. I tried various things to just log the error, but when you browse to the site in IE it just appears that the site is down. I changed the port number and all worked fine.

After a couple of days I fire up my default browser (Chrome) and browse to the site and it works fine. So it seemed that IE was blocking the call and not IIS. Some Google searches later and I found one of MS undocumented “features”.

It turns out that IE8 has added ports 220 and 993 to the list of ports it blocks for their potential to be used in cross-protocol forgery attacks. The full list for IE is now:

19 (chargen), 21 (ftp), 25 (smtp), 110 (pop3), 119 (nntp), 143 (imap2), 220 (imap3), 993 (secure imap)

Leave a Reply

Your email address will not be published. Required fields are marked *