Add two vulnerable ports to QUIC blocked list Also fix a typo in the NETBIOS Datagram Service port number. I believe this change to be sufficiently low-impact and low-risk to not require flag protection. PiperOrigin-RevId: 446011131

commit: e4421f28b6819c95d18c7105828f35759940ef1c [log] [tgz]
author: dschinazi <dschinazi@google.com> Mon May 02 13:10:42 2022 -0700
committer: Copybara-Service <copybara-worker@google.com> Mon May 02 13:11:27 2022 -0700
tree: c39b0d41b7b8ae815d0b39b1e6ea419e5f6fe066
parent: 77e65bf7279c56ee7ff1555d158226fff9cd192d [diff]
diff --git a/quiche/quic/core/quic_dispatcher.cc b/quiche/quic/core/quic_dispatcher.cc
index 2e4d38e..38a3cb6 100644
--- a/quiche/quic/core/quic_dispatcher.cc
+++ b/quiche/quic/core/quic_dispatcher.cc

@@ -504,12 +504,14 @@
       111,    // Portmap.
       123,    // NTP, vulnerable to reflection attacks.
       137,    // NETBIOS Name Service,
-      128,    // NETBIOS Datagram Service
+      138,    // NETBIOS Datagram Service
       161,    // SNMP.
       389,    // CLDAP.
       500,    // IKE, can loop with QUIC.
       1900,   // SSDP, vulnerable to reflection attacks.
+      3702,   // WS-Discovery, vulnerable to reflection attacks.
       5353,   // mDNS, vulnerable to reflection attacks.
+      5355,   // LLMNR, vulnerable to reflection attacks.
       11211,  // memcache, vulnerable to reflection attacks.
               // This list MUST be sorted in increasing order.
   };
commit	e4421f28b6819c95d18c7105828f35759940ef1c	[log] [tgz]
author	dschinazi <dschinazi@google.com>	Mon May 02 13:10:42 2022 -0700
committer	Copybara-Service <copybara-worker@google.com>	Mon May 02 13:11:27 2022 -0700
tree	c39b0d41b7b8ae815d0b39b1e6ea419e5f6fe066
parent	77e65bf7279c56ee7ff1555d158226fff9cd192d [diff]