EN
Русский
UDP
Web
Port 443 (QUIC/HTTP3)
Learn about port 443 (QUIC/HTTP3) - security risks, vulnerabilities, and common uses. Find devices with port 443 open.
Quick Info
Port Number
443
Protocol
UDP
Service
QUIC/HTTP3
IANA Name
QUIC/HTTP3
Service Description
Network port 443 UDP is primarily used for the QUIC (Quick UDP Internet Connections) protocol, which underlies HTTP/3. QUIC is a general-purpose transport protocol designed to provide secure, multiplexed connections over UDP. It was developed by Google and has been standardized by the IETF. Unlike TCP-based HTTP/2, HTTP/3 leveraging QUIC avoids head-of-line blocking at the TCP layer, enabling faster page load times and improved performance, especially under lossy network conditions. QUIC incorporates TLS 1.3 for encryption and authentication, ensuring secure communication.
At a technical level, QUIC works by establishing a connection between a client and server, negotiating a shared secret using a handshake process similar to TLS. Once the connection is established, data is transmitted in packets over UDP. QUIC handles connection migration, allowing connections to survive changes in IP address without interruption. It also incorporates forward error correction (FEC) mechanisms to mitigate packet loss. The protocol employs a congestion control algorithm to prevent network congestion and ensure fair bandwidth allocation. HTTP/3 uses QUIC's features to deliver web content, replacing TCP with UDP for the transport layer and enabling multiple streams of data to be transmitted concurrently within a single connection.
## Firewall Recommendations
Blocking port 443 UDP will prevent QUIC/HTTP/3 traffic, potentially degrading the performance of websites that rely on this protocol. However, if you have security concerns or legacy systems that are incompatible with QUIC, blocking the port might be a necessary security measure. When allowing port 443 UDP, it is crucial to ensure that your QUIC implementations are up-to-date with the latest security patches to mitigate known vulnerabilities. Implement rate limiting to prevent amplification attacks. Employ intrusion detection and prevention systems (IDS/IPS) to monitor QUIC traffic for malicious activity. Consider using a web application firewall (WAF) that supports HTTP/3 to provide an additional layer of security. Regularly review and update your firewall rules to adapt to evolving threats.
At a technical level, QUIC works by establishing a connection between a client and server, negotiating a shared secret using a handshake process similar to TLS. Once the connection is established, data is transmitted in packets over UDP. QUIC handles connection migration, allowing connections to survive changes in IP address without interruption. It also incorporates forward error correction (FEC) mechanisms to mitigate packet loss. The protocol employs a congestion control algorithm to prevent network congestion and ensure fair bandwidth allocation. HTTP/3 uses QUIC's features to deliver web content, replacing TCP with UDP for the transport layer and enabling multiple streams of data to be transmitted concurrently within a single connection.
## Firewall Recommendations
Blocking port 443 UDP will prevent QUIC/HTTP/3 traffic, potentially degrading the performance of websites that rely on this protocol. However, if you have security concerns or legacy systems that are incompatible with QUIC, blocking the port might be a necessary security measure. When allowing port 443 UDP, it is crucial to ensure that your QUIC implementations are up-to-date with the latest security patches to mitigate known vulnerabilities. Implement rate limiting to prevent amplification attacks. Employ intrusion detection and prevention systems (IDS/IPS) to monitor QUIC traffic for malicious activity. Consider using a web application firewall (WAF) that supports HTTP/3 to provide an additional layer of security. Regularly review and update your firewall rules to adapt to evolving threats.
Security Information
While QUIC/HTTP/3 provides enhanced security features like mandatory encryption with TLS 1.3, it still presents security risks. A primary concern is the increased attack surface due to its complexity and reliance on UDP. Amplification attacks are a potential risk, where attackers can send small UDP packets to a server, which then responds with much larger packets, overwhelming the target. Another risk involves vulnerabilities in QUIC implementations, which could be exploited to gain unauthorized access or cause denial-of-service. Because QUIC handles many functions previously handled by the operating system's TCP stack, bugs in QUIC implementations can have significant security consequences. The relative newness of the protocol compared to TCP means that fewer vulnerabilities have been discovered and patched, making it an attractive target for attackers seeking zero-day exploits. Furthermore, the encryption can hinder network monitoring and intrusion detection systems, making it more difficult to detect malicious activity.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2023-44487 | HTTP/2 Rapid Reset DDoS Attack | Critical | Уязвимость, позволяющая запустить DDoS атаку, быстро отправляя и отменяя HTTP/2 запросы. |
| CVE-2023-49103 | Nextcloud Improper Neutralization of Special Elements used in a Command | High | Уязвимость в Nextcloud позволяющая атакующему получить доступ к конфиденциальной информации. |
| CVE-2023-4863 | Heap buffer overflow in libwebp | High | Уязвимость в libwebp, позволяющая вызвать переполнение буфера кучи. |
| CVE-2023-4762 | curl: HSTS bypass via trailing dot | Medium | Уязвимость в curl, позволяющая обойти HSTS. |
| CVE-2023-42795 | Integer overflow in the Linux kernel's xfrm_replay module | Medium | Уязвимость переполнения целого числа в модуле xfrm_replay ядра Linux. |
Common Software
- Google Chrome
- Mozilla Firefox
- Cloudflare CDN
- LiteSpeed Web Server
- nginx (с модулем QUIC)
- Caddy Web Server
- Microsoft Edge
- curl (с поддержкой QUIC)
- nghttp2
- Chromium
Find all devices with port 443 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning