User profile for user: wqyu
wqyu Author
User level: Level 1
8 points

Unable to connect to the guest network because port 10080 is blocked, why no way to accept the risk and continue?

I’m really disappointed that Apple and other web browsers have decided to blocked port 10080 and not allow a user to accept the risk and continue like when a website’s SSL certificate is either issued by local host, expired or some other issue that triggers a warning letting the user know that the SSL certificate may not be a genuine certificate issued by SSL certificate authority but in theses cases a user can bypass this security warning and continue to the site if they know the site is truly the site they want to connect too.


By having port 10080 completely blocked and not a way to accept a risk and continue you are causing Wi-Fi networks to be less secure because your now forcing owners of these routers to now allow guest to access the main WiFi and not a guest WiFi.


EA6900 Linksays

iPad, iPadOS 15

Posted on May 26, 2023 5:50 AM

Reply
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
147,223 points

Posted on May 26, 2023 8:19 AM

If you want to run your own Certificate Authority, or want to trust private self-signed certs, that all works fine. Have at. Or get free certs from LetsEncrypt or other providers, if you want to avoid loading your trust root via Apple Configurator 2 app or other such. That’s also all entirely unrelated to TCP 10080 and NAT Slipstreaming.


What is slipstreaming? NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to any system behind a victim's NAT, bypassing the victim's NAT/firewall (remote arbitrary firewall pinhole control), just by the victim visiting a website.” It’s an enormous hole.


The usual recommendation for those ill-advisedly using 10080 is to move the web server to a different and safer port. TCP 443 and 8443 are common choices for web servers offering HTTPS services, of course. 8080 is a fairly common choice for HTTP connections.


Right now, changing the web server server port change, or maybe establishing port forwarding through the target web server or through some other local network server to allow indirect access to TCP port 10080 on the target web server is about the only way you’ll get to TCP 10080 from pretty much any current web browser. And I’d stay off 10080.


To put it bluntly, 10080 is a dead port.


Log some feedback with Apple (to maybe ask they add a control for this): Product Feedback - Apple


If LinkSys was implementing TCP 10080, check with them for suggestions or for firmware updates.

View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
147,223 points

May 26, 2023 8:19 AM in response to wqyu

If you want to run your own Certificate Authority, or want to trust private self-signed certs, that all works fine. Have at. Or get free certs from LetsEncrypt or other providers, if you want to avoid loading your trust root via Apple Configurator 2 app or other such. That’s also all entirely unrelated to TCP 10080 and NAT Slipstreaming.


What is slipstreaming? NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to any system behind a victim's NAT, bypassing the victim's NAT/firewall (remote arbitrary firewall pinhole control), just by the victim visiting a website.” It’s an enormous hole.


The usual recommendation for those ill-advisedly using 10080 is to move the web server to a different and safer port. TCP 443 and 8443 are common choices for web servers offering HTTPS services, of course. 8080 is a fairly common choice for HTTP connections.


Right now, changing the web server server port change, or maybe establishing port forwarding through the target web server or through some other local network server to allow indirect access to TCP port 10080 on the target web server is about the only way you’ll get to TCP 10080 from pretty much any current web browser. And I’d stay off 10080.


To put it bluntly, 10080 is a dead port.


Log some feedback with Apple (to maybe ask they add a control for this): Product Feedback - Apple


If LinkSys was implementing TCP 10080, check with them for suggestions or for firmware updates.

Reply
User profile for user: mirdi32
mirdi32
User level: Level 2
152 points

May 26, 2023 5:59 AM in response to wqyu

While it may seem convenient to have the ability to accept the risk and continue, it also poses a significant security concern. Allowing users to bypass such restrictions could potentially expose them to malicious attacks and compromise the overall network security.


Regarding your point about Wi-Fi networks being less secure, there are alternative solutions available. Many routers nowadays offer separate guest networks that allow limited access while keeping the main network secure. This way, you can still provide a separate network for guests without compromising the overall security of your Wi-Fi.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Unable to connect to the guest network because port 10080 is blocked, why no way to accept the risk and continue?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up