Thank you, Comcast.

Blake Hudson blake at ispn.net
Fri Feb 26 16:44:26 UTC 2016


Livingood, Jason wrote on 2/26/2016 9:12 AM:
> FWIW, Comcast's list of blocked ports is at http://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports/. The suspensions this week are in direct response to reported abuse from amplification attacks, which we obviously take very seriously.
>
> We are in the process of considering adding some new ports to this block list right now, and one big suggestion is SSDP. If you have any others you wish to suggest please send them to me and the guy on the cc line (Nirmal Mody).
>
> Thanks!
> Jason
>
>

Jason, how do you propose to block SSDP without also blocking legitimate 
traffic as well (since SSDP uses a port > 1024 and is used as part of 
the ephemeral port range on some devices) ? Is the downside of blocking 
(admittedly a small amount of) legitimate user traffic worth the upside? 
And is this practice /Open Internet/ friendly?

--Blake


More information about the NANOG mailing list