Thank you, Comcast.

Livingood, Jason Jason_Livingood at comcast.com
Fri Feb 26 19:32:10 UTC 2016


On 2/26/16, 11:44 AM, "Blake Hudson" <blake at ispn.net<mailto:blake at ispn.net>> wrote:
Jason, how do you propose to block SSDP without also blocking legitimate traffic as well (since SSDP uses a port > 1024 and is used as part of the ephemeral port range on some devices) ?

As Roland suggested, very likely via UDP/1900. This will obviously be disclosed in advance to customers and tested thoroughly. I believe a few other ISPs have already taken this step.

And is this practice Open Internet friendly?

Port blocking is considered a form of reasonable network management provided it can be justified by security or operational stability reasons. Of course it must also be transparently disclosed and so on.

Jason


More information about the NANOG mailing list