Incoming SSDP UDP 1900 filtering

• Previous message (by thread): Incoming SSDP UDP 1900 filtering
• Next message (by thread): Incoming SSDP UDP 1900 filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 11, 2019 at 7:15 AM Patrick McEvilly <
patrick_mcevilly at harvard.edu> wrote:
> I'm working with Level3 on a similar problem.  They filter both UDP and
TCP port 1900 on our peer to them.  This is blocking all connections that
randomly use ephemeral tcp port 1900.
>
> They are refusing to remove the tcp port 1900 filter without dispensation
from the DDoS security gods. I understand blocking UDP 1900, what is the
purpose of Level3 filtering tcp port 1900?

Hi Patrick,

I ran in to this years ago with the NIPR to Internet gateway at Pearl. They
were filtering about 100 TCP ports in the 1024 to 5000 range because they
were commonly used for malware C&C. They insisted they were only blocking
destination ports... Didn't quite get the concept that the source port on a
packet traveling one way becomes the destination port on the return packet,
or that 1024 to 5000 were common ephemeral source ports for both Windows
and a number of firewall products. The idea of filtering only on
syn-not-ack packets also failed to make contact in their craniums.

Good luck with Level3. The folks at Pearl still hadn't figured it out years
later when I changed jobs.

Regards,
Bill Herrin

 --
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190411/34d4cfe0/attachment.html>

• Previous message (by thread): Incoming SSDP UDP 1900 filtering
• Next message (by thread): Incoming SSDP UDP 1900 filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]