Incoming SSDP UDP 1900 filtering

• Previous message (by thread): Incoming SSDP UDP 1900 filtering
• Next message (by thread): Incoming SSDP UDP 1900 filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 11, 2019 at 12:52 PM Barry Raveendran Greene <bgreene at senki.org>
wrote:
> On Apr 11, 2019, at 10:08, Patrick McEvilly <patrick_mcevilly at harvard.edu>
wrote:
>> They are refusing to remove the tcp port 1900 filter without
dispensation from the DDoS security gods. I understand blocking UDP 1900,
what is the purpose of Level3 filtering tcp port 1900?
>
>
http://www.senki.org/operators-security-toolkit/filtering-exploitable-ports-and-minimizing-risk-to-and-from-your-customers/

Which calls out UDP port 1900, not TCP port 1900. I would ask any who don't
know the difference to stay away from their router's ACLs.

Blocking TCP 1900 except as a destination in the initial SYN packet breaks
TCP. Do that and you DO get customer complaints. Like Patrick's.

Regards.
Bill Herrin

-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190411/a877b1f0/attachment.html>

• Previous message (by thread): Incoming SSDP UDP 1900 filtering
• Next message (by thread): Incoming SSDP UDP 1900 filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]