[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Incoming SSDP UDP 1900 filtering

On Thu, Apr 11, 2019 at 12:52 PM Barry Raveendran Greene <bgreene at senki.org>
> On Apr 11, 2019, at 10:08, Patrick McEvilly <patrick_mcevilly at harvard.edu>
>> They are refusing to remove the tcp port 1900 filter without
dispensation from the DDoS security gods. I understand blocking UDP 1900,
what is the purpose of Level3 filtering tcp port 1900?

Which calls out UDP port 1900, not TCP port 1900. I would ask any who don't
know the difference to stay away from their router's ACLs.

Blocking TCP 1900 except as a destination in the initial SYN packet breaks
TCP. Do that and you DO get customer complaints. Like Patrick's.

Bill Herrin

William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190411/a877b1f0/attachment.html>