Incoming SSDP UDP 1900 filtering

• Subject: Incoming SSDP UDP 1900 filtering
• From: bill at herrin.us (William Herrin)
• Date: Thu, 11 Apr 2019 13:28:58 -0700
• In-reply-to: <[email protected]>
• References: <[email protected]> <[email protected]> <[email protected]> <CAL9Qcx7wCx7Ox5xC_JgxqPjYDkLrBr4jaZTx+DdM90H00yr2-w@mail.gmail.com> <30abd3bdd62849b9a040165caf0d386b@BN8PR07MB6084.namprd07.prod.outlook.com> <[email protected]> <[email protected]> <[email protected]>

On Thu, Apr 11, 2019 at 12:52 PM Barry Raveendran Greene <bgreene at senki.org>
wrote:
> On Apr 11, 2019, at 10:08, Patrick McEvilly <patrick_mcevilly at harvard.edu>
wrote:
>> They are refusing to remove the tcp port 1900 filter without
dispensation from the DDoS security gods. I understand blocking UDP 1900,
what is the purpose of Level3 filtering tcp port 1900?
>
>
http://www.senki.org/operators-security-toolkit/filtering-exploitable-ports-and-minimizing-risk-to-and-from-your-customers/

Which calls out UDP port 1900, not TCP port 1900. I would ask any who don't
know the difference to stay away from their router's ACLs.

Blocking TCP 1900 except as a destination in the initial SYN packet breaks
TCP. Do that and you DO get customer complaints. Like Patrick's.

Regards.
Bill Herrin

-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190411/a877b1f0/attachment.html>

• References:
  • Incoming SSDP UDP 1900 filtering
    • From: patrick_mcevilly at harvard.edu (Patrick McEvilly)
  • Incoming SSDP UDP 1900 filtering
    • From: bgreene at senki.org (Barry Raveendran Greene)

• Prev by Date: Incoming SSDP UDP 1900 filtering
• Next by Date: Incoming SSDP UDP 1900 filtering
• Previous by thread: Incoming SSDP UDP 1900 filtering
• Next by thread: Incoming SSDP UDP 1900 filtering
• Index(es):
  • Date
  • Thread