nanog mailing list archives
Re: Incoming SSDP UDP 1900 filtering
From: William Herrin <bill () herrin us>
Date: Thu, 11 Apr 2019 13:24:49 -0700
On Thu, Apr 11, 2019 at 7:15 AM Patrick McEvilly < patrick_mcevilly () harvard edu> wrote:
I'm working with Level3 on a similar problem. They filter both UDP and
TCP port 1900 on our peer to them. This is blocking all connections that randomly use ephemeral tcp port 1900.
They are refusing to remove the tcp port 1900 filter without dispensation
from the DDoS security gods. I understand blocking UDP 1900, what is the purpose of Level3 filtering tcp port 1900? Hi Patrick, I ran in to this years ago with the NIPR to Internet gateway at Pearl. They were filtering about 100 TCP ports in the 1024 to 5000 range because they were commonly used for malware C&C. They insisted they were only blocking destination ports... Didn't quite get the concept that the source port on a packet traveling one way becomes the destination port on the return packet, or that 1024 to 5000 were common ephemeral source ports for both Windows and a number of firewall products. The idea of filtering only on syn-not-ack packets also failed to make contact in their craniums. Good luck with Level3. The folks at Pearl still hadn't figured it out years later when I changed jobs. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Dirtside Systems ......... Web: <http://www.dirtside.com/>
Current thread:
- Re: Incoming SSDP UDP 1900 filtering Patrick McEvilly (Apr 11)
- Re: Incoming SSDP UDP 1900 filtering Barry Raveendran Greene (Apr 13)
- Re: Incoming SSDP UDP 1900 filtering William Herrin (Apr 13)
- Re: Incoming SSDP UDP 1900 filtering William Herrin (Apr 13)
- RE: Incoming SSDP UDP 1900 filtering Keith Medcalf (Apr 13)
- Re: Incoming SSDP UDP 1900 filtering Barry Raveendran Greene (Apr 13)