nanog mailing list archives
Re: Incoming SSDP UDP 1900 filtering
From: Jason Hellenthal via NANOG <nanog () nanog org>
Date: Mon, 25 Mar 2019 07:33:30 -0500
Actually a little surprised to see port 25 blocked in both directions here along with 1080. It’s like saying here’s your network buuuuut it’s limited. Though I wouldn’t recommend spawning up 25 it’s still a legitimately used port today as alike with 1080. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Mar 25, 2019, at 07:13, Ca By <cb.list6 () gmail com> wrote: Blocked ssdp and move on Ssdp is a horrible ddos vector Comcast and many others already block it, because is the smart and best thing to do https://www.xfinity.com/support/articles/list-of-blocked-portsOn Mon, Mar 25, 2019 at 1:30 AM marcel.duregards--- via NANOG <nanog () nanog org> wrote: Dear Community, We see more and more SSDP 'scan' in our network (coming from outside into our AS). Of course our client have open vulnerables boxes (last one is an enterprise class Synology with all defaults ports open:-)) which could be used as a reflection SSDP client. As SSDP is used with PnP for local LAN service discovery, we are thinking of: 1) educate our client (take a lot of time) 2) filter incoming SSDP packets (UDP port 1900 at least) in our bgp border We see option 2 as a good action to remove our autonomous systeme from potential sources of DDOS SSDP source toward the Internet. Of course this might (very few chance) open others problems with clients which use this port as an obfuscation port, but anyhow it would not be a good idea as it is a registered IANA port. We could think of filtering also incoming port 5000 (UPnP), but it is the default port that Synology decide to use (WHY???? so many trojan use this) for the DSM login into the UI. What do you think ? Thank, best regards, -- Marcel
Current thread:
- Re: Incoming SSDP UDP 1900 filtering, (continued)
- Re: Incoming SSDP UDP 1900 filtering Sean Donelan (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Tom Hill (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Tom Beecher (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Bryan Holloway (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Sean Donelan (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Saku Ytti (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Tom Beecher (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Sean Donelan (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Jason Hellenthal via NANOG (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Ca By (Mar 25)
- Re: Incoming SSDP UDP 1900 filtering Hansen, Christoffer (Mar 25)