On 2/26/16, 11:44 AM, "Blake Hudson" <bl...@ispn.net<mailto:bl...@ispn.net>> wrote: Jason, how do you propose to block SSDP without also blocking legitimate traffic as well (since SSDP uses a port > 1024 and is used as part of the ephemeral port range on some devices) ?
As Roland suggested, very likely via UDP/1900. This will obviously be disclosed in advance to customers and tested thoroughly. I believe a few other ISPs have already taken this step. And is this practice Open Internet friendly? Port blocking is considered a form of reasonable network management provided it can be justified by security or operational stability reasons. Of course it must also be transparently disclosed and so on. Jason
