Actually a little surprised to see port 25 blocked in both directions here along with 1080. It’s like saying here’s your network buuuuut it’s limited.
Though I wouldn’t recommend spawning up 25 it’s still a legitimately used port today as alike with 1080. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 25, 2019, at 07:13, Ca By <cb.li...@gmail.com> wrote: > > Blocked ssdp and move on > > Ssdp is a horrible ddos vector > > Comcast and many others already block it, because is the smart and best thing > to do > > https://www.xfinity.com/support/articles/list-of-blocked-ports > > >> On Mon, Mar 25, 2019 at 1:30 AM marcel.duregards--- via NANOG >> <nanog@nanog.org> wrote: >> Dear Community, >> >> We see more and more SSDP 'scan' in our network (coming from outside >> into our AS). Of course our client have open vulnerables boxes (last one >> is an enterprise class Synology with all defaults ports open:-)) which >> could be used as a reflection SSDP client. >> >> As SSDP is used with PnP for local LAN service discovery, we are >> thinking of: >> >> 1) educate our client (take a lot of time) >> 2) filter incoming SSDP packets (UDP port 1900 at least) in our bgp border >> >> We see option 2 as a good action to remove our autonomous systeme from >> potential sources of DDOS SSDP source toward the Internet. >> Of course this might (very few chance) open others problems with clients >> which use this port as an obfuscation port, but anyhow it would not be a >> good idea as it is a registered IANA port. >> We could think of filtering also incoming port 5000 (UPnP), but it is >> the default port that Synology decide to use (WHY???? so many trojan use >> this) for the DSM login into the UI. >> >> What do you think ? >> >> Thank, best regards, >> >> -- >> Marcel
