[187841] in North American Network Operators' Group
Re: Thank you, Comcast.
daemon@ATHENA.MIT.EDU (Livingood, Jason)
Fri Feb 26 14:32:15 2016
X-Original-To: nanog@nanog.org
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: Blake Hudson <blake@ispn.net>, NANOG list <nanog@nanog.org>
Date: Fri, 26 Feb 2016 19:32:10 +0000
In-Reply-To: <56D080EA.1000500@ispn.net>
Cc: "Mody, Nirmal" <Nirmal_Mody@cable.comcast.com>
Errors-To: nanog-bounces@nanog.org
On 2/26/16, 11:44 AM, "Blake Hudson" <blake@ispn.net<mailto:blake@ispn.net>=
> wrote:
Jason, how do you propose to block SSDP without also blocking legitimate tr=
affic as well (since SSDP uses a port > 1024 and is used as part of the eph=
emeral port range on some devices) ?
As Roland suggested, very likely via UDP/1900. This will obviously be discl=
osed in advance to customers and tested thoroughly. I believe a few other I=
SPs have already taken this step.
And is this practice Open Internet friendly?
Port blocking is considered a form of reasonable network management provide=
d it can be justified by security or operational stability reasons. Of cour=
se it must also be transparently disclosed and so on.
Jason
