On Thu, Apr 11, 2019 at 12:52 PM Barry Raveendran Greene <bgre...@senki.org> wrote: > On Apr 11, 2019, at 10:08, Patrick McEvilly <patrick_mcevi...@harvard.edu> wrote: >> They are refusing to remove the tcp port 1900 filter without dispensation from the DDoS security gods. I understand blocking UDP 1900, what is the purpose of Level3 filtering tcp port 1900? > > http://www.senki.org/operators-security-toolkit/filtering-exploitable-ports-and-minimizing-risk-to-and-from-your-customers/
Which calls out UDP port 1900, not TCP port 1900. I would ask any who don't know the difference to stay away from their router's ACLs. Blocking TCP 1900 except as a destination in the initial SYN packet breaks TCP. Do that and you DO get customer complaints. Like Patrick's. Regards. Bill Herrin -- William Herrin ................ her...@dirtside.com b...@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>