Main Nav

Message from brian.david@bc.edu

We were wondering what other schools are doing with these protocol…(SSDP, NetBIOS, mDNS, etc.)

I need to make the case for blocking some of these for Faculty/Staff and Students…I was wondering about SSDP for example..

What does it break when blocked? Any feedback would be appreciated.

 

Brian J David

Network Systems Engineer

Boston College

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

I’ve blocked SSDP on my LANs and WLAN for a couple years without any issues.

 

-Brian

 

Message from neil-johnson@uiowa.edu

We don't filter it yet, but Princeton has some pretty good pages with good justifications for blocking (or getting users to disable these protocols).

For example:


The following link lays out the other protocols they filter.


-Neil

Message from dwcarder@wisc.edu

We filter mdns, slp, upnp, ssdp, etc. Many of these are ttl=1 multicasts that chew up cpu time on our routers. On the aruba system we have broadcast-filter arp and all configured since we have approx an ipv4 /18's worth of clients chattering away. Dale Thus spake Johnson, Neil M (neil-johnson@UIOWA.EDU) on Tue, Mar 13, 2012 at 02:05:22PM +0000: > We don't filter it yet, but Princeton has some pretty good pages with good justifications for blocking (or getting users to disable these protocols). > > For example: > > http://www.net.princeton.edu/filters/ssdp.html > > The following link lays out the other protocols they filter. > > http://www.net.princeton.edu/filters > > -Neil > >
Message from russ.leathe@gordon.edu

SSDP is used for SOHO when no DNS/DHCP server is present.  There are two exploits in XP that use SSDP.  Can’t remember what they are but I believe it had to do with multicast and a DOS issue.

 

We block it by default.  No issue to date.

 

Message from brian.david@bc.edu

Neil,

Thank you for the links…That is great information…It’s going to make my life much easier!!

And thank you to all who responded. Great feedback..

-Brian

 

Brian J David

Network Systems Engineer

Boston College

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Tuesday, March 13, 2012 10:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Blocking Chatty protocols

 

We don't filter it yet, but Princeton has some pretty good pages with good justifications for blocking (or getting users to disable these protocols).

 

For example:

 

 

The following link lays out the other protocols they filter.

 

 

-Neil

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.