Main Nav

Message from brian.david@bc.edu

We were wondering what other schools are doing with these protocol…(SSDP, NetBIOS, mDNS, etc.)

I need to make the case for blocking some of these for Faculty/Staff and Students…I was wondering about SSDP for example..

What does it break when blocked? Any feedback would be appreciated.

 

Brian J David

Network Systems Engineer

Boston College

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

I’ve blocked SSDP on my LANs and WLAN for a couple years without any issues.

 

-Brian

 

Message from neil-johnson@uiowa.edu

We don't filter it yet, but Princeton has some pretty good pages with good justifications for blocking (or getting users to disable these protocols).

For example:


The following link lays out the other protocols they filter.


-Neil

Message from dwcarder@wisc.edu

We filter mdns, slp, upnp, ssdp, etc. Many of these are ttl=1 multicasts that chew up cpu time on our routers. On the aruba system we have broadcast-filter arp and all configured since we have approx an ipv4 /18's worth of clients chattering away. Dale Thus spake Johnson, Neil M (neil-johnson@UIOWA.EDU) on Tue, Mar 13, 2012 at 02:05:22PM +0000: > We don't filter it yet, but Princeton has some pretty good pages with good justifications for blocking (or getting users to disable these protocols). > > For example: > > http://www.net.princeton.edu/filters/ssdp.html > > The following link lays out the other protocols they filter. > > http://www.net.princeton.edu/filters > > -Neil > >
Message from russ.leathe@gordon.edu

SSDP is used for SOHO when no DNS/DHCP server is present.  There are two exploits in XP that use SSDP.  Can’t remember what they are but I believe it had to do with multicast and a DOS issue.

 

We block it by default.  No issue to date.

 

Message from brian.david@bc.edu

Neil,

Thank you for the links…That is great information…It’s going to make my life much easier!!

And thank you to all who responded. Great feedback..

-Brian

 

Brian J David

Network Systems Engineer

Boston College

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Tuesday, March 13, 2012 10:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Blocking Chatty protocols

 

We don't filter it yet, but Princeton has some pretty good pages with good justifications for blocking (or getting users to disable these protocols).

 

For example:

 

 

The following link lays out the other protocols they filter.

 

 

-Neil