Livingood, Jason wrote on 2/26/2016 9:12 AM:
FWIW, Comcast's list of blocked ports is at
http://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports/.
The suspensions this week are in direct response to reported abuse from
amplification attacks, which we obviously take very seriously.
We are in the process of considering adding some new ports to this block list
right now, and one big suggestion is SSDP. If you have any others you wish to
suggest please send them to me and the guy on the cc line (Nirmal Mody).
Thanks!
Jason
Jason, how do you propose to block SSDP without also blocking legitimate
traffic as well (since SSDP uses a port > 1024 and is used as part of
the ephemeral port range on some devices) ? Is the downside of blocking
(admittedly a small amount of) legitimate user traffic worth the upside?
And is this practice /Open Internet/ friendly?
--Blake
