I've blocked SSDP on my LANs and WLAN for a couple years without any issues.
-Brian
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian David
Sent: Tuesday, March 13, 2012 8:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
We don't filter it yet, but Princeton has some pretty good pages with good
justifications for blocking (or getting users to disable these protocols).
For example:
http://www.net.princeton.edu/filters/ssdp.html
The following link lays out the other protocols they filter.
We filter mdns, slp, upnp, ssdp, etc. Many of these are ttl=1 multicasts
that chew up cpu time on our routers.
On the aruba system we have broadcast-filter arp and all configured since
we have approx an ipv4 /18's worth of clients chattering away.
Dale
Thus spake Johnson, Neil M
SSDP is used for SOHO when no DNS/DHCP server is present. There are two
exploits in XP that use SSDP. Can't remember what they are but I believe it
had to do with multicast and a DOS issue.
We block it by default. No issue to date.
From: The EDUCAUSE Wireless Issues Constituent Group
Neil,
Thank you for the links...That is great information...It's going to make my
life much easier!!
And thank you to all who responded. Great feedback..
-Brian
Brian J David
Network Systems Engineer
Boston College
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
