2 Jun
2016
2 Jun
'16
3:05 a.m.
Thanks Brian, I was already filtering that port for traffic outside AMPRnet.
It would not have affected us much because we forward new incoming traffic from internet
only to users who have explicitly requested this. This list now includes 10 /28 subnets
and 29 individual hosts. (189 addresses out of the 65536 address network)
All other users receive new traffic only from 44.0.0.0/8, and replies to their own
outgoing traffic.
I added this after the SNMP DDOS incident.... in case there are other problems like
this.
Ports filtered here on input from internet are:
135:139,445,1025:1028 TCP and UDP (SMB)
53 TCP and UDP (DNS)
111 UDP (portmap)
161 UDP (SNMP)
1900 (SSDP)
Rob