11 Jun
2013
11 Jun
'13
2:55 p.m.
On Tue, 11 Jun 2013, Vlad Grigorescu wrote:
We got hit with this in September. UDP/19 became our most busiest port overnight. Most of the systems participating were printers. We dropped it at the border, and had no complaints or ill effects.
Dropping the TCP and UDP "small services" like echo (not ICMP echo), chargen and discard as part of default firewall / filter policies probably isn't a bad idea. Those services used to be enabled by default on Cisco routers, but that hasn't been since probably around 11.3 (mid-late 90s). Other than providing another DDoS vector, I'm not aware of any legitimate reason to keep these services running and accessible. As always, YMMV. jms