19 Sep
2019
19 Sep
'19
12:02 a.m.
On Thu, 19 Sep 2019 11:34:19 +1200, Peter Reutemann wrote:
'... the protocol lets devices send user datagram protocol packets that describe the device capabilities and requirements over port 3702. Devices that receive the probes can respond with replies that can be tens to hundreds of times bigger.'
General pitfall with UDP, that a packet can claim to come from any source address, and so the reply can be directed anywhere. Such protocols need to be carefully constrained. I think in this case they should only be responding to requests coming from the LAN, not from anywhere on the entire Internet.