Support Home

Why some ports are blocked on our network

Summary

Rated:

For security reasons, some network ports are blocked on the Viasat service


A port is a communication endpoint in a network or computer system, and different ports serve as electronic ‘doors’ for different types of traffic. Internet service providers like Viasat routinely block certain ports for a variety of reasons, mostly related to security. Hackers and other cyber criminals are known to exploit certain ports, particularly ones that are little used or otherwise vulnerable.

While most customers won’t be concerned with blocked ports, some more advanced users may wish to know which ports we block and why. We’ve provided this list here with other technical details for those who’d like to know more.
 

Blocked ports
PortTransportProtocolDirectionReason
19UDPChargenInbound/OutboundThis is an antiquated protocol with a very high amplification factor in modern DDoS attacks. The protocol is blocked to prevent clients from getting attacked by bots using this protocol.
 
 
23TCPTelnetInbound/OutboundTelnet is an unencrypted and unsecure remote management protocol. Many Internet of Things devices (IP cameras, smart TVs, etc.) have management ‘back doors’ in them that cannot be closed, opening a vulnerability for attackers to remotely log into these devices. After such a connection is established, the devices are being used to conduct outbound attacks against targets in the Internet.  For remote management, please use SSH at all times.
 
53TCP & UDPDNSInbound onlyDNS is service that translates host names to IP addresses and is a requirement in order to reach web assets on the Internet. Exede clients are not authorized to host DNS servers on their home networks since it is provided by the ISP.  An attacker commonly installs rogue DNS servers on victims to route malicious traffic through. Blocking this service prevents that attack vector.
1900UDPSSDPInbound/OutboundSSDP is a port used for the universal sharing of network-enabled assets and is a primary vector for oncoming DDoS attacks.  Filtering this port proactively prevents systems from being remotely compromised by malicious worms or intruders.
 

Acronym Glossary

Chargen – Character Generator
DDoS – Distributed Denial of Service
DNS – Domain Naming Service
IoT – Internet of Things
ISP – Internet Service Provider
SSDP – Simple Service Discovery Protocol
SSH – Secure Shell
TCP – Transmission Control Protocol
UDP – Unit Datagram Protocol
 

Go to top of page