Disable UDP Broadcast

ABrunner
2019-02-04
2019-02-04
  • ABrunner

    ABrunner - 2019-02-04

    Dear Codesys community

    Is it possible to disable the UDP Broadcast on the ports 1740-1743? Since they cause 50% of the whole traffic on a customer's network over UMTS and he naturally has to pay for it.
    My first thought was a firewall, which is not practical and too expensive because there are several of these stations.
    On my search I found the Whitepaper with a short list of Ports, where it says these ports are not reconfigurable but not entirely disableable.
    So does anyone have an idea how to solve this?

    German:
    Ist es möglich den UDP Broadcast, auf den Ports 1740-1743, auszuschalten? Sie verursachen 50% des gesamten trafic auf dem Kundennetz, welches über UMTS angebunden ist und muss dies natürlich zahlen.
    Mein erster Gedanke war eine Firewall einzubauen, was aber nicht zahlbar wäre, da es mehrere solcher Stationen gibt. Auf meiner Suche nach einer Lösung habe ich das Whitepaper gefunden mit einer Auflistung der ports, in der steht, dass genau diese Ports nicht veränderbar sind aber nicht komplet abschaltbar.
    Hat Irgendwer eine Idee wie ich das Lösen könnte?

     
  • dFx

    dFx - 2019-02-04

    What protocol are you using over TCP/UDP ?
    How is your network config (static, dynamic) ?

    If you don't need them, you may want to disable any adressing services that may run on your plc, and switching your adressing to static mode.

    Sniffing with wireshark may also give some clues about what protocol are spaming.

     
  • ABrunner

    ABrunner - 2019-02-04

    I don't transmit anything on purpose. The PLC is searching with these packages for an active Codesys and would connect, if it found something.
    There are 4 packages, sometimes 8 and are transmitted every minute. They are called UDP Runtime communication in the whitelist paper.
    The Network is static.

    Could I configure the PLC, so it may only connect to 1 single address for updating its program? It would expect the Codesys only at that address and wouldn't search for it via broadcast. At least in my understanding.

     
  • dFx

    dFx - 2019-02-04

    Assuming this is a UMTS router, there's something I don't get.
    If you are using a UMTS router, and broadcast is passing through the router, that would mean that the other interface of the router is on the same LAN segment, in respect of the broadcast address.

    Are you trying to communicate via your UMTS router in the same subnet ? So the router would be acting as a gateway only ?
    If so, this could be addressed using different subnet and configuring the right gateway setting on your PLC.

    EDIT: What is the broadcast address of your UDP SPAM packet ?

     
  • ABrunner

    ABrunner - 2019-02-04

    I'm sorry i didn't specify that.
    The UMTS router has a build in VPN function to another router in another building. So everything is in the same Subnet.
    No Communication from the PLC is needed, but a unix system is runing in the same device and also the same physical port with 2 IPs, and communicates via IEC 60870-104.

    The destination of the broadcast is 255.255.255.255.

    I guess you just told me a vayable solution. I configurate the Gateway of the PLC in another subnet so the Packages won't go over the VPN router. If i would access it I'd just need to set my PC to that new subnet.
    I'll try that.

    Thank you for your time and help.

     
  • ABrunner

    ABrunner - 2019-02-04

    You're right. It'd go to through.
    Do you know how I could contact a mod?

     
  • dFx

    dFx - 2019-02-04

    Try to yell them (no clue how)

     

Log in to post a comment.