There is a steady stream of UDP packets coming into my local network from some random internet address. The UDP packets are all destined for 255.255.255.255. For some reason the firewall on my Comcast gateway doesn't block this even when running in NAT mode. WTF? So I'm seeing all this traffic bleed through onto my LAN and every device is getting hit with the rogue UDP traffic. I have configured the firewall on most of the LAN devices to drop the packets but that doesn't fix the fact that it's spilling into my LAN. This is a static IP account so I can't solve this by just grabbing a new WAN IP from my ISP.

So here's the question. I'm considering asking my ISP to block this upstream. My request would be to block all traffic destined for 255.255.255.255 on my network. Would I regret doing that? Can anyone think of any legitimate reason to allow internet traffic to hit the broadcast IP on my public subnet?

Nope, there is no reason why you shouldn't block this, I can't think of any internet protocol that requires it, its just too inefficient a way of communicating.

Can you not block this on your router?

If it is udp then consider blocking all udp.

Hi Pete. Thanks for the reply. I'm the unfortunate recipient of a Comcast SMC cable modem. The price and speed is the best I can find in Sacramento but the modem has the worst firewall in the world. It has two settings, on and off. The broadcast packets just pass right through in both cases. I'm now filtering this using my own firewall but I'd rather the ISP absorb the unwanted packets especially when a single static firewall rule would do the trick on their end.

Again, thanks for the confirmation about blocking inbound 255.255.255.255. Been blocking it since last night. So far so good.

-Throes