CODESYS - the IEC 61131-3 automation software
https://forum.codesys.com/

Disable UDP Broadcast
https://forum.codesys.com/viewtopic.php?f=11&t=9493
Page 1 of 1

Author:  ABrunner [ Mon Feb 04, 2019 9:55 am ]
Post subject:  Disable UDP Broadcast

Dear Codesys community

Is it possible to disable the UDP Broadcast on the ports 1740-1743? Since they cause 50% of the whole traffic on a customer's network over UMTS and he naturally has to pay for it.
My first thought was a firewall, which is not practical and too expensive because there are several of these stations.
On my search I found the Whitepaper with a short list of Ports, where it says these ports are not reconfigurable but not entirely disableable.
So does anyone have an idea how to solve this?

German:
Ist es möglich den UDP Broadcast, auf den Ports 1740-1743, auszuschalten? Sie verursachen 50% des gesamten trafic auf dem Kundennetz, welches über UMTS angebunden ist und muss dies natürlich zahlen.
Mein erster Gedanke war eine Firewall einzubauen, was aber nicht zahlbar wäre, da es mehrere solcher Stationen gibt. Auf meiner Suche nach einer Lösung habe ich das Whitepaper gefunden mit einer Auflistung der ports, in der steht, dass genau diese Ports nicht veränderbar sind aber nicht komplet abschaltbar.
Hat Irgendwer eine Idee wie ich das Lösen könnte?

Author:  dFx [ Mon Feb 04, 2019 11:01 am ]
Post subject:  Re: Disable UDP Broadcast

What protocol are you using over TCP/UDP ?
How is your network config (static, dynamic) ?

If you don't need them, you may want to disable any adressing services that may run on your plc, and switching your adressing to static mode.

Sniffing with wireshark may also give some clues about what protocol are spaming.

Author:  ABrunner [ Mon Feb 04, 2019 1:04 pm ]
Post subject:  Re: Disable UDP Broadcast

I don't transmit anything on purpose. The PLC is searching with these packages for an active Codesys and would connect, if it found something.
There are 4 packages, sometimes 8 and are transmitted every minute. They are called UDP Runtime communication in the whitelist paper.
The Network is static.

Could I configure the PLC, so it may only connect to 1 single address for updating its program? It would expect the Codesys only at that address and wouldn't search for it via broadcast. At least in my understanding.

Author:  dFx [ Mon Feb 04, 2019 1:59 pm ]
Post subject:  Re: Disable UDP Broadcast

Assuming this is a UMTS router, there's something I don't get.
If you are using a UMTS router, and broadcast is passing through the router, that would mean that the other interface of the router is on the same LAN segment, in respect of the broadcast address.

Are you trying to communicate via your UMTS router in the same subnet ? So the router would be acting as a gateway only ?
If so, this could be addressed using different subnet and configuring the right gateway setting on your PLC.


EDIT: What is the broadcast address of your UDP SPAM packet ?

Author:  ABrunner [ Mon Feb 04, 2019 2:25 pm ]
Post subject:  Re: Disable UDP Broadcast

I'm sorry i didn't specify that.
The UMTS router has a build in VPN function to another router in another building. So everything is in the same Subnet.
No Communication from the PLC is needed, but a unix system is runing in the same device and also the same physical port with 2 IPs, and communicates via IEC 60870-104.

The destination of the broadcast is 255.255.255.255.

I guess you just told me a vayable solution. I configurate the Gateway of the PLC in another subnet so the Packages won't go over the VPN router. If i would access it I'd just need to set my PC to that new subnet.
I'll try that.

Thank you for your time and help.

Author:  dFx [ Mon Feb 04, 2019 2:51 pm ]
Post subject:  Re: Disable UDP Broadcast

With a broadcast address of 255.255.255.255, it targets all LAN nodes ( and will still go through your router's VPN in my mind).
If you don't manage to restrain this broadcast address, and can't apply some filters in your router, the only solution I see (appart from having support from mods like @Edwin) is placing a cheap router that will do the filtering job between your plc and router (as router discards 255.255.255.255 broadcast messages, see more in the linked page).

This may help also : https://community.cisco.com/t5/other-network-architecture/broadcast-address-and-255-255-255-255/m-p/317057/highlight/true#M116980

Author:  ABrunner [ Mon Feb 04, 2019 3:08 pm ]
Post subject:  Re: Disable UDP Broadcast

You're right. It'd go to through.
Do you know how I could contact a mod?

Author:  dFx [ Mon Feb 04, 2019 3:37 pm ]
Post subject:  Re: Disable UDP Broadcast

Try to yell them ;) (no clue how)

Page 1 of 1 All times are UTC+01:00
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/