Skip to Content.
Sympa Menu

shibboleth-dev - router port filtering

Subject: Shibboleth Developers

List archive

router port filtering


Chronological Thread 
  • From: Dan Pritts <>
  • To: ,
  • Subject: router port filtering
  • Date: Wed, 30 Jul 2003 15:13:19 -0400

hi all,

In an intitial attempt to improve our network security, merit will be
implementing some filters on our router in the Ann Arbor office (DC office
router to follow). This has been under discussion for some time, and
will happen as soon as this afternoon (exact timing to be determined).

I apologize for the short notice - implementation is being rushed a bit
to attempt to band-aid the denial-of-service problems we are having with
some of the windows servers (eg, e-room).

Inbound traffic, both TCP and UDP, to the following port numbers
will be denied from all sources except the DC office, which will
remain unfiltered.

111 - rpc/portmap (used by NFS)
137-139 - NetBIOS (MS Networking)
445 - microsoft directory service (MS Networking)
1433/34 - MS SQL admin/monitor
3306 - mysql
13720/21/22/24/82/83 - veritas netbackup

traffic between our subnets (for instance, between the wired and wireless
networks) will not be affected.

each denied packet will be logged, and tsg will have access to the logs.

This should not affect most users. It will somewhat improve security
on our network, but it is far from a complete security solution.
Please do not take this as a signal that you can ignore windows system
updates, virus updates, and the like.

thanks,
danno
--
dan pritts

systems administrator 734/352-4953 office
internet2 734/834-7224 mobile

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--



  • router port filtering, Dan Pritts, 07/30/2003

Archive powered by MHonArc 2.6.16.

Top of Page