Shibboleth Developers

[Dan Pritts <>]

hi all,

In an intitial attempt to improve our network security, merit will be
implementing some filters on our router in the Ann Arbor office (DC office
router to follow).   This has been under discussion for some time, and
will happen as soon as this afternoon (exact timing to be determined).

I apologize for the short notice - implementation is being rushed a bit
to attempt to band-aid the denial-of-service problems we are having with
some of the windows servers (eg, e-room).

Inbound traffic, both TCP and UDP, to the following port numbers 
will be denied from all sources except the DC office, which will
remain unfiltered.

 111     - rpc/portmap (used by NFS)
 137-139 - NetBIOS (MS Networking)
 445     - microsoft directory service (MS Networking)
 1433/34 - MS SQL admin/monitor
 3306    - mysql
 13720/21/22/24/82/83 - veritas netbackup

traffic between our subnets (for instance, between the wired and wireless
networks) will not be affected.

each denied packet will be logged, and tsg will have access to the logs.

This should not affect most users.  It will somewhat improve security
on our network, but it is far from a complete security solution. 
Please do not take this as a signal that you can ignore windows system 
updates, virus updates, and the like.

thanks,
danno
--
dan pritts                                       

systems administrator                            734/352-4953 office
internet2                                        734/834-7224 mobile

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--