skip to primary navigationskip to content
 

Technical summary of port blocking for high-numbered incoming ports

If an institution has opted in to the scheme, tcp and udp packets with a destination port number in the range 1024-63999 will be rejected where they enter an institution's network from the CUDN, subject agreed exceptions by IP address or by port. The blocking is introduced in two stages:

  1. A period of monitoring is undertaken to determine whether the exceptions listed below will be adequate, or whether additional exceptions are needed.
  2. After agreeing the exceptions with the institution's IT staff, the blocking is activated.

Based on experience to date, the exceptions in the following table are used as a starting point for most institutions. The table may be updated in the light of further experience.

Destination
port/protocol
Source
port
Source
addresses
UseComment
any/tcp any any any only for established tcp connections
any/udp less than
1024
any any (e.g. response from nameservers)
6000/tcp
6001/tcp
any any X-windows
8008/tcp
8080/tcp
any any alternatives
for http
any/tcp 20 any ftp-data
any any 131.111.8.0/23
131.111.3.0/24
172.16.3.0/24
central servers
(incl. PWF)

Contact

If you have any enquiries regarding UIS network services, or other University network topics, please send an email to: