skip to content

IT Help and Support

University Information Services
 

RFC 1122, Requirements for Internet Hosts - Communication Layers, requires that every host must implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies. All devices that are 'actively connected to the CUDN using IP' (see below) should perform this function and those devices must perform this function correctly for ICMP Echo Requests from the following Trusted Subnet:

131.111.12.0/24

Additionally, consideration should be given to allowing access to institutions' internal networks from the Computing Service internal network listed below, from which the initial investigation of network faults is often undertaken. The internal Computing Service subnet from which diagnostic testing may be performed is:

131.111.10.0/23

Notes

The Echo server function is needed to facilitate the friendly probing that is carried out by the Computing Service to identify CUDN- connected devices that are vulnerable to common attacks by hackers.

A device is 'actively connected to the CUDN using IP' if it is in a position to transmit using the IP protocol suite to the network to which it is connected, and thence to the CUDN. Elaborating some specific cases:

  • a device that is powered off is not actively connected at that time;
  • if IP transmissions from a device are prevented from reaching the CUDN, the device is not actively connected to the CUDN using IP; this might be the case if the device is connected to an institutional network that is connected to the CUDN via a firewall that does not forward traffic from the device (in simple terms, the device is not visible from the CUDN through the firewall).
  • if IP transmissions from a device that is connected via a firewall (whether or not the firewall is providing network address translation) reach the CUDN then the ICMP Echo server function must be provided, either by the device or by the firewall on the device's behalf.

However, even if the device is hidden behind a firewall so that the device's IP transmissions do not reach the CUDN, institutions are recommended to allow communication, including the ICMP Echo Requests and Replies, between the device and the Trusted Subnet (above) through the firewall to permit devices behind the firewall to be probed by the Computing Service's 'friendly probes', thereby enhancing the security of the institution's network.

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

University Wireless Service maintenance: Tuesday 21 September, 08:00–09:00

16 September 2021

The University Wireless Service will be undergoing essential maintenance between 08:00 and 09.00 on Tuesday 21 September while we apply a security software patch. This is a security update to ClearPass, which provides Wireless Service network access control. We're not expecting any disruption to service, but it should be...

Mailing list migrations from Mailman to Sympa

31 August 2021

We intend to migrate all remaining lists associated with colleges from Mailman to Sympa during the week commencing 13 September 2020. The current total is 1,567. How this will affect users of the mailing list management service Most mailing list subscribers shouldn't notice any difference. During the switchover, there will...

Managed Zone Service closedown and migration to Mythic Beasts

24 August 2021

The Managed Zone Service (MZS) is being shut down, and its data content migrated to a commercial provider, Mythic Beasts. There will be no interruption to the service, but MZS users in institutions will need to make arrangements to retain management access to their zones. What is changing? UIS set up the MZS many years ago...