If an institution has opted in to the scheme, tcp and udp packets with a destination port number in the range 1024-63999 will be rejected where they enter an institution's network from the CUDN, subject agreed exceptions by IP address or by port. The blocking is introduced in two stages:
- A period of monitoring is undertaken to determine whether the exceptions listed below will be adequate, or whether additional exceptions are needed.
- After agreeing the exceptions with the institution's IT staff, the blocking is activated.
Based on experience to date, the exceptions in the following table are used as a starting point for most institutions. The table may be updated in the light of further experience.
Destination port/protocol |
Source port |
Source addresses |
Use | Comment |
---|---|---|---|---|
any/tcp | any | any | any | only for established tcp connections |
any/udp | less than 1024 |
any | any | (e.g. response from nameservers) |
6000/tcp 6001/tcp |
any | any | X-windows | |
8008/tcp 8080/tcp |
any | any | alternatives for http |
|
any/tcp | 20 | any | ftp-data | |
any | any | 131.111.8.0/23 131.111.3.0/24 172.16.3.0/24 |
central servers (incl. PWF) |