skip to content

IT Help and Support

University Information Services
 

If an institution has opted in to the scheme, tcp and udp packets with a destination port number in the range 1024-63999 will be rejected where they enter an institution's network from the CUDN, subject agreed exceptions by IP address or by port. The blocking is introduced in two stages:

  1. A period of monitoring is undertaken to determine whether the exceptions listed below will be adequate, or whether additional exceptions are needed.
  2. After agreeing the exceptions with the institution's IT staff, the blocking is activated.

Based on experience to date, the exceptions in the following table are used as a starting point for most institutions. The table may be updated in the light of further experience.

Destination
port/protocol
Source
port
Source
addresses
Use Comment
any/tcp any any any only for established tcp connections
any/udp less than
1024
any any (e.g. response from nameservers)
6000/tcp
6001/tcp
any any X-windows  
8008/tcp
8080/tcp
any any alternatives
for http
 
any/tcp 20 any ftp-data  
any any 131.111.8.0/23
131.111.3.0/24
172.16.3.0/24
central servers
(incl. PWF)