skip to primary navigationskip to content

Port blocks on the CUDN

Port blocks on the CUDN

Jump to: Institution-CUDN port blocks, Janet-CUDN port blocks

Traffic to certain ports is blocked at the Janet/CUDN gateway because there are frequent attacks from outside the CUDN to these ports. While the blocks will normally prevent all traffic to that port from entering the CUDN, it is possible that traffic will not be blocked all the time, for example while the router configuration is updated or, more unusually, if there is a hardware/software problem affecting the CUDN routers. Furthermore, the blocks will not prevent an attack from within the CUDN, for example an attack from a compromised machine connected to the CUDN. Therefore everyone who has a machine attached to the CUDN needs to ensure that their machine is up-to-date with patches and security fixes at all times, and must not rely on port blocking on the CUDN routers to protect them.

In the case of 'finger' traffic, the port is blocked so that personal data (i.e. that which is subject to the Data Protection Act), does not leave the University domain.

A small number of ports are blocked between institutional networks and the rest of the CUDN. The ports blocked are either those widely used in attacks by worms and viruses, where the blocks are intended to help contain the spread of such malware, or those where there has been a history of problems.

For many ports a list of exceptions to the block is maintained. Institutional contacts who wish a machine to be included on the exception list for a particular port should contact . It is essential that any machines that are excepted from a block are patched and have their virus protection up to date, and that the security of these machines is maintained.

Note: when exceptions are installed against addresses, the address is typically 'locked' in the IP Register database, preventing it from being rescinded.  This will show up as an 'ANAME' error.  This prevents the exemption from being transferred to a new host.

Ports blocked between institutional networks and the rest of the CUDN

Port number service TCP or UDP exceptions
135 windows RPC service tcp yes
445 microsoft-ds tcp yes
161-162 snmp udp yes

Ports blocked at the CUDN/Janet gateway

Port number service TCP or UDP exceptions incoming or outgoing
0 - tcp,udp no both
1 tcpmux tcp,udp no incoming
21 FTP tcp yes incoming
25 smtp tcp yes both
53 domain tcp, udp yes incoming
69 tftp udp no incoming
79 finger tcp yes incoming
98 linuxconf tcp yes incoming
109 pop-2 tcp yes incoming
110 pop-3 tcp yes incoming
111 rpcbind tcp, udp yes incoming
135 windows RPC service tcp, udp yes both
137 netbios-ns (Name Service) tcp, udp yes both
138 netbios-dgm (Datagram Service) tcp, udp yes both
139 netbios-ssn (Session Service) tcp, udp yes both
143 imap-2 tcp yes incoming
161-162 snmp tcp, udp no incoming
220 imap-3 tcp yes incoming
445 microsoft-ds tcp,udp yes both
465 smtps tcp yes incoming
512 rexec tcp no incoming
514 syslog udp no incoming
515 lpr tcp,udp no incoming
587 message submission tcp yes incoming
623 rmcp tcp and udp yes incoming
631 Internet Printing Protocol tcp yes incoming
664 rmcps tcp and udp yes incoming
993 imap4 over TLS/SSL tcp yes incoming
995 pop3 over TLS/SSL tcp yes incoming
1433 MS-SQL server tcp yes incoming

Last updated: 4th May 2018


If you have any enquiries regarding UIS network services, or other University network topics, please send an email to:

Getting help

UIS Service Desk
General support queries

  Phone padded  (01223 7) 62999

UAS Service Desk
Administrative staff queries

  Phone padded  (01223 3) 32999

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

UIS Service Status

Phone padded  Service status line: (01223) 463085
Website padded  Sign up for SMS/email status alerts

RSS Feed Latest news

All University members now have access to Google G Suite@Cambridge

May 07, 2019

UIS enrolled all members of the University in our Google G Suite account, known as G Suite@Cambridge, on 2 May.

Upgrade Windows 7 machines before the operating system reaches end of life on 14 January 2020

Apr 30, 2019

Microsoft will stop supporting Windows 7 on 14 January 2020. The good news is that you may be entitled to a free upgrade to Windows 10, if your institution is participating in the University's EES agreement.

View all news