In order to more closely align with Campus security practices, SDSC will be adding to its list of network services/ports that are blocked from accessing SDSC network ranges. These blocks will only affect traffic inbound from the Internet, not outbound from SDSC. The purpose is to block services that are commonly exploited and used for nefarious purposes. Below is a list of services/ports that will be blocked followed by a brief note about the service.
Note that the “ScienceDMZ” (i.e. HPC Systems) are out of scope and won’t be affected by these blocks. Also, traffic to/from UCSD Campus will not be affected.
The following ports/services will be blocked from the Internet, to SDSC, starting on April 16th, 2019:
15/tcp (netstat)
23/tcp (telnet)
42/tcp and 42/udp (Microsoft WINS)
53/tcp (DNS Zone transfers – An exception will be created for SDSC DNS servers)
69/udp (tftp)
161/udp (SNMP)
389/udp (LDAP)
514/udp (syslog)
515/tcp (lpr)
593/tcp and 593/udp (Microsoft service port)
1900/udp (UPnP)
5353/udp (Multicast DNS)