Port Blocking
CETS understands that SEAS computing users collaborate with researchers from other institutions, and we are not interested in hindering this collaboration by running a full-blown firewall at our border. However, we have placed a few port blocks on our routers to help protect our users from well-known attacks. For example, we block incoming connections to the Windows file sharing ports (135, 139, 445) and the http port (80) which are popular targets for malicious activity. The https port (443) is not blocked and is recommended for serving web pages privately and securely. These rules will not prevent you from browsing the Internet.
If you are running a web server that needs to be accessible without encryption to computers outside of SEAS, we can temporarily open http port 80 specifically for your server. The person administering the server should contact CETS and provide the following information:
- The IP address and/or DNS name of the computer running the server
- The purpose of the web server
- How long http port 80 should remain open
As new viruses appear on the Internet, we might temporarily block incoming traffic to certain other ports at the SEASNet border, such as DNS, SNMP, and TFTP. Please keep in mind these port blocks only protect you from computers outside of SEASNet. These security measures will not offer protection against an infected laptop plugged into the SEAS network. For this reason, it is extremely important to stay current on all patches and antivirus software. Turning off any unnecessary services and running a local firewall will also help protect your computer.