LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

April 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS April 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: [Offtopic] Nintendo Wii
From:	"Joyce, Todd N" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Thu, 19 Apr 2007 07:48:52 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (72 lines)

We have moved to this policy.  For the most part we have had to do some
work for some games but not many.  We are using Reflexive access control
lists on the udp ports we can identify so that it looks similar to an
established tcp connection.  We did this in response to the unpatched
Symantec outbreak we had in January.  Final Fantasy XI is the only game
we have not opened up because it wants 15000+ udp ports. 

todd

Todd Joyce
Network Services
Radford University - The Smart Choice
[log in to unmask]
(540) 831-7777

Keep your boots and ChapStick and ice hotels.
Give me shorts and sandals and a thirty-blocker.

Temperance Brennan - Monday Mourning

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Alex Lanstein
Sent: Wednesday, April 18, 2007 5:45 PM
To: [log in to unmask]
Subject: Re: [Offtopic] Nintendo Wii

yikes - it's not bob jones university per chance is it?

joking aside, what is the reasoning behind blocking all outbound ports 
except those specifically sanctioned?

Grzeczka, Timothy J. wrote:
> We actually really hammer down on outbound ports. Many things don't
work
> 24/7 off our network. Things like video game consoles and games only
> work off hours on the weekend:
>
> Fridays 5pm - Saturday 7am
> Saturday 5pm - Monday 7am
>
> We also only open outbound ports based on need.
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Cal Frye
> Sent: Wednesday, April 18, 2007 3:54 PM
> To: [log in to unmask]
> Subject: Re: [Offtopic] Nintendo Wii
>
> Grzeczka, Timothy J. wrote:
>   
>> I have done some research on the Wii and other game systems to get
>>     
> them
>   
>> to work through our firewall. It's a matter of opening specific
>>     
> outbound
>   
>> ports. I found this info on Nintendo's website:
>> http://www.nintendo.com/consumer/systems/wii/en_na/onlineFirewall.jsp
>>
>> TCP: Allow traffic to all destinations on ports: 28910, 29900, 29901,
>> 29920, 80, and 443 
>>     
>
> Just curious, what /outbound/ ports do you block, besides the obvious
> NetBIOS, and relatively few others?
>
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU