CLEANACCESS Archives

September 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: PS2 - game ports management
From:
Jeff Porter <[log in to unmask]>
Reply To:
Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:
Thu, 8 Sep 2005 20:01:43 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (25 lines) 
We, too, have a "Game Consoles" role. When we create the filter, we assign
the user to this role. In this role, we block ports 20, 21, 22, 23, 80,
443, 6667, and 8080. In addition, we restrict access to any on-campus IP
ranges (not including ResNet IP ranges). We allow all other traffic.
Apparently some games use a couple of these ports, but we inform our users
that we view these filter creations as a security vulnerability since a
user could potential trick us into creating one for their PC. We figured
these restrictions would "cripple" any user smart enough to think of
obtaining a filter for their PC.

We also created an online form for obtaining and inserting the MAC
addresses to the CAM. When a request is submitted, we save it into a local
MySQL database. We send a confimation email to the user, and the office
staff reviews the request. We check if the user has previously submitted
requests, check the MAC manufacturer, etc. If all appears well, we use our
own form to submit the MAC to the CAM. The script is programmed in PHP.

If anyone is interested, we're willing to send the code for the form. You
can check it out at http://resnet.calpoly.edu/index.php?page=50. It has
definitely helped streamline the filter creating process for us.

Kyle Dodson
[log in to unmask]
http://resnet.calpoly.edu

ATOM RSS1 RSS2