Port Blocking

CETS understands that SEAS computing users collaborate with researchers from other institutions, and we are not interested in hindering this collaboration by running a full-blown firewall at our border. However, we have placed a few port blocks on our routers to help protect our users from well-known attacks. For example, we block incoming connections to the Windows file sharing ports (135, 139, 445) and the httpd port (80) which are popular targets for malicious activity. These httpd rules will not prevent you from browsing the Internet.

If you are running a web server that needs to be viewed from computers outside of SEAS, we can temporarily open port 80 specifically for your server. The person administering the server should send a request to cets@seas.upenn.edu including the IP address and/or DNS name of the computer running the server, the purpose of the web server, and how long it will need the access.

As new viruses appear on the Internet, we might temporarily block incoming traffic to certain other ports at the SEASNet border. Some of the current blocks include incoming DNS, SNMP, and TFTP. Please keep in mind these port blocks only protect you from computers outside of SEASNet. An infected laptop plugged into the SEAS network would easily defeat this security measure. For this reason, it is extremely important to keep up to date on all patches and antivirus software. Turning off any unnecessary services, and running a local firewall will also help protect your computer.