University of Alberta

Login Sign up

Blocked Ports from Off Campus Networks

Modified on: Fri, 26 Jan 2024 9:39 AM

Introduction

The University of Alberta is required to safeguard the confidentiality, integrity and availability of all University information.  These safeguards ensure that University information is only accessed by those who are authorized to access it, the information is true to what it should be and the information is accessible when it needs to be.

 


Applicability

This article will assist users with troubleshooting connectivity to computing resources from off campus.  The article is intended for all members of the University community, users at other institutions who access University of Alberta resources from off campus, for third-party vendors, and in certain situations as noted. Note that it is not intended to describe the different methods for connecting to campus systems. It is only describing ports that will not work.

 


Procedure

Blocked Ports from Off Campus Networks


As part of a new initiative to better secure University of Alberta computing resources, we are disabling access to several high risk ports from off-campus networks. Currently, the following ports are affected:


DNS over TLS (DoT - outbound blocking only)

DNS over HTTPS (DoH - outbound blocking only)

13: Daytime

17 UDP: Quote of the Day

19 UDP: Chargen

23: Telnet

37: Time

69 UDP: TFTP

79 TCP: Finger - User Information Protocol

110 TCP: pop3

111 TCP: SunRPC

123: NTP

135 TCP: Remote Procedure Call (RPC)

137-139/445: SMB (Inbound AND Outbound blocking)

161: SNMP

177: xdmcp

389 UDP: LDAP

427 TCP/UDP:  SLP

515: Printing

554 TCP: rtsp

623 TCP: ipmi

873: Rsync

902 TCP: VMWare daemon

995 TCP: pop3 secure

1099 TCP: Java RMI

1434: MSSql

1883: IBM scada

1900 UDP: SSDP

2323: Telnet Alternate

3283 UDP: Apple Remote Desktop

3306 TCP: MySQL

3389: RDP

3668: Drac

3702 UDP: WS-Discovery

4786 TCP: - Cisco Smart Install

5009 TCP: Apple Airplay remote admin

5353: Multicast DNS

5432: Postgresql

5672 TCP: amqp

5869: drac

5900-5910: VNC & VNC Alternates

6000: XServer

7777: cbt

9100: Printing

9600 TCP: ICS

9999: Telnet Alternate

11211 UDP: memcache

16992-16993: Intel AMT

30718: Lantronix

27017 TCP: MondoDB

44818 TCP: Common Industrial Protocol (CIP) to Ethernet

 

Common programs that use these ports*:

  • Windows Remote Desktop
  • Apple Remote Desktop
  • Windows File Sharing & Network Discovery
  • Samba (including connections to samba.srv.ualberta.ca)
  • Putty connections using Telnet
  • RealVNC Remote Access Software

*Please note this is not an exhaustive list. Other programs may be affected. This article is not intended to describe how to use these programs to connect. It is only to list which ports are affected.

 

To access your devices you must first connect to the University's Virtual Private Network (VPN) service. The VPN service protects both you and the university with respect to remote connectivity. Please see the instructions for installing the VPN client here.

For those devices accessed by external researchers or third party vendors, we have two alternatives:

  1. Preferred Method: Request creation of a Guest CCID from your department's HR contact or from IST. This will allow non-UAlberta affiliates to authenticate to the VPN service, and then to the internal computing resource.
  2. Alternate Method: Request an exception. Note that there must be a clear business justification for this exception that cannot be solved by the creation of a guest CCID. Requests can be submitted to ciso@ualberta.ca for review.

 

Other high risk network ports are currently under consideration. This article will be updated to reflect the list of ports if any other changes are made.

 

 

 


Keywords: rdp, remote, desktop, telnet, ssh, off-campus, outside, access, guest, ccid, vpn, windows, smb, samba, file, sharing, blocked, ports, chargen, ssdp, block, tftp, rsync, mysql, off campus access

Was this answer helpful?