Breadcrumb
Inhalt
Firewall of the RWTH Aachen University
Introduction
The main task of a firewall in a security concept is, to limit the reachability of services in a way, that vulnerable and sensitive services are only available, if the security policy allows that.
To enforce this concept the Center for Computing and Communication operates a high performance firewall within the internet uplink of the RWTH Aachen University. This firewall controls the worldwide availability of safety critical services by using binary rules (yes or no).
Furthermore the CCC can operate a firewall on the routers which are installed before the networks of facilities of the RWTH Aachen University, to limit the danger within the network of the RWTH Aachen University. Please contact us, if your are interested.
Registration of servers
Servers can be registered by the known contact person by sending an email to noc@rwth-aachen.de. Please use the following format:
# Dienst1 134.130.X.A Name_A.domain.rwth-aachen.de 134.130.X.B Name_B.domain.rwth-aachen.de 134.130.X.C Name_C.domain.rwth-aachen.de # Dienst2 134.130.X.C Name_C.domain.rwth-aachen.de 134.130.X.D Name_D.domain.rwth-aachen.de 134.130.X.E Name_E.domain.rwth-aachen.de
If possible set a tabulator between the IP address and the fully qualified name (format: Computer.Domain.RWTH-Aachen.de) of the computer.
Please consider, that we only unlock computers, which are registered at the DNS.
Note also, that we only open services for some machines and not for whole networks.
Services and there SSL variant will be unlocked together. So you must only announce one variant. If you don´t know the name of the service, please name the protocol and the port number.
In the case, that we manage a packet filter on your router, please write "Gebäudefilter" in your text.
Blocked services
Traffic
| Service | Destination port | Protocol | Direction | Remark |
|---|---|---|---|---|
| Direct Connect | 411 | TCP | RWTH -> Wohnheime | Repeated Copright Violation |
| P2P | 411 - 412 1214 1412 1421 4660 - 4672 6346 6881 - 6889 6669 14662 |
TCP/UDP | In/Out | Repeated Copyright Violation |
Security
| Service | Destination port | Protocol | Direction | Remark |
|---|---|---|---|---|
| Serverdienste | <1024 | TCP/UDP | In | Only to registered servers of the RWTH Aachen |
| epmap | 135 | TCP/UDP | Out | Only to registered clients of the RWTH Aachen, CA-2003-20 |
| unpriv-ports | <=1201 | TCP/UDP | In | POPUP-SPAM |
| Socks | 1080 | TCP | In | Only to registered servers of the RWTH Aachen |
| OpenVPN | 1194 | TCP/UDP | In | Only to registered servers of the RWTH Aachen using the centralized authentication servers. |
| Microsoft SQL | 1433 | TCP | In | IN-2002-04 |
| Microsoft SQL | 1434 | UDP | In | CA-2003-04 |
| Oracle-TNS | 1521 | TCP | In | TA05-292A |
| Cisco-SNMP | 1993 | TCP/UDP | In | |
| Apache Worm Slapper | 1978 | UDP | In | CA-2002-27 |
| Apache Worm Slapper | 2002 | UDP | In | CA-2002-27 |
| CVS | 2401 | TCP | In | TA04-147A |
|
Citrix |
2512-2513 | TCP/UDP | In | |
| W32.Phatbot | 2745 | TCP | In | |
| W32.MyDoom | 3127 | TCP | In | TA04-028A |
| Squid | 3128 | TCP | In | Only to registered servers of the RWTH Aachen |
| MySQL | 3306 | TCP | In | Only to registered servers of the RWTH Aachen |
| MSDTC | 3372 | TCP | In | MS05-051 |
| MSRDP | 3389 | TCP | In | Only to registered servers of the RWTH Aachen |
| Apache Worm Slapper | 4156 | UDP | In | CA-2002-27 |
| Radmin | 4899 | TCP | In | Only to registered servers of the RWTH Aachen |
| UPnP | 5000 | TCP | In | Only to registered servers of the RWTH Aachen |
| SIP | 5060 | TCP/UDP | In | Only to registered servers of the RWTH Aachen |
| SGI Objectserver | 5135 | TCP/UDP | In | |
| SGL DGL | 5232 | TCP | In | |
| W32.Sasser | 5554 | TCP | In | |
| VNC | 5900 | TCP | In | Only to registered servers of the RWTH Aachen |
| X11 | 6000-6063 | TCP | In | Only to registered servers of the RWTH Aachen |
| Veritas Backup | 6101 | TCP | In | |
| CDE Subprocess Control | 6112 | TCP | In | Only to registered servers of the RWTH Aachen |
| Dameware | 6129 | TCP | In | Only to registered servers of the RWTH Aachen |
| IRCd | 6667 | TCP | In | Only to registered servers of the RWTH Aachen |
| X11 Font Server | 7100 | TCP | In | CA-2002-34 |
| Webcache | 8080 | TCP | In | Only to registered servers of the RWTH Aachen |
| pdl-datastream | 9100 | TCP | In | Only to registered servers of the RWTH Aachen |
| W32.Dabber | 9898 | TCP | In | |
| Veritas Backup Exec | 10000 | TCP | In | TA05-224A |
| W32.MyDoom | 10080 | TCP | In | |
| Linuxwurm Lion | 12321 | TCP | In | |
| Netbus | 12345 | TCP/UDP | In/Out | |
| Netbus | 20034 | TCP/UDP | In/Out | |
| W32.Lovgate | 20168 | TCP | In | |
| Sub Seven | 27343 | TCP/UDP | In/Out | |
| BackOrifice | 31337 | TCP/UDP | In/Out | |
| Hack'n'Attack | 31789 | TCP/UDP | In/Out | |
| BugBear | 36794 | TCP/UDP | In |
|
| IPv6 in IPv4 | 41 | In/Out | ||
| Diverse Protokolle | - | 53,55,57 | In | CA-2003-15 |
Gesperrte Netze
| Network | Reason | Remark |
|---|---|---|
| Not assigned /8 blocks | Spoofing, not assigned | IANA |
| 10.0.0.0/8 | private network | RFC 1918 |
| 172.16.0.0/12 | private network | RFC 1918 |
| 192.168.0.0/16 | private network | RFC 1918 |
| 128.192.14.77/32 | SPAM | |
| 207.44.156.141/32, HTTP(S) | Content | RP Düsseldorf |
| 216.12.219.26/32, HTTP(S) | Content | RP Düsseldorf |
| 165.121.158.98/32, HTTP(S) | Content | RP Düsseldorf |
| 64.82.99.192/32, HTTP(S) | Content | RP Düsseldorf |
| - derzeit keine - | Cracking | Spybot-Server |