ECN Internet Security: Subnet Port Blocking

ECN is coordinating with ITaP to block network ports 135,137, 138,139, 445 and 593 for off-campus traffic to all ECN subnets (all 128.46.XXX.XXX addresses) starting on February 2, 2004. This will change the method you use to access Windows services within the ECN domain, such as SAMBA shares to your home directories. Off-campus users of ECN services will still be able to access the services through the ITaP VPN Servers.

ITaP has created a web page that walks users through the setup of the VPN connection for off-campus users of Purdue resources. It only requires adding a simple dialup connection to your computer. The instructions for setting up the connection for various Operating Systems can be found at this URL:

http://www.itap.purdue.edu/telecom/vpn/

This action has become necessary due to the malicious attacks from computers outside of Purdue. Our servers and workstations have become targets for an ever increasing number of hackers with the intent on breaking into our systems. We now average several thousand attempts per hour on most of our servers, and this has placed a strain on our limited resources.

We have evaluated this change on a couple of existing subnets in ECN over the past month, and have not seen any problems arise.

If you connect to the campus from a non-ITaP network, please review the instructions for setting up the VPN connection, and configure your home machines to use this service.

This change is only for incoming traffic. This change will not affect your connections to the outside world from within the boundaries of the ECN subnets.

If you encounter problems with your VPN connection, please contact the ITaP helpdesk through the following web page info

http://www.itap.purdue.edu/help/

Here is a listing of the Blocked Services, Programs, and Data affected by this change.