> LHC Computer Grid - Rollout
> > [mailto:[log in to unmask]] On Behalf Of Henry Nebrensky
> said:
> > (7777 is specifically associated with the Tini Trojan, which
> > doesn't sound
> > like a legitimate service. See e.g.
> > http://www.sans.org/resources/idfaq/oddports.php)
>
> RAL has now unblocked that site, so I can now see that it's a very large
> list which includes ports 80 and 8080, should we block those too? And
> the list seems to be rather old, no doubt there are lots more now.
> Indeed, since hackers can use any port they like they can presumably
> make us perform a denial of service on ourselves just by releasing
> something which uses any given port ...
>
of course any port might be used ... the point is that some are
used and used extensively. Avoiding those is just common sense.
> > If a serious-enough exploit suddenly appears on it, then yes, it might
> > suddenly get slammed shut and tough shit to the Grid.
>
> If ports are being closed just because someone *might* use them for an
> exploit I can only assume that we have to give up on the public
> internet.
If we don't have a robust an believable response then university
computer centres will just close the ports and if that stops us working
then ... well it is our problem.
Paul
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Paul Kyberd Brunel University +
+ E-mail: [log in to unmask] Department of Electronic and +
+ Phone: +44-(0)1895-203201 Computer Engineering +
+ Fax: Uxbridge, Middlesex UB8 3PH +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
