> LHC Computer Grid - Rollout > > [mailto:[log in to unmask]] On Behalf Of Henry Nebrensky > said: > > (7777 is specifically associated with the Tini Trojan, which > > doesn't sound > > like a legitimate service. See e.g. > > http://www.sans.org/resources/idfaq/oddports.php) > > RAL has now unblocked that site, so I can now see that it's a very large > list which includes ports 80 and 8080, should we block those too? And > the list seems to be rather old, no doubt there are lots more now. > Indeed, since hackers can use any port they like they can presumably > make us perform a denial of service on ourselves just by releasing > something which uses any given port ... > of course any port might be used ... the point is that some are used and used extensively. Avoiding those is just common sense. > > If a serious-enough exploit suddenly appears on it, then yes, it might > > suddenly get slammed shut and tough shit to the Grid. > > If ports are being closed just because someone *might* use them for an > exploit I can only assume that we have to give up on the public > internet. If we don't have a robust an believable response then university computer centres will just close the ports and if that stops us working then ... well it is our problem. Paul +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Paul Kyberd Brunel University + + E-mail: [log in to unmask] Department of Electronic and + + Phone: +44-(0)1895-203201 Computer Engineering + + Fax: Uxbridge, Middlesex UB8 3PH + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++