Re: Student Side Ports

["Hahues, Sven" <shahues () FGCU EDU>]

On our residential network we try to give students the same internet access as if they had a cable modem at home:

We use our network registration system to place gaming consoles into a network with publically routed IP addresses and 
allow some ports back in for Xbox live and PSN.  This helped a lot for the people who reported that xbox live did not 
work behind NAT (which it unfortunately really does not), and fixed most of the PSN problems as well.

Normal devices, such as PCs, and iphones do not end up on that network, but rather end up on private IPs that get 
NAT'ed to the Internet. We do not block anything there but have a system in place that detects P2P traffic and 
quarantines users based on the number of offenses, and we also rate shape our users for fair use.  (We had a really bad 
problem where 5% of the users were using 90% of the bandwidth).



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Boyd, 
Daniel
Sent: Tuesday, September 27, 2011 8:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Student Side Ports

The same here...  we don't allow inbound traffic without an corresponding outbound request for it, but do very little 
to restrict gaming and have also tweaked our network to help along some of the more fragile game frameworks.  I can 
handle 100% of our students playing typical games that relay position and status information back to a server, MMORPGs 
for example, but what I can't handle is 100% of them streaming NetFlix, Amazon, or Hulu and the like, so here we say, 
"Game on!"  (As long as they all don't try to update their game files at the same time...)

Dan

Daniel H. Boyd (94C)
Senior Network Architect
Network Operations
Berry College
Phone: 706-236-1750
Fax:     706-238-5824

There are two rules to follow with your account passwords:
1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!!
2. If unsure, consult rule #1

-----Original Message-----
From: Ken Connelly [mailto:Ken.Connelly () UNI EDU]
Sent: Monday, September 26, 2011 2:39 PM
Subject: Re: Student Side Ports

Kevin Wilcox wrote:
> On Mon, Sep 26, 2011 at 12:54 PM, Jason Rinne <rinnej () moval edu> wrote:
>
>
> > Now that our bandwidth has increased more users are jumping back on our network.  As a result I am getting a lot of 
> > requests to open ports for online gaming.
> > What is your policy on opening ports on the student side for gaming or other applications?
>
> A lot of folks have chimed in but they've not said what I consider the
> magic words. Are these inbound ports or outbound ports?

No, they didn't.  We don't allow inbound SYNs to our resnet, but don't restrict gaming outbound much at all.  In fact, 
we have done a few things to make a couple of poor performers better.  Yes, Blizzard, I'm talking about you!

- ken
> kmw
>
> --
> Kevin Wilcox GPEN, GCIH
> Network Infrastructure and Control Systems Appalachian State
> University
> Email: wilcoxkm () appstate edu
> Office: 828.262.6259

--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!

COMPUTING SERVICES WILL NEVER ASK FOR YOUR PASSWORD.  You should never give out your username or password for any 
accounts you have, including bank accounts, credit card accounts, and other personal or University accounts.  Computing 
Services will never contact you using a return e-mail address that is not @fgcu.edu.  If you receive a questionable 
e-mail or an e-mail asking for passwords and logon information, DO NOT RESPOND, and please contact the Help Desk at 
239-590-1188.