Educause Security Discussion mailing list archives
Re: Destiny Gaming
From: Ian McDonald <iam () ST-ANDREWS AC UK>
Date: Thu, 11 Sep 2014 20:02:42 +0000
Why on earth they don't understand that 1 outbound port is all that is required for their traffic I'll never know. Thanks -- ian Sent from my phone, please excuse brevity and misspelling. ________________________________ From: Cal Frye<mailto:cjf () CALFRYE COM> Sent: 11/09/2014 17:18 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Destiny Gaming It's still typical of the game industry. "Just open these multitude of ports and you'll be fine." The assumption seems to be the evil network administrators are trying to block your game play, so we'll not give specific information. The specifics would permit me to block their servers, yes, but also allow me to work around issues of firewalls or bandwidth management devices in a sane manner. In the past, I would sometimes craft a specific permit class on our old Packetshaper to permit just the ports referenced and what I could find of the game servers, to avoid opening random ports or classifying them for a high quality of service based on port alone. I do hear Bungie is attempting to work with Procera, among others, to properly classify the game traffic, so maybe attitudes are changing at last. Could we hope this might be done before release in the future? I'm not holding my breath. Best Regards, -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 Be an Internet Skeptic! -- Hover your mouse over the links in emails, and see if the link matches where you think you want to go! www.calfrye.com<http://www.calfrye.com>, www.oberlin.edu/cit/<http://www.oberlin.edu/cit/> "We are the ones responsible to determine whether the war that our marines, soldiers and airmen are fighting in is worth the cause..." --Scott Ritter. [cid:part1.05040808.03070006@calfrye.com] Keller, Alex<mailto:axkeller () STANFORD EDU> September 11, 2014 at 11:19 AM Legitimacy and design/architecture aside, please note that of the thousands of ports that are specified in the Bugie documentation, "only" 3074 UDP and 35000-35099 TCP are required to open INBOUND. Unless you are actually performing egress filtering (most hi-ed institutions don't) then the majority of these ports are already open/available. Best, alex Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu<mailto:axkeller () stanford edu> (650) 736-6421 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Self, Dennis Sent: Thursday, September 11, 2014 7:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Destiny Gaming A student has requested the opening of a large number of firewall ports (thousands) as referenced at the vendor site: http://www.bungie.net/en/Help/Article/11875. We do not plan to open the ports. I have never played the game. The request raises concerns that the application has security design issues, and the company has brazen attitudes towards security in stating the ports should be opened. Has anyone else dealt with this and developed an objective rationale? Kind regards, Dennis Self, CISSP Director, IT Security & Compliance Technology Services 205-726-2692 | office DLSelf () Samford edu<mailto:DLSelf () Samford edu> www.samford.edu<http://www.samford.edu> 800 Lakeshore Drive, Birmingham, AL 35229 "Truth is not democratic." Dennis Self, 2013 [cid:part1.05040808.03070006@calfrye.com] Self, Dennis<mailto:dlself () SAMFORD EDU> September 11, 2014 at 10:32 AM A student has requested the opening of a large number of firewall ports (thousands) as referenced at the vendor site: http://www.bungie.net/en/Help/Article/11875. We do not plan to open the ports. I have never played the game. The request raises concerns that the application has security design issues, and the company has brazen attitudes towards security in stating the ports should be opened. Has anyone else dealt with this and developed an objective rationale? Kind regards, Dennis Self, CISSP Director, IT Security & Compliance Technology Services 205-726-2692<tel:205-726-2692> | office DLSelf () Samford edu<mailto:DLSelf () Samford edu> www.samford.edu<http://www.samford.edu/> 800 Lakeshore Drive, Birmingham, AL 35229<http://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US> [Samford University Logo] ”Truth is not democratic.” Dennis Self, 2013
Current thread:
- Destiny Gaming Self, Dennis (Sep 11)
- Re: Destiny Gaming Mally Mclane (Sep 11)
- Re: Destiny Gaming Roger A Safian (Sep 11)
- Re: Destiny Gaming Walter Reynolds (Sep 11)
- Re: Destiny Gaming Garza, Veronica (Sep 11)
- Re: Destiny Gaming Keller, Alex (Sep 11)
- Re: Destiny Gaming Roger A Safian (Sep 11)
- Re: Destiny Gaming Cal Frye (Sep 11)
- Re: Destiny Gaming Ian McDonald (Sep 11)
- <Possible follow-ups>
- Re: Destiny Gaming Howard, Christopher (Sep 11)
- Re: Destiny Gaming Jones, Dan J. (Sep 11)
- Re: Destiny Gaming Jones, Dan J. (Sep 11)
- Re: Destiny Gaming Jones, Dan J. (Sep 11)