We, the members of the technical crew try our best to set up and maintain a stable, reliable and
fast network. In the last few years, the threat of viruses, trojans and worms has increased,
which has made it necessary to implement technical solutions to reduce this problem.
Perfect solutions demand enormous resources in the network, resources we unfortunately
don't have on a network of this size and load. We have therefore decided to try our best to
minimize the problems posed by this threat, so that much of this traffic will be stopped.
These measures are taken to make the network as fast and reliable as humanly
possible, as well as to minimize the chance of being infected by viruses while you are
connected to the network at The Gathering. This does however limit your freedom somewhat
within the network. We are fully aware that this is not an optimal solution, but it is our hope and
belief that it will decrease the chance of a virus outbreak. It is vital that you do NOT
forget to patch your computer with the latest operating system updates, as well as updated
virus definitions. It is extremely important that you read through our patch guides and follow
them.
WE HIGHLY RECOMMEND THAT YOU RUN A FIREWALL LOCALLY ON YOUR
MACHINE!
The technical crew has thus decided these ports will be blocked locally:
25 - SMTP - Outgoing mail. This port is blocked so that worms are not able to send out huge
amounts of spam and e-mail using our network. We will instead offer a local SMTP server for
those who need to send out legit e-mails.
135, 137, 138, 139, 445 - Windows File Sharing/Networking Services. - This block will
without doubt be the one that irritates you the most. Blocking these ports means that you
will not be able to use Windows network services with users on a different switch than the
one you are on. Please keep in mind that this block does not interfere with services such as
FTP. The reason we have chosen to block these ports, is that many viruses and worms use
Windows networking services to spread itself further. We are not however, blocking these
ports at the request of RIAA / MPAA / Microsoft; it is strictly a measure taken to limit the
spread of viruses on the network.
1433, 1434 - MSSQL - Microsoft SQL Server. This block comes in effect due to a security
hole in MSSQL, which some of you are running deliberately or without knowing. The
MSSQL worm exploits this hole and uses large amounts of bandwidth on the network, as well
as slowing down our DNS servers by doing a large amount of DNS queries.
595, 9996 - Sasser. - Look at
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html if you
have this virus, or if you are interested in more information about the virus.
1900, 5000 - SSDP / UPnP Discovery. - Stops SQLSlammer in its steps, as well as blocks attempts
from network users to exploit and take over control of your PC using UPnP.
3067 - Korgo. - Look at
http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.f.removal.tool.html if
you have this virus, or if you are interested in more information about this virus.
On behalf of the technical crew at The Gathering 2005,
Frode Sandholtbråten
Questions about this article can be sent to frode [at] sandholtbraaten.com