IT Connect
Information technology tools and resources at the UW

UW Network Port Blocking

Security enhancements to the UW Network

The University is making important security enhancements to protect the UW network against an increasing number of malicious attacks that put personal and University data, devices and systems at risk.


These network security changes include blocking traffic from the Internet into the UW network over specific network paths, or ports. Blocking the most frequently attacked network ports will occur in multiple phases:

  • Phase 1 Port Blocks: Remote desktop and file-sharing applications was completed on April 24, 2018
  • Phase 2 Port Blocks: Slated for implementation October 16, 2018
  • Phase 3 Port Blocks: Pending implementation in early 2019

Before the ports are blocked, significant advance notice will be provided to the University’s IT community.

If you have questions, concerns or recommendations about port blocking, please provide input to Please include “Network port blocking” in the subject line.

Phase 1 Port Blocks: Remote desktop and file-sharing applications

Implementation date: Completed April 24, 2018

Detailed information: UW Network Port Blocking Phase 1: Remote Desktop and File-Sharing Applications

List of blocked ports

Port Protocol Reason for Block
Network Basic Input/Output System (NetBIOS) and Server Message Block (SMB) services provide file sharing and related services over the network. These services are constantly under attack from off-campus, are frequently vulnerable to attacks, exploits and malware, and can expose confidential or restricted data when improperly configured.
3389 RDP This is used for remote desktop connections to Windows computers. It is one of the most common ports used for “brute-force” or “dictionary” attacks (password guessing).
5900 VNC This is used by the Virtual Network Computing (VNC) protocol, which is used for remote desktop connections to computers running a VNC

Phase 2 Port Blocks:

Implementation date: Slated for October 16, 2018

The UW staff members responsible for computers, devices or systems that use the affected ports will be notified and have time to take actions in advance of the port blocking or file an . exemption request if their systems legitimately uses these ports.

List of ports to be blocked

Port Protocol Reason for Block
19 CHARGEN Character Generator Protocol or chargen is a tiny network service often installed by default on servers that generates a stream of characters for testing network connectivity. It is often abused for amplification attacks and does not serve any useful purpose.
21 FTP Unsecured File Transfer Protocol or FTP  is an insecure network protocol used for remote file transfer with passwords transmitted in clear-text. In general where possible access using secure copy over Secure Shell (SSH — port 22) to provide access. There are some legitimate uses of FTP for sharing data sets, but many of these resources have moved to HTTP and this service may only be being offered for legacy reasons.

More Information:

23 Telnet Unsecured version of Secure Shell or telnet  is an insecure network protocol used for remote access with passwords transmitted in clear-text. In general where possible access using secure shell (SSH — port 22) to provide access.

There are some legitimate uses of telnet on-campus for sharing data sets with external users

111 ONC/Sun RPC The Open Network Computing / Sun Remote Procedure Call protocol is often installed on Unix systems providing NFS services, commonly known as the port mapper service. This service should not be exposed to the Internet, as it provides a way for an attacker to consume resources, access disk, and other resources potentially with very little authentication.

More information:

SNMP Simple Network Management Protocol  or SNMP are network management protocols, and are commonly used to discover networks and expose information.

Campus network equipment is protected but there may be other legitimate users of this on-campus that could be impacted (e.g., printers). However, printers should be on private IP addresses.

LDAP Light Directory Access Protocol or LDAP services are used for directory and authentication services, including Microsoft Active Directory.  In some cases, these protocols will send your password in the clear. In addition these are frequently the subject of “brute-force” or “dictionary” attacks (password guessing).

LDAP is discouraged for authentication as your credentials are exposed to the application using to authenticate (even if SSL or TLS is used). There are other legitimate uses of LDAP that might be impacted, however, especially cloud services.

593 RPC over HTTP Remote Procedure Call or RPC over HTTP. This protocol is typically installed on Microsoft servers running Exchange. It should not be exposed to the Internet for the same reasons as the ONC – Sun RPC mapper above.
WinRM Remote Management for Windows or WinRM is a protocol that can be used to remotely execute commands on Windows computers and is frequently misconfigured.
9100 PDL data stream Page Description Language (PDL) is used by some network printers. This port is often used to perform DDOS attacks or send malicious print jobs to the printer.

Preparing for the upcoming changes

As of mid July, UW-IT has identified hosts that may be affected by the Phase 2 port blocks. These hosts are identified by subnet.

  • All associated subnet owners will be contacted via email, and this email will include a list of potentially impacted host(s). If you or a member of your team/unit receive this email from UW Information Technology, please review the information carefully. Take appropriate and timely action to mitigate any potential negative impact on the host(s).
  • A UW secure virtual private network (VPN) service, such as Husky OnNet, may be a viable option for users to access services such as FTP or an on-campus printer. And if there is an alternative approach available, then please communicate with your users.
  • While UW-IT has identified potentially impacted hosts, it is impossible to create a definitive list. We encourage you to review your systems and identify if they will be affected by the ports that will be blocked.

If hosts within your unit need to remain accessible via any of these ports from outside the university network, please send an email to with “Network Port Blocking” in the subject line. UW-IT will work with system owners to identify the best alternative access.

Phase 3 Proposed Port Blocks:

Implementation date: targeted for early 2019

List of ports

Port Protocol Reason for Block
0 N/A This is a reserved port and should not be used by applications.
88 Kerberos An authentication protocol. In addition, these are frequently the subject of a ‘dictionary attack’ where many different passwords are attempted. Some cloud-based services require access to this port in order to authenticate customers. This may require a cloud VPN solution as mitigation


If alternative solutions for service impacts due to port blocking are not available or will take more time to develop, a request for an exemption may be made. For more information on exemptions, including recommendations for other important security measures, please contact UW-IT’s Service Center at with the subject line: “Network Port Blocking.”

UW unit exemptions will require the approval of your unit’s dean, director, or chair. All requests for exemptions within UW Medicine will be forwarded to UW Medicine ITS for approval.

Get Help/Questions

If you need help or have any questions or concerns, please contact with the subject line: “Network port blocking.”