Department of Computer Science, Purdue University

Purdue CS Remote access changes 2004

In an effort to improve the security of campus Windows machines, ITaP is implementing restrictions for Windows Remote Procedure Call and NetBIOS service ports from outside Purdue. Computer Science has volunteered to be an early adopter of this plan.

The following ports will be blocked starting Wednesday, March 17

Port number	Protocol	Description
135,593	TCP and UDP	Microsoft RPC
137,138,139	TCP and UDP	Microsoft NetBIOS
445	TCP and UDP	Microsoft Data Service

This change will have no impact on connections within the department. However, if you map shares served by CS Windows machines from your home or dorm computer, you may be affected. The block applies to connections from

outside network providers (e.g. InsightBB Cable and Verizon DSL).
student RESNET connections, either in dorms or outside
ITaP dialup connections
regional campuses

If you want to establish a connection to CS Windows shares from outside Purdue (or student RESNET), you will need to use ITaP's VPN service.

To help with this transition, we have prepared a Windows application that will make configuring and establishing a VPN connection from a Windows 2000 or Windows XP simpler. You can download it from the Purdue VPN Interface page. The default configuration will only route Purdue network traffic over the VPN connection.

If you have a Linux machine, you may be able to use the VPN service. An alternative is to use ssh to tunnel a connection for smbmount. The following exceprt from our UNIX FAQ explains

First, create the SSH tunnel, from local port 7777 to port 139 on the CS machine

ssh -f -c blowfish -L 7777:localhost:139 -l CS-login CS-machine.cs.purdue.edu -N

Then mount the share (CS-login) from the local port 7777

smbmount //localhost/CS-login /mnt/cs -o port=7777,username=CS-login/SERVERS

If you want to access multiple remote shares (CS or other) from your machine, you could use additional tunnels with different local ports (i.e. 7778, 7779).

If you want to access your CS Windows share from your machine, you need to change the -L option to tunnel to port 139 on the Windows server (e.g. vermouth).

ssh -f -c blowfish -L 7777:Windows-machine:139 -l CS-login CS-machine.cs.purdue.edu -N

Note the SSH connection is still established with the UNIX machine (e.g. lore).

NOTE: If you have a Linksys Cable/DSL router, you must enable the PPTP Pass Through option to use the VPN service. This may apply to other brands as well.

If you would like additional help in switching to a VPN connection, please let us know (send mail to software@cs.purdue.edu).

Facilties Software Staff