2014-05-20 - News - Chris Thompson
The scheme described in news item 2008-12-15 has been reworked to represent a larger number of references to specific IP addresses from the various parts of the CUDN infrastructure. The intention remains the same: to prevent such IP addresses being rescinded or reused without appropriate changes being made to the CUDN configuration.
There are now four "anames" used instead of three:
janet-filter.net.private.cam.ac.ukfor exceptions at the CUDN border routers, often permitting some network traffic that would otherwise be blocked. This is essentially the same as the oldjanet-acl.net.private.cam.ac.ukwhich is temporarily an alias.cudn-filter.net.private.cam.ac.ukfor exceptions at internal CUDN routers. This includes the old high-numbered port blocking, where it is still in use, but also many other sorts of exception which were previously not represented. The old namecudn-acl.net.private.cam.ac.ukis temporarily an alias.cudn-blocklist.net.private.cam.ac.ukfor addresses for which all IP traffic is completely blocked, usually as the result of a security incident. This is essentially the same as the oldblock-list.net.private.cam.ac.ukwhich is temporarily an alias.cudn-config.net.private.cam.ac.ukfor addresses that are referred to in the CUDN routing infrastructure. This is completely new.
Both IPv4 and IPv6 addresses may appear in these lists (although at
the moment only cudn-config has any IPv6 addresses).
Requests for the creation or removal of network access control
exceptions, or explanations of existing ones, should in most cases be
sent to network-support@uis.cam.ac.uk in the first instance, who
will redirect them if necessary. However, the CERT team at
cert@cam.ac.uk are solely responsible for the cudn-blocklist
contents in particular.