Zach, I forwarded your question to our UTK resident faculty/service defender, and here is his answer:
But to answer Zach's question about consequences.. Blocking mDNS/Bonjour/Zeroconf (all the same proto) will immediately affect the users if they use the iLife tools (iTunes, iPhoto, etc). Moreover iChat uses mDNS to discover local folks to chat with which some people use for inter-office chat. Also lots of printers are discovered that way so you end up having to manually configure (by IP) network printers. How much of an issue the iLife and iChat family being block depends on the density of macs really, and how the users use them secondly. Preventing automatic printer discovery may add load to the IT staff so that's a consideration. Blocking CUPS affects printing of course and CUPS is pretty noisy. How many CUPS enabled machines with printers attached are there? Do people use them via CUPS or do they use another protocol? Dropbox is super popular with a number of folks I know who rely on it for realtime backups of their academic work. If people are using the protocol enough for you to notice and be worried you might impact those users very negatively. On Dec 3, 2010, at 12:26 PM, Zachary McGibbon, Mr wrote: Hi, we are looking into blocking some broadcast traffic on our wireless network here at McGill and I wanted to get some feedback to see if anyone else has done this and if so what ports you blocked and what were the consequences? Here is a list of some ports we’re thinking of blocking: * UDP 137 / Netbios * UDP 631 / CUPS * UDP 5353 / MDNS * UDP 5355 / LLMNR * UDP 17500 / Dropbox These ports take up a lot of traffic on our network and is causing our Aruba controllers to drop spanning tree and VRRP frames and then cause APs to switch back and forth between ports on our switches and between the active/standby controller. Zachary McGibbon McGill NCS / Burnside Hall Email: [email protected]<mailto:[email protected]> Office: (514) 398-7388 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
