View Page

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
en:verejne:sit:ethernet [08.07.2018 14:27] – created Pavel Valachen:verejne:sit:ethernet [08.10.2024 11:28] (current) – [Security] cesnet blokuje udp 631 english Karel Kopecký
Line 3: Line 3:
 ====== Cable connection ====== ====== Cable connection ======
  
-Members of Club Sincoolka with Network membership may use a more stable cable connection. Maximum achievable bandwidth of cable connection ranges from 100 Mbit/s to 1 Gbit/s.+Members of Club Sincoolka can (besides WiFi) use a wired connection over Ethernet available in every room, specifically:
  
-Your device needs to be registered to access our cable network. Bring it to the LAB during office hoursor send us a request //from your registered e-mail address// to [[admin@sin.cvut.cz]]. The request //must// include: +**Sinkuleho dormitory:** generallyall Ethernet sockets in your room should be working\\ 
-    - the MAC address of your Ethernet adapter, +**Dejvická dormitory:** only two Ethernet sockets are working in each room.
-    - what device you are connecting, +
-    - that it will be connected using cable.+
  
 +If your device is registered, you'll be immediately connected to Internet straight away. If not, you should be redirected to our Information System - SINIS.
  
-===== Installation manuals =====+<note information> 
 +Your device needs to be registered to access our cable network. Please follow the instructions at [[en:verejne:sit:nove-zarizeni]]. 
 +</note>
  
-{{indexmenu>:en:verejne:sit:ethernet|tsort nsort}}+<note important> 
 +WiFi registered devices are not automatically registered for Ethernet, as they are separate network interfaces with different MAC addresses! 
 +</note> 
 + 
 +Currently we only allow one Ethernet (cable-connected) device per user. 
 + 
 +Also, if you need a cable, come to the LAB during office hours; we have a couple of them to give. ;) 
 + 
 +===== Security ===== 
 + 
 +<note warning> 
 +Your cable-connected device has a public IPv4 address,\\ 
 +__**always use a properly configured firewall!**__ 
 +</note> 
 + 
 +<note important> 
 +CESNET has decided to centraly block inbound connections to the UDP port 631 with regard to a serious vulnerability in CUPSd (CVE-2024-47176). 
 +</note> 
 + 
 +All devices connected with an Ethernet cable get not only an IPv6 address, but a **public IPv4 address** as well, it is therefore necessary to **correctly configure the firewall** on such devices. Alas, people do not, so, unfortunately, we had to close some ports that people commonly leave open by mistake: 
 +^ Service                                    ^ Protocol  ^ Port                     ^ 
 +| FTP                                        | TCP,UDP   | 20,21                    | 
 +| Telnet                                     | TCP,UDP   | 23                       | 
 +| SMTP                                       | TCP,UDP   | 25                       | 
 +| DNS                                        | TCP,UDP   | 53                       | 
 +| NetBIOS                                    | TCP,UDP   | 137,138,139              | 
 +| SMB (Samba)                                | TCP,UDP   | 445                      | 
 +| RDP (remote desktop)                       | TCP,UDP   | 3389                     | 
 +| Microsoft SQL                              | TCP,UDP   | 1433,1434                | 
 +| OracleDB                                   | TCP       | 1521,1830                | 
 +| MySQL                                      | TCP       | 3306                     | 
 +| PostgreSQL                                 | TCP       | 5432,5433                | 
 +| Memcached                                  | TCP,UDP   | 11211                    | 
 +| MongoDB                                    | TCP       | 27017,27018,27019,28017 
 +| Redis                                      | TCP       | 6379                     | 
 +| HP JetDirect/AppSocket/Raw/... (printing)  | TCP       | 9100                     | 
 +| LPD/LPR (printing)                         | TCP       | 515                      | 
 +| IPP/CUPS (printing)                        | TCP       | 631                      | 
 +| UPnP                                       | TCP,UDP   | 1900,5000                | 
 +| SLP                                        | TCP,UDP   | 427                      | 
 +| SNMP                                       | UDP       | 161,162                  | 
 +| Other                                      | TCP,UDP   | 6666                     | 
 + 
 +If you need to have one of these ports open, please visit us during the office hours or send us an email. 
 +===== How to find a MAC address ===== 
 + 
 +A MAC address is an unique identifier of a network device. It is commonly written as a hexadecimal number, which may look for instance like this: 
 + 
 +''AB:CD:EF:12:A3:04'' or ''AB-CD-EF-12-A3-04''  
 + 
 +{{indexmenu>:en:verejne:sit:mac|tsort nsort}} 
 + 
 +If you are unable to find your device's MAC address, come visit us during office and bring your device with you, we are happy to help you. Sometimes, you may find it on the device itself, or it's packaging. On devices with menus, it's commonly found in sections called "Settings" or "About the device".