[OpenAFS] ISP blocking Krb4 traffic?

John Hascall john@iastate.edu
Thu, 15 Apr 2004 11:09:42 CDT

> I've noticed recently that our ISP seems to be dropping outbound traffic
> with a destination port equal to 4444.  I think this is to circumvent
> some Windows worm that uses that port.  However, it has the side effect
> of completely neutering Kerberos 4 usage to an off-site realm, because
> traffic on port 4444 from the client to the krb4 KDC (or krb524) is
> dropped.

> Is anyone else experiencing this problem, and also are there any
> convenient workarounds for this?  What complete stupidity.

We have been able to convince some ISPs to block
only 4444/tcp and not 4444/udp.  Others have been
thicker-headed.  The only solution we have found
for our clients behind such boneheadedness is to
use a VPN (or switch ISPs).

It would be nice to be able to configure the 524 client
stuff to use a different port...