rectangle 008BB0

Blocked Hosts Lists

The hosts identified in the following lists have been blocked at the departmental router port from accessing the University’s campus network. These hosts have been blocked due to malware infection (botnet), virus/worm propagation, denial-of-service attacks, spamming (botnet, open SMTP relay), etc. 

These blocks will be removed once the problem has been certified as having been resolved. To have blocks removed, the local departmental network administrator must contact ‘security@noc.utoronto.ca‘ or telephone the University’s Joint Operations Group at 416-978-4621.


Quarantined Hosts List

The hosts identified in the following lists have been quarantined by the Intrusion Prevention System (IPS). Quarantine means that all traffic from that source IP address is dropped, not just “bad” packets. Hosts are normally removed automatically from the IPS quarantine state 1 hour after detection, but if the issue occurs again, the host will be quarantined again. Some persistent hosts are quarantined for longer periods.

Internal U/T hosts in quarantine are prevented from accessing the Internet and GTAnet/ORION. These hosts will still be able to access the campus network.

If a host has been quarantined more than once, only the last event will be listed in the table.

The UofT quarantined hosts list is updated every 30 minutes; the external hosts list is updated every hour.

Hosts are left on the lists for several days to enable easy checking of recent quarantine actions. Daily Quarantine Reports are also available here.


Traffic Management

General Traffic Management Policies

The Network Operations Centre continuously monitors University backbone core and Internet gateway traffic patterns to ensure that network bandwidth is utilized efficiently and to detect anomalous traffic patterns.

When an anomalous traffic pattern is detected, it is investigated, and if found to be detrimental to the operation or reliability of the network, action is taken to ensure the impact on other computing resources is minimized. At times this may involve either explicitly blocking or shaping traffic from specific hosts found to be negatively impacting campus and/or gateway resources. Mitigation measures are most often targeted at a specific host and are put in place until an appropriate administrator can be contacted and the problem rectified. Thus, such blocking/shaping usually occurs only for a short duration. Details of the procedures can be found on the Traffic Analysis / Host Blocking Procedures tab on the Security portion of the NOC site.

If you are having problems connecting to the Internet, please check the Blocked Hosts List first to determine if your machine is currently being blocked due to a network traffic problem. Follow the instructions on the page to have your system unblocked. It is also possible you been quarantined automatically by the Intrusion Prevention System (IPS) from accessing the Internet and GTAnet/ORION; quarantined hosts will still be able to access the campus network; in most cases, they are also listed on the Blocked Hosts List page. Hosts will be automatically removed from the IPS Quarantine state 15 minutes after they were detected, but if the problem still exists, the host will be quarantined again.


Traffic Filtering

The University filters certain types of traffic as it enters and leaves Universitydepartment and residence networks. For specific details on the applications, ports and protocol filtering in place in each of these areas, please refer to the section on this site discussing Network Security.


Traffic Shaping

Peer-to-Peer Applications (P2P)

Users of these applications should be aware that much of the material available for download is copyrighted. Individuals downloading such material, could, potentially, be in violation of the University’s Appropriate Use of Information and Communication Technology.


Residence Gateway Traffic Management

Total Available Bandwidth

There is no restriction on the total amount of residence traffic.

Individual Bandwidth

There is currently no restriction on individual residence user traffic.