Re: My ISP closed some ports need help!


On 05 Jan 2006 21:36:32 -0800, Jeff B <jbeardNo-Spam1185@xxxxxxxxxxxx> wrote:
>Anonymous wrote:
>> On 5 Jan 2006 17:08:53 -0800, nsellers@xxxxxxxxx wrote:
>>
>>>Basically my isp has closed some ports, ....
>>
>> What you're proffering isn't exactly plausible, but if it's true
>> then you need to get a different ISP.
>>
>
>If you read the End-User-License for personal Internet access from the
>majority of ISPs, you will find you are *not allowed* to run server
>class software. They enforce this by inhibiting specific ports to flow
>from the ISP to the subscriber; specifically
> 80,8080,8081, 443:- all HTTP protocol ports
> 25,110,143:- the email ports
> 20,21:- the FTP ports
> 23:- Telnet
> (likely to include 22, the ssh equiv of {ftp,telnet} )
>In fact, you are probibited from even using port alternatives,
>eg mapping your server ports into other numbers, say moving 80 to 10080.
>Now you can probably get away with this as long as the bandwidth doesn't
>get to large, as that IS monitored and you will be expelled promptly.
>
>Closing down port 25 (smtp, outbound email) is actually performing a
>great service for us all - - namely, it helps control the spam generated
>from an 'open relay mail server'
>
>To get access to server class ports, you need Server Class service
>agreement from the ISP.
>
>excerpt from EULA:
>You agree not to use, or allow Users to use, the xxx Broadband
>Service, the Adelphia Network, the Equipment or the Software:
>....
>(g) to run a server of any type in connection with the xxx
>Broadband Service, or to provide network or host services to others via
>the xxx Network. Prohibited uses include, without limitation,
>running servers for PPP, FTP, HTTP, DNS, POP, SMTP, NNTP, Proxy
>(any variety), DHCP, IRC, TELNET, TFTP, SNMP and multi-user
>interactive forums, and remapping of ports for the purpose of operating
>a server on the xxx Network;
>
>Yes it is plausible, practical and easily implemented in the TCP stack
>of the ISP server or his firewall.
>
>---
>Jeff B (remove the No-Spam to reply)


nsellers said "they have closed all ports". (S)he made no distinction
between inbound and outbound. To me, all means all. I agree the ISP
could block most inbound unsolicited traffic. I also agree that many
ISPs do exactly that. I don't agree with the rest.

Blocking port 25, or any other port for that matter, is not a "service to
us all". It's a brain dead approach that ISPs choose - especially
the big sleazes (we all know who). The reasons are simple. First, just
like all good 'Amerikan 'Korporations these 'daze, they've downsized,
rightsized, off-shored, and otherwise dumbed-down their technical staff
to a gaggle of minimum wage oompa loompas who have been programmed like
automatons to believe ctrl-alt-del is the solution to every problem.
Sensible computer scientists have put forward many well thought out
approaches to effectively thwart spammers (DKIM, SPF, and TLS to name a
few), but the upper echelon at most major ISPs won't spend the money to
implement one or more of them because it's more profitable sit on their
duffs and exploit customer ignorance. Second, it creates an opportunity to
upcharge ("server class" as you call it) for nothing (which is what they do
best, nothing that is). To call it pathetic would be an act of kindness, to
call it an unfair and deceptive trade practice would be legally accurate,
and to call it a string of four letter words would be a bullseye.

- N
- Why do I post anonymously? Because evidence and argument should stand
on it's own merit and not be biased by who said it.


















.

Relevant Pages

  • Re: Hacked?
    ... have some kind of pointer to try to contact a computer on that network. ... Those are NetBIOS ports, and NetBIOS is somewhat chatty and can generate ... installing Zone Alarm on the computer in question would be ... > currently hosting the email server, DNS, as well ...
    (microsoft.public.security)
  • Re: IIS / Web Services Security threats
    ... You will be surprised to know, due to a recent virus attack on the perimeter network, the common ports have been closed too. ... I also develop Java applications which runs on weblogic server. ... Since, the entire world knows about port 80 and 443, I thought opening a specific port with IP Sec configuration may make the network little secure. ... My security team thinks allowing communication between the two IIS ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Getting around corporate firewalls to access ssh server
    ... the ports on the two servers and put the release server on 22. ... restrictive of what the users are allowed to do with the network. ... For those customers where you are having problems, ...
    (comp.os.linux.networking)
  • Re: When do I choose for OUTBOUND or INBOUND in a protocol?
    ... Ori YosefiISA Server Team ... > tab I only checked the external network. ... >> If you want to allow access to iSpQ on the internal network, you should>> create a publishing rule that publishes these ports to the external> network. ...
    (microsoft.public.isa)
  • Re: Help needed on ip forwarding
    ... >> Here's my current network. ... >> My modem gets an external IP from the ISP. ... >> external IP address on the virtual interface (I have two physical ... > PORTS, not IPs. ...
    (comp.os.linux.networking)