Re: My ISP closed some ports need help!

Anonymous wrote:
On 05 Jan 2006 21:36:32 -0800, Jeff B <jbeardNo-Spam1185@xxxxxxxxxxxx> wrote:
Anonymous wrote: 
On 5 Jan 2006 17:08:53 -0800, nsellers@xxxxxxxxx wrote:

Basically my isp has closed some ports, .... 
What you're proffering isn't exactly plausible, but if it's true
then you need to get a different ISP.

If you read the End-User-License for personal Internet access from the majority of ISPs, you will find you are *not allowed* to run server class software. They enforce this by inhibiting specific ports to flow
from the ISP to the subscriber; specifically
80,8080,8081, 443:- all HTTP protocol ports
25,110,143:- the email ports
20,21:- the FTP ports
23:- Telnet
(likely to include 22, the ssh equiv of {ftp,telnet} )
In fact, you are probibited from even using port alternatives,
eg mapping your server ports into other numbers, say moving 80 to 10080.
Now you can probably get away with this as long as the bandwidth doesn't get to large, as that IS monitored and you will be expelled promptly.

Closing down port 25 (smtp, outbound email) is actually performing a great service for us all - - namely, it helps control the spam generated from an 'open relay mail server'
To get access to server class ports, you need Server Class service agreement from the ISP.

excerpt from EULA:
You agree not to use, or allow Users to use, the xxx Broadband
Service, the Adelphia Network, the Equipment or the Software:
....
(g) to run a server of any type in connection with the xxx
Broadband Service, or to provide network or host services to others via
the xxx Network. Prohibited uses include, without limitation,
running servers for PPP, FTP, HTTP, DNS, POP, SMTP, NNTP, Proxy
(any variety), DHCP, IRC, TELNET, TFTP, SNMP and multi-user
interactive forums, and remapping of ports for the purpose of operating a server on the xxx Network;

Yes it is plausible, practical and easily implemented in the TCP stack of the ISP server or his firewall.

---
Jeff B (remove the No-Spam to reply)


nsellers said "they have closed all ports". (S)he made no distinction
between inbound and outbound. To me, all means all. I agree the ISP could block most inbound unsolicited traffic. I also agree that many ISPs do exactly that. I don't agree with the rest.

Blocking port 25, or any other port for that matter, is not a "service to us all". It's a brain dead approach that ISPs choose - especially
the big sleazes (we all know who). The reasons are simple. First, just like all good 'Amerikan 'Korporations these 'daze, they've downsized, rightsized, off-shored, and otherwise dumbed-down their technical staff to a gaggle of minimum wage oompa loompas who have been programmed like automatons to believe ctrl-alt-del is the solution to every problem. Sensible computer scientists have put forward many well thought out approaches to effectively thwart spammers (DKIM, SPF, and TLS to name a few), but the upper echelon at most major ISPs won't spend the money to implement one or more of them because it's more profitable sit on their duffs and exploit customer ignorance. Second, it creates an opportunity to upcharge ("server class" as you call it) for nothing (which is what they do best, nothing that is). To call it pathetic would be an act of kindness, to call it an unfair and deceptive trade practice would be legally accurate, and to call it a string of four letter words would be a bullseye.

- N
- Why do I post anonymously? Because evidence and argument should stand on it's own merit and not be biased by who said it.

I have to agree with you in most respects (and I know I am in a minority here). Closing port 25 causes great difficulty for mobile users who use different ISP's and can't contact their mail server because of port 25 blocking. Forces continual reconfiguring of the mail client or usage of web mail (yuck).

Upgrading to a 'business account' doesn't solve the problem for mobile users -- you can't take your 'business account' with you.

I believe that when you purchase Internet access from an ISP, you really purchase Internet access -- not whatever access the ISP considers OK today.

If you spam from your account, it is a simple matter to pull the plug.
.

Relevant Pages

  • Re: My ISP closed some ports need help!
    ... >> then you need to get a different ISP. ... They enforce this by inhibiting specific ports to flow ... >eg mapping your server ports into other numbers, ... or to provide network or host services to others via ...
    (comp.security.ssh)
  • Re: My ISP closed some ports need help!
    ... then you need to get a different ISP. ... you will find you are *not allowed* to run server class software. ... They enforce this by inhibiting specific ports to flow ... To get access to server class ports, you need Server Class service agreement from the ISP. ...
    (comp.security.ssh)
  • Re: IIS 5.1 XP PRO HELP PLEASEEEEE
    ... ports 21 and 80, configured my Linksys router for port forwarding, also ... or TZO to keep your IP address in your router updated (I chose DynDNS ... for dyndns or tzo doesn't keep your ip address updated, your isp assigns you ... I thought having the server installed on my pc would allow someone to ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Port Scans and Prelude
    ... > logs is udp scan attacks from my own ISP. ... They stated it was thier dhcp server ... > trying to see if the server was still alive. ... I thought dhcp uses ports 67 and 68 (of course there's a ...
    (comp.os.linux.security)
  • Re: Whats a decent modem/router for tech savy user?
    ... It is not possible to route or deny traffic to specific ports based on the source IP address. ... But it wont route back inside the LAN - needs internal DNS server spoofing. ... Normally, this option should be Enabled, so that an Internet connection will be made automatically, whenever Internet-bound traffic is detected. ... Specifying a Default DMZ Server allows you to set up a computer or server that is available to anyone on the Internet for services that you haven't defined. ...
    (uk.telecom.broadband)