Optimum Port Blocking > Restrictions are the norm today

Restrictions are the norm today

This is PRECISELY why I am against blanket port blocks in general. They start with 25 outbound, then someone gets the bright idea that 25 inbound should be blocked (well hey, no one should be running servers anyway, right? No harm in blocking both ways! ha ha yeah right). Next, some ISP will get tired of fielding DMCA subpoena requests and block the ports used by popular P2P apps. Then someone will be caught hosting kiddie pr0n on a webserver run on a residential connection, next thing you know, port 80 inbound ends up blocked. Eventually, what you wind up with is a high-speed AOL that only allows access to the ISP's servers, and select websites on ports 80 and 443. Not what an "Internet connection" is supposed to be!

If I were on OOL, I'd be cancelling. Always-on broadband connections should have fewer restrictions than AOL type accounts. If restricted by default, at least provide the option to turn off blocks by request for subscribers who need the ports open (and subscribing to a more expensive business tier should not be the only way to achieve this).

For 50 bucks a month, I expect to be able to send and receive email over the Internet, using servers other than ISP-provided ones. That's what the Internet is all about. If I want a dumbed down connection with all kinds of blocks and restrictions, it should be maybe 20 bucks a month.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend.

I agree 100 percent with what you said. why even have an internet if it's going to be so restrictive you can't even think of running any kind of server without it being against the terms of service or some crap like that! If users are causing problems, go after them not every single subscriber! This is one of the reasons I enjoy my DSL through a local provider that encourages running servers! As I've said before it's the same internet regardless of whether you're connected via a 56K modem or a DS3!

reply to kpatz
Inbound port 80 already is blocked!
As I said on another thread, I'd sooner use a dial-up ISP that gave me full access to every protocol and port than a broadband ISP that degraded my service like that. I'm fine right now since I can still use IRC, FTP, and SSH. But if the broadband ISPs get it into their heads to start blocking IRC because of the worms that propagate across it, I'd take my money away from them.

reply to kpatz
If you want to run a server GET A BUSINESS PACKAGE. It's that simple. I am all for port blocking of the ports that are commonly used for ftp http and email as well as others. These are security risks to the network.

You should not be able to run a full blown open server from a residential connection. You mess up the network for the rest of us. Get over it take your money elsewhere if you don't like the rules. Welcome to the real world. This is how it's down to preserve and secure a network.

You people would bitch if the speeds dropped to 15 K sec wouldn't ya. Blahh blahh blahh this isn't broadband. Yeah well how bout if its your neighbor running a full bore ftp server serving out mp3's 24/7 at almost full speed. And his buddies on the same node doing the same. You would grab your pitch forks and torches and run for the cable co's head end in minutes, claiming you want the node split or something along those lines. Get real. You blanket the area and the problem goes away then your customers who don't care about that useless area to them are happy. But ya pissed off 2 people. Guess what welcome to business take your money elsewhere. Don't degrade the whole network for everyone then complain.

What about when the node is saturated and they have to deal with the "gamer" group crying my pings are 125 instead of 12 then you get those people in the same frenzy as mentioned above getting ready to burn down the cable company.

This is how absolutely hypocritical most of the people who bitch about this are. Your email server gets used for spamming then you cry that your connection sucks. Hey welcome toe reason it's bad buddy. You super "admins" and I use the term loosely at best, then bitch to the cable co. Ohh It's not my problem it's on your end. As your machine sends out 400 emails a minute on low loads.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"

I don't run any servers. I just don't like the blocking of outbound since it reduces the amount of services I am allowed to CONNECT to with my CLIENTS. Blocking outbound SMTP forces me to switch to an alternate port that I am LUCKY to be able to use since my 3rd-party mail provider has it open.

reply to BosstonesOwn
But.

Had the vendor of your software used the correct port to begin with that problem wouldn't have phased you. So them not allowing you to connect to it is nothing more then the same thing the do to prevent netbios look ups and exploits.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"

NetBIOS was never intended to be used beyond local area networks and it's completely correct of ISPs to filter it from passing to the WAN.
587 is not the official "correct" port. RFC 2476 states that a provider MAY use 25 for submissions in addition to 587.
And, uh, when you said "phased" I'm guessing you meant "fazed."

reply to BosstonesOwn
yeah typo.

either which way only servers should be using those ports. So that still eliminates the home user from the loop. It is against TOS to run a server period.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"

Uhhh. I think you're confusing the issue. Blocking outbound port 25 makes it impossible for a lot of people to submit outbound mail from their clients, which is not against any TOS I've ever seen.

said by SpitefulCrow:

---

Uhhh. I think you're confusing the issue. Blocking outbound port 25 makes it impossible for a lot of people to submit outbound mail from their clients, which is not against any TOS I've ever seen.

---

reply to hedyd4u
To be honest, I don't quite understand why this is such a big deal.

Folks - do a little research. There are far too many self-proclaimed "experts" whining far too much. A true expert wouldn't find this limiting at all, and in fact probably wouldn't be affected by it in the first place.

For those running their own SMTP servers for inbound email I'd expect a dynamic dns service to be used. Many of these provide MX service (done the right way) as well as alternate SMTP port connectivity and TRN/ETRN capabilities. That's just one way to do it right without having to worry about OOL's blocking.

reply to Shady Bimmer

said by Shady Bimmer:

---

said by SpitefulCrow:

---

Uhhh. I think you're confusing the issue. Blocking outbound port 25 makes it impossible for a lot of people to submit outbound mail from their clients, which is not against any TOS I've ever seen.

---

Huh?

Let's all say this together folks. . .OOL is not preventing users from sending outbound mail. OOL is simply requiring users to use OOL mail relays for outbound mail instead of another provider's relay.

There is a big difference.

---

said by SpitefulCrow:

---

I kind of prefer the ability to have my mail come from the server in the MX record for the domain and use authenticated TLS for SMTP submissions.

---

quote:

---

If I didn't have the option of an alternate port that the server listens on, I'd be stuck using the OOL MXs,

---

quote:

---

which are not that reliable, and are also in the blacklists of a few ISPs, meaning that mail from them gets bounced.

---

Next time I am in New York I am buying you a beer or six. I swear man you saved me a crap load of typing.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"