Re: Comcat Port Forward in Comcast HSI http://www.dslreports.com/forum/r20458948 en Mon, 01 Dec 2008 10:46:14 EDT Mon, 01 Dec 2008 10:46:14 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20479101 NormanS :
said by anon12231313 :

Again while I particularly don't like the fact that they block my ports, I think it's their right and honestly in the best interest of their customer base as a whole. Especially when talking about MTA's, if they didn't block port 25 they'd need to have teams of people devoted to strictly investigating all of the requests to deal with open relays. I could see them opening up 80, but I personally wouldn't want 25 opened on their network.
DSL Extreme, Sonic, Speakeasy, and the one of the ILECs whose DSL service they resell (at&t Yahoo! HSI) have no explicit prohibition against running MTAs on their dynamically hosted services; and the CLEC DSL services actually explicitly permit it. I have more dubious connections from Comcast subscriber 'bot infested computers on Comcast's unblocked port 25 than from open relays on all of those DSL providers combined. MTAs open to relay aren't even 1% of the problem of 'bots on the Comcast IP network.

And Comcast won't even take the same approach as at&t Yahoo! HSI WRT port 25; block it across the board, and unblock it on customer request.

I just use the at&t Yahoo! HSI message submission servers as my outbound relay on my server. It is not open to relay.

And, yes, it is their right to block ports, and prohibit certain activities; but the evidence is that MTAs run for personal purposes are nowhere near the problem that inadvertent SMTP mail hosts in the form of spam 'bots are.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum]]> http://www.dslreports.com/forum/remark,20479101 Wed, 14 May 2008 00:26:59 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20478285 anon :
said by NormanS See Profile :

Running an MTA is not, necessarily, a "business class service".
Again while I particularly don't like the fact that they block my ports, I think it's their right and honestly in the best interest of their customer base as a whole. Especially when talking about MTA's, if they didn't block port 25 they'd need to have teams of people devoted to strictly investigating all of the requests to deal with open relays. I could see them opening up 80, but I personally wouldn't want 25 opened on their network.

If people really want to do it, it's very easy to get around. If actually setting up a mail host, it would make more sense to use a relay based purely on the type and reliability of the service comcast provides (read no SLA's). ]]> http://www.dslreports.com/forum/remark,20478285 Tue, 13 May 2008 21:52:09 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20477995 NormanS :
said by anon12231313 :

So basically good luck arguing your way into getting a business class service...
Running an MTA is not, necessarily, a "business class service".
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum]]> http://www.dslreports.com/forum/remark,20477995 Tue, 13 May 2008 21:00:39 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20477258 anon : why argue the TOS, it's been common knowledge that comcast doesn't want you using port 80/25/etc. It's a residential service and they have every right to say you can't host smtp, web servers, etc. As mentioned you can do it on a business/static line. While I don't like it, I still could care less that they do it.

There is a 100 reasons why they don't want people doing it, which I won't get into. But there are also easy ways to get around it. Since your hosting it on a dynamic ip, I assume you're using a dynamic dns service right? Esp. since you're hosting a mail server. Well just use port redirection for the web services and a mail relay for smtp. Can't remember, but don't think mx records will allow for port redirection, so you'd have to relay it to the dynamic dns host and setup smtp over another port between you and them. That level probably isn't free, but still cheaper then purchasing a different service.

So basically good luck arguing your way into getting a business class service for the residential price. Or just suck it up and work around it, you mentioned it was temorary anyways.
]]> http://www.dslreports.com/forum/remark,20477258 Tue, 13 May 2008 18:42:38 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20468299 beavercable : You know this comes up alot on every other website someone posts about being suspended and everyone has a pretty good guess as to why. p2p sharing. And as for what they were downloading we can only guess (pirated movies, software or music). Yet these threads always turn away from that fact. Next thing you know we hear anti establishment rants and conspiracy theorist talking about how your rights are being taken away. And these people are crazy. If you are an american citizen youve never had rights. Youve only had illusions of what you can do and not be locked up for. I hope someone does sue comcast and wins . Cause then Comcast will have the last laugh. No more unlimited downloading period. You stop paying for their speed teirs but start paying per gigabyte. So everyone has really good speed and the first 2 gigs are free. Each additional gig is $20 bucks.]]> http://www.dslreports.com/forum/remark,20468299 Mon, 12 May 2008 03:27:32 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20465320 NormanS :
said by No_Servers :

I think that the first sentence in this thread pretty much sums up the situation.
Yes. However, even service providers whose business is selling connectivity to operators of email services have "no abuse" clauses. So the issue isn't whether the OP violated some conditional "no servers" clause, which includes specific language which suggests that a subscriber can run a server under certain conditions. Rather, the question is, what abuse did he allow that brought his connection to the attention of Comcast abuse?

So this isn't so much about "no servers" as it is about "no abuse".
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum]]> http://www.dslreports.com/forum/remark,20465320 Sun, 11 May 2008 12:49:47 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20465154 maverick215 :
said by No_Servers :

Since Comcast's interpretation of their own TOS is the only one that counts, no amount of nitpicking by any other party really makes any difference.
So do you have stock in comcast? since you don't appear to be a comcast user. I'm just curious why you are such a fanboy.
As for me not doing anyone any good... yea I suppose any sign of backbone would be lost on sheeple, such as yourself. Bow to your HSI overloards!
You are doing NOTHING for the users of Comcast service, the service nominated as having the most restrictive TOS.
oh and PS you're wrong about Comcast's interpretation being the only one that counts. Since you're such an expert on the TOS, I'm sure you already knew this though. ]]> http://www.dslreports.com/forum/remark,20465154 Sun, 11 May 2008 12:06:28 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20464269 anon : I think that the first sentence in this thread pretty much sums up the situation.

said by angryman :

Yesterday my service was suspended due to network abuse.
Since Comcast's interpretation of their own TOS is the only one that counts, no amount of nitpicking by any other party really makes any difference.]]> http://www.dslreports.com/forum/remark,20464269 Sun, 11 May 2008 04:08:53 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20464241 NormanS :
said by No_Servers :

said by NormanS See Profile :

Irrelevant. The question is, could they actually use the server? If not, then the service isn't available to outsiders.
See my reply above to maverick215 See Profile since it applies to your response as well.
It would not surprise me that there is more to the OP's story than he admitted. And, TTBOMK, all ISPs have escape clauses as you mentioned.

But all of that notwithstanding, the argument is about how absolute is the "no server" clause, not whether raising your butt into the sights of the enforcer's cannon will get you noticed by the enforcers.

Heck, even without an explicit "no servers" clause, my own ISP has language which allows them to act against abuse. The point is, running a server need not be abusive.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum]]> http://www.dslreports.com/forum/remark,20464241 Sun, 11 May 2008 03:46:40 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20464058 anon :
said by NormanS See Profile :

Irrelevant. The question is, could they actually use the server? If not, then the service isn't available to outsiders.
See my reply above to maverick215 See Profile since it applies to your response as well.]]> http://www.dslreports.com/forum/remark,20464058 Sun, 11 May 2008 01:55:21 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20464054 anon :
said by maverick215 See Profile :

You're obviously missing my point; let me spell it out for you....
And you are obviously ignoring the whole Comcast TOS by focusing on what you perceive to be a loophole.

Allow me to provide you with another Comcast TOS excerpt to digest.

said by Comcast TOS :

What happens if you violate this Policy?

Comcast reserves the right immediately to suspend or terminate your Service account and terminate the Subscriber Agreement if you violate the terms of this Policy or the Subscriber Agreement.

How does Comcast enforce this Policy?

Comcast does not routinely monitor the activity of individual Service accounts for violations of this Policy, except for determining aggregate bandwidth consumption in connection with the bandwidth consumption provisions of this Policy. However, in the company's efforts to promote good citizenship within the Internet community, it will respond appropriately if it becomes aware of inappropriate use of the Service.
In other words, the OP has likely not presented the entire story in this thread, and you are not doing him or anyone else a favor by your nitpicking. I think it is quite obvious to most that the Comcast Security Assurance team has better things to do than randomly scan for open ports on Comcast subscribers connections. They will only respond by terminating a subscriber's service if they detect a problem or receive a complaint.

Let us also not overlook this most important part of the Comcast TOS.

However, if the Service is used in a way that Comcast or its suppliers, in their sole discretion, believe violates this Policy, Comcast or its suppliers may take any responsive actions they deem appropriate under the circumstances with or without notice.
In other words, even if you (assuming that you are a Comcast HSI subscriber) may think you have found a TOS loophole, it is only Comcast's interpretation that really counts.]]> http://www.dslreports.com/forum/remark,20464054 Sun, 11 May 2008 01:52:26 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20464045 NormanS :
said by No_Servers :

Apparently the Comcast Security Assurance team was able to connect to the OP's server from the outside...
Irrelevant. The question is, could they actually use the server? If not, then the service isn't available to outsiders.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum]]> http://www.dslreports.com/forum/remark,20464045 Sun, 11 May 2008 01:47:19 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20463879 maverick215 :
said by No_Servers :

No, I don't need to say it, the quite clear language of the Comcast TOS speaks for itself.
Apparently the Comcast Security Assurance team was able to connect to the OP's server from the outside, otherwise this thread would not be here. :uhh:

But clearly that is something that you did not consider...
You're obviously missing my point; let me spell it out for you.
I can set up my machine to show (virtually) all ports as being "open"
by your rationale this would be a violation of TOS even if these open ports would not have to allow access to any usable service.
regardless the clause you quoted would seem to allow precisely what he is doing in the first place:
use or run programs from the Premises that provide network content or any other services to anyone outside of your Premises LAN, except for personal and non-commercial residential use;
ie you can provide services for personal use... exactly what the op says he is doing. But since you quoted it, I'm sure you already knew that.]]> http://www.dslreports.com/forum/remark,20463879 Sun, 11 May 2008 00:35:00 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20463572 anon : I chose to run it on 80 instead of 443 I am not sure why though.]]> http://www.dslreports.com/forum/remark,20463572 Sat, 10 May 2008 23:17:00 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20462869 drmorley : Exchange 2007 OWA only works with SSL so it would've been port 443.]]> http://www.dslreports.com/forum/remark,20462869 Sat, 10 May 2008 20:02:45 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20462811 anon :
said by maverick215 See Profile :

so you're saying that just having a service running is the same as a server.... While I suppose the TOS might include such a loose definition, having such a service active does fit the criteria of a server that most would use.
No, I don't need to say it, the quite clear language of the Comcast TOS speaks for itself.

said by maverick215 See Profile :

Also, running his own mail server doesn't necessarily mean he is accepting connections from the outside. But, clearly, this isn't something someone with such extensive knowledge would consider....
Apparently the Comcast Security Assurance team was able to connect to the OP's server from the outside, otherwise this thread would not be here. :uhh:

But clearly that is something that you did not consider...]]> http://www.dslreports.com/forum/remark,20462811 Sat, 10 May 2008 19:44:52 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20462753 maverick215 :
said by No_Servers :

said by Cabal See Profile :

said by maverick215 See Profile :

having open ports and running a server are two different things...
*yawn*
No they aren't. If the port did not have a service running and accepting connections, it would be in a closed (or filtered) state. *yawn*
I thought about a similar reply, but I assumed that the poster would not understand such difficult technical details. ;)
so you're saying that just having a service running is the same as a server.... While I suppose the TOS might include such a loose definition, having such a service active does fit the criteria of a server that most would use.
Also, running his own mail server doesn't necessarily mean he is accepting connections from the outside. But, clearly, this isn't something someone with such extensive knowledge would consider....]]> http://www.dslreports.com/forum/remark,20462753 Sat, 10 May 2008 19:26:46 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20462120 NormanS :
said by banditws6 See Profile :

Running a mail server on a residential connection is a big risk. If hacked, it could pose a significant spam threat. I realize you are the sole authorized user of the server and you're not offering it to others, but it's still not something I would do.
Just having a high speed Internet connection is a big risk. Far more Comcast subscribers are infected with spamming 'bots than running compromised servers.

I am running an MTA on my DSL connection. Fortunately, the at&t Yahoo! HSI (ATTIS, not ATTW, or FastAccess) TOS is more liberal. I'd jump over to DSL Extreme, or Sonic, or Speakasy if I had to.
Other than mail and web servers, if you had been doing anything else with open ports, Comcast probably would look the other way. If you have to forward a port for some online game or voice chat app, for example, I doubt they're going to make a stink unless they really, really want to lose a customer for no practical reason.
Or BitTorrrent...Comcast is fussy about that.
If you need to host your own mail server for some business-critical reason, perhaps you could rent a server at a datacenter. Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not.
If I was dependent on running a mail server for business, I'd do it from a business class AT&T account. I could get a /29 of IP addresses, and delegation of DNS for the block.

Securing a mail server against abuse is no more difficult than securing a W-LAN against abuse.

P.S. Given the price on an AT&T 5-IP addess plan, and the price on a Comcast Internet account, if I could justify spending that amount of money on the Internet, I'd pick the multiple static IP addresses at 3Mb over the single dynamic IP address at 8Mb (soon to be 16Mb?), given how restrictive the Comcast "Terms of Use" are, as compared with the at&t Yahoo! HSI TOS/AUP.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum]]> http://www.dslreports.com/forum/remark,20462120 Sat, 10 May 2008 16:14:59 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20461160 beerbum :
said by banditws6 See Profile :

Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not.
yes.. you may run servers with the workplace standard/enhanced.. so long as you also get a static IP which is $4.95 a month..

from: »www.comcast.com/corporate/busine···ms1.html

# The Service cannot be used to run servers unless you have selected a Service plan which includes a static or statically assigned IP address.

# If you have selected a Service plan with a static or statically assigned IP address, the Service can be used to host a public website. ]]> http://www.dslreports.com/forum/remark,20461160 Sat, 10 May 2008 11:40:16 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20461077 anon :
said by banditws6 See Profile :

Running a mail server on a residential connection is a big risk. If hacked, it could pose a significant spam threat. I realize you are the sole authorized user of the server and you're not offering it to others, but it's still not something I would do.

Other than mail and web servers, if you had been doing anything else with open ports, Comcast probably would look the other way. If you have to forward a port for some online game or voice chat app, for example, I doubt they're going to make a stink unless they really, really want to lose a customer for no practical reason.

If you need to host your own mail server for some business-critical reason, perhaps you could rent a server at a datacenter. Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not.
I was running Microsoft Exchange 2007 to learn how it works so that when I go back to work in June I have a better understanding of the products that we use and sell to our customers. The OWA site was running on port 80. I was the only person using the mail server.

If I run a mail server on a residential connection it is a big risk but if I run it on a business class connection it is automatically safe. I don't understand how that is possible. That is exactly what Comcast told me when I called them again.

They do allow you to run your own services if you purchase a static IP which is acceptable to me. I could run my mail and web server on a rented server but that would cost me tons of money because I would have to get a dedicated server plan. I am either going to have to upgrade to the business plan or switch providers because I had a few site 2 site vpn tunnels that went from my house to my relatives houses so I could maintain their computers and backup data. I wish FIOS was in Michigan.

Thanks for all of the advice.]]> http://www.dslreports.com/forum/remark,20461077 Sat, 10 May 2008 11:17:21 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20460542 Rob : So all of us who have remote desktop port opened are also in violation of AUP?

I can understand hosting our own mail server, but if they are scanning for every open port, then their going to be having a huge % of customers being suspended then.
--
www.rr.cx | YourIP.US | MySite.cx ]]> http://www.dslreports.com/forum/remark,20460542 Sat, 10 May 2008 07:39:29 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20460428 banditws6 : Running a mail server on a residential connection is a big risk. If hacked, it could pose a significant spam threat. I realize you are the sole authorized user of the server and you're not offering it to others, but it's still not something I would do.

Other than mail and web servers, if you had been doing anything else with open ports, Comcast probably would look the other way. If you have to forward a port for some online game or voice chat app, for example, I doubt they're going to make a stink unless they really, really want to lose a customer for no practical reason.

If you need to host your own mail server for some business-critical reason, perhaps you could rent a server at a datacenter. Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not.]]> http://www.dslreports.com/forum/remark,20460428 Sat, 10 May 2008 05:33:49 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20460296 NormanS :
said by No_Servers :

...exactly what part of "I run my own mail server" did you fail to comprehend?
Exactly what part of running a mail server is "providing a service" off premises? Assuming the subscriber is doing for his own use, I fail to see how it trips over the prohibition of providing a service off premises.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum]]> http://www.dslreports.com/forum/remark,20460296 Sat, 10 May 2008 03:02:44 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20460050 anon :
said by Cabal See Profile :

said by maverick215 See Profile :

having open ports and running a server are two different things...
*yawn*
No they aren't. If the port did not have a service running and accepting connections, it would be in a closed (or filtered) state. *yawn*
I thought about a similar reply, but I assumed that the poster would not understand such difficult technical details. ;)]]> http://www.dslreports.com/forum/remark,20460050 Sat, 10 May 2008 00:52:43 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20460036 anon :
said by maverick215 See Profile :

having open ports and running a server are two different things...
*yawn*
Yes, I can tell that you are sleepy, but exactly what part of "I run my own mail server" did you fail to comprehend?]]> http://www.dslreports.com/forum/remark,20460036 Sat, 10 May 2008 00:47:55 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20460032 Cabal :
said by maverick215 See Profile :

having open ports and running a server are two different things...
*yawn*
No they aren't. If the port did not have a service running and accepting connections, it would be in a closed (or filtered) state. *yawn*
said by angryman :

The person he talked to said that you can do whatever you want with your connection as long as you are not downloading and uploading massive amounts of information and specifically stated that open ports were not against their AUP.
I imagine that is far more likely the case.
--
Interested in open source engine management for your Subaru?]]> http://www.dslreports.com/forum/remark,20460032 Sat, 10 May 2008 00:46:47 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20459980 maverick215 : having open ports and running a server are two different things...
*yawn*]]> http://www.dslreports.com/forum/remark,20459980 Sat, 10 May 2008 00:24:38 EDT Re: Comcat Port Forward http://www.dslreports.com/forum/remark,20458948 anon : ****** Yawn, Not another one ******

»www.comcast.net/terms/use/#prohibited

said by Comcast TOS :

# use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network ("Premises LAN"), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;

# use or run programs from the Premises that provide network content or any other services to anyone outside of your Premises LAN, except for personal and non-commercial residential use;
]]> http://www.dslreports.com/forum/remark,20458948 Fri, 09 May 2008 20:13:23 EDT Comcat Port Forward http://www.dslreports.com/forum/remark,20458870 anon : Yesterday my service was suspended due to network abuse. I had called Comcast Security Assurance department and they said that my service was cut do to open ports in my firewall. He said that any open ports are against the Comcast AUP. So now I cant have any open ports because they are doing periodic port scans on my ip and if they find an open port my service will be suspended. I told my father about this who is the one who pays for the service and he called tech support about the issue. The person he talked to said that you can do whatever you want with your connection as long as you are not downloading and uploading massive amounts of information and specifically stated that open ports were not against their AUP. He also said there was no record that the service was suspended.

Has anyone else heard of open ports being banned by the AUP?
Why does one rep tell me something and then another tell me the exact opposite?

I am going to have to switch providers if open ports are blocked because I run my own mail server and have to have remote access to my server.]]> http://www.dslreports.com/forum/remark,20458870 Fri, 09 May 2008 19:55:01 EDT