dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1576
share rss forum feed


gleno

@comcastbusiness.net

2 edits

[Rant] Comcast blocks port numbers 137,138,139, 445 netb

Comcast is such a low life company. they started blocking these and bunch others (»businesshelp.comcast.com/help-an···nternet/) without telling their customers.
I have series of servers in co-locations, I need to access them with samba over these ports.

They say that, it is government order to block those, IT IS A LIE there is no such order. Funny thing is the ports are blocked outbound, inbound traffic on these ports are open. So they are not protecting me, protecting the internet from me . and not doing the goverment order right!.

When I called the comcast sales guy asked about the blocked ports, he says there is not restriction on the ports. When I called the top tier support manager, Levis employee, he was a total jerk, who does not mind about loosing their 10+ year customer.

They have been pushing to use their new modems, apparently allow them to monitor, spy on your communications. not to speed up your service as they lie to you. please do not.

STAY AWAY FROM COMCAST !

plat2on1

join:2002-08-21
Hopewell Junction, NY

2 edits

2 recommendations

who in their right mind would run samba over the internet? are you insane? setup a vpn


Napsterbater
Meh
Premium,MVM
join:2002-12-28
Milledgeville, GA
Reviews:
·Windstream

1 edit

1 recommendation

reply to gleno
Alot of providers block these ports by default, and for good reason.

But if you want to have them exposed, you should be able to.

The proper way to access these services over the internet would be a VPN not have them exposed on a WAN IP.
--
ASUS M4A79T Deluxe | AMD Phenom II x3 720 BE AM3 w/4 Cores @ 3.41Ghz(OC) | 4Gb DDR3 Memory @ 1600mhz | Sapphire ATI HD4870 1GB 800mhz/1000mhz(OC) | 2x500GB HDD's Raid 0 | Windows 7 Ultimate x64 Build 7600 (RTM) | Windstream DSL 12m (14.9m Sync)/766k
Expand your moderator at work


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Reviews:
·Comcast

1 recommendation

reply to gleno

Re: [Rant] Comcast blocks port numbers 137,138,139, 445 netb

said by gleno :

I have series of servers in co-locations, I need to access them with samba over these ports.

Your security posture is extremely lacking, as is that of your colo provider by even allowing you to run exposed smb.


dslcreature
Premium
join:2010-07-10
Seattle, WA
reply to plat2on1
I would if I could. Current version of SMB is plenty secure.

FirebirdTN

join:2012-12-13
Brighton, TN
kudos:1
Reviews:
·Comcast

1 recommendation

reply to gleno
I thought all providers block these ports?

I remember many many moons ago when I had a Win98 box with a public IP. I went to shut it down, and it old me I had one user connected to it and shutting down would disconnect them....So I canceled the shutdown, and did a netstat command (or whatever it was back in the day), and turned around and connected to the remote user who was connected to me!

Ah, those were the days....This was in the late 90s and is about the last time I have seen those ports NOT blocked by an ISP...

-Alan


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 recommendation

reply to gleno
said by gleno :

Comcast is such a low life company. they started blocking these and bunch others (»businesshelp.comcast.com/help-an···nternet/) without telling their customers.

I do not know of an ISP which doesn't block the NetBIOS ports; and port 25 is commonly blocked on dynamic accounts, as well.

I have series of servers in co-locations, I need to access them with samba over these ports.

There are much more secure methods for access than open NetBIOS shares over the Internet.

They have been pushing to use their new modems, apparently allow them to monitor, spy on your communications. not to speed up your service as they lie to you. please do not.

They have better things to do than spy on their customers; they leave the surveillance to the Godvernment (NSA, CIA, FBI, etc., etc.)
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

quesix

join:2005-12-19
Cary, IL

1 edit

2 recommendations

reply to gleno
There is still a ton of windows 98 PCs out there with no firewall and ton of bullets in form of malware scanning those ports and infecting anyone open.. takes something like 8 minutes for an unprotected machine to get infected via those ports. I do samba sharing all the time, using VPN. If you want to unblock ports you need to get expensive business fiber connections or point-2-point links and become your own ISP it's the only way its going to work (used to have T1 from office to home 2 miles away that worked with samba many years ago before my first firewall, which went in after first anonymous ftp abuse of one of my friend's servers sitting at my house). Home connections will always block, as home users commonly still will connect a PC straight up to modem and get direct public IP with no protection, that 1% over 500 billion internet users adds up to 5 billion hosts compromised, internet would be much less friendly place. Imagine an internet where you need 1gbps connection to load a simple webpage....

p.s. the new modems is to increase efficiency of there network with upgrade to DOCSIS3.. they don't need DOCSIS1/2 modems out there using 4x the resources due to lack of load balancing, dragging down available bandwidth for your favorite HD channels, and new higher speed packages like 105 and 305mbps ones. There will be another push for DOCSIS3.1 modems in 7-10 years time, technology moves on faster and faster everyday..if they let it drag them down it will be like Microsoft a giant piece piece of bloatware (if it wasn't for huge increases in RAM/CPU we'd all be surfing at dial up speeds on our high speed connections)
Expand your moderator at work

csnyder

join:2007-09-10
Grand Rapids, MI

1 edit

2 recommendations

reply to gleno

Re: [Rant] Comcast blocks port numbers 137,138,139, 445 netb

Why the hell would they need to change your modem to "monitor, spy on your communications"? Don't you realize that they already control the network?

As others have said, SMB was not designed for public networks. Blocking these ports is an easy way to protect customers unaware of the dangers. From this thread, it's obvious that their policy is working.