angryman
@wideopenwest.com
|  Comcat Port Forward
Yesterday my service was suspended due to network abuse. I had called Comcast Security Assurance department and they said that my service was cut do to open ports in my firewall. He said that any open ports are against the Comcast AUP. So now I cant have any open ports because they are doing periodic port scans on my ip and if they find an open port my service will be suspended. I told my father about this who is the one who pays for the service and he called tech support about the issue. The person he talked to said that you can do whatever you want with your connection as long as you are not downloading and uploading massive amounts of information and specifically stated that open ports were not against their AUP. He also said there was no record that the service was suspended.
Has anyone else heard of open ports being banned by the AUP?
Why does one rep tell me something and then another tell me the exact opposite?
I am going to have to switch providers if open ports are blocked because I run my own mail server and have to have remote access to my server. |
|
No_Servers
@aol.com
| ****** Yawn, Not another one ******
»www.comcast.net/terms/use/#prohibited
said by Comcast TOS :
# use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network ("Premises LAN"), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;
# use or run programs from the Premises that provide network content or any other services to anyone outside of your Premises LAN, except for personal and non-commercial residential use;
|
|
maverick215
join:2002-10-03 | having open ports and running a server are two different things...
*yawn* |
|
Cabal
Premium
join:2007-01-21
Boston, MA
| said by maverick215  :having open ports and running a server are two different things... *yawn* No they aren't. If the port did not have a service running and accepting connections, it would be in a closed (or filtered) state. *yawn*
said by angryman :
The person he talked to said that you can do whatever you want with your connection as long as you are not downloading and uploading massive amounts of information and specifically stated that open ports were not against their AUP. I imagine that is far more likely the case.
--
Interested in open source engine management for your Subaru? |
|
No_Servers
@aol.com
| reply to maverick215
said by maverick215 :having open ports and running a server are two different things... *yawn* Yes, I can tell that you are sleepy, but exactly what part of "I run my own mail server" did you fail to comprehend? |
|
No_Servers
@aol.com
| reply to Cabal
said by Cabal :said by maverick215 :having open ports and running a server are two different things... *yawn* No they aren't. If the port did not have a service running and accepting connections, it would be in a closed (or filtered) state. *yawn* I thought about a similar reply, but I assumed that the poster would not understand such difficult technical details.  |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to No_Servers
said by No_Servers :
...exactly what part of "I run my own mail server" did you fail to comprehend?
Exactly what part of running a mail server is "providing a service" off premises? Assuming the subscriber is doing for his own use, I fail to see how it trips over the prohibition of providing a service off premises.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
banditws6
Shrinking Time and Distance
join:2001-08-18
Naples, FL
 ·Comcast
edit:
May 10th, @05:35AM
| reply to angryman
Running a mail server on a residential connection is a big risk. If hacked, it could pose a significant spam threat. I realize you are the sole authorized user of the server and you're not offering it to others, but it's still not something I would do.
Other than mail and web servers, if you had been doing anything else with open ports, Comcast probably would look the other way. If you have to forward a port for some online game or voice chat app, for example, I doubt they're going to make a stink unless they really, really want to lose a customer for no practical reason.
If you need to host your own mail server for some business-critical reason, perhaps you could rent a server at a datacenter. Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not. |
|
Rob
In Deo speramus
Premium
join:2001-08-25
Kendall, FL
·Comcast
·AT&T Southeast
| reply to angryman
So all of us who have remote desktop port opened are also in violation of AUP?
I can understand hosting our own mail server, but if they are scanning for every open port, then their going to be having a huge % of customers being suspended then.
--
www.rr.cx | YourIP.US | MySite.cx |
|
angryman
@wideopenwest.com
| reply to angryman
said by banditws6 :Running a mail server on a residential connection is a big risk. If hacked, it could pose a significant spam threat. I realize you are the sole authorized user of the server and you're not offering it to others, but it's still not something I would do. Other than mail and web servers, if you had been doing anything else with open ports, Comcast probably would look the other way. If you have to forward a port for some online game or voice chat app, for example, I doubt they're going to make a stink unless they really, really want to lose a customer for no practical reason. If you need to host your own mail server for some business-critical reason, perhaps you could rent a server at a datacenter. Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not. I was running Microsoft Exchange 2007 to learn how it works so that when I go back to work in June I have a better understanding of the products that we use and sell to our customers. The OWA site was running on port 80. I was the only person using the mail server.
If I run a mail server on a residential connection it is a big risk but if I run it on a business class connection it is automatically safe. I don't understand how that is possible. That is exactly what Comcast told me when I called them again.
They do allow you to run your own services if you purchase a static IP which is acceptable to me. I could run my mail and web server on a rented server but that would cost me tons of money because I would have to get a dedicated server plan. I am either going to have to upgrade to the business plan or switch providers because I had a few site 2 site vpn tunnels that went from my house to my relatives houses so I could maintain their computers and backup data. I wish FIOS was in Michigan.
Thanks for all of the advice. |
|
beerbum
Premium
join:2000-05-06
Here!
·Comcast
| reply to banditws6
said by banditws6 :Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not. yes.. you may run servers with the workplace standard/enhanced.. so long as you also get a static IP which is $4.95 a month..
from: »www.comcast.com/corporate/busine···ms1.html
# The Service cannot be used to run servers unless you have selected a Service plan which includes a static or statically assigned IP address.
# If you have selected a Service plan with a static or statically assigned IP address, the Service can be used to host a public website. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
edit:
May 10th, @04:19PM
| reply to banditws6
said by banditws6 :Running a mail server on a residential connection is a big risk. If hacked, it could pose a significant spam threat. I realize you are the sole authorized user of the server and you're not offering it to others, but it's still not something I would do. Just having a high speed Internet connection is a big risk. Far more Comcast subscribers are infected with spamming 'bots than running compromised servers.
I am running an MTA on my DSL connection. Fortunately, the at&t Yahoo! HSI (ATTIS, not ATTW, or FastAccess) TOS is more liberal. I'd jump over to DSL Extreme, or Sonic, or Speakasy if I had to.
Other than mail and web servers, if you had been doing anything else with open ports, Comcast probably would look the other way. If you have to forward a port for some online game or voice chat app, for example, I doubt they're going to make a stink unless they really, really want to lose a customer for no practical reason.
Or BitTorrrent...Comcast is fussy about that.
If you need to host your own mail server for some business-critical reason, perhaps you could rent a server at a datacenter. Does Comcast Business Class allow you to run a mail server or some such thing? Knowing them, probably not.
If I was dependent on running a mail server for business, I'd do it from a business class AT&T account. I could get a /29 of IP addresses, and delegation of DNS for the block.
Securing a mail server against abuse is no more difficult than securing a W-LAN against abuse.
P.S. Given the price on an AT&T 5-IP addess plan, and the price on a Comcast Internet account, if I could justify spending that amount of money on the Internet, I'd pick the multiple static IP addresses at 3Mb over the single dynamic IP address at 8Mb (soon to be 16Mb?), given how restrictive the Comcast "Terms of Use" are, as compared with the at&t Yahoo! HSI TOS/AUP.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
maverick215
join:2002-10-03
| reply to No_Servers
said by No_Servers :said by Cabal :said by maverick215 :having open ports and running a server are two different things... *yawn* No they aren't. If the port did not have a service running and accepting connections, it would be in a closed (or filtered) state. *yawn* I thought about a similar reply, but I assumed that the poster would not understand such difficult technical details. so you're saying that just having a service running is the same as a server.... While I suppose the TOS might include such a loose definition, having such a service active does fit the criteria of a server that most would use.
Also, running his own mail server doesn't necessarily mean he is accepting connections from the outside. But, clearly, this isn't something someone with such extensive knowledge would consider.... |
|
No_Servers
@aol.com
| said by maverick215 :so you're saying that just having a service running is the same as a server.... While I suppose the TOS might include such a loose definition, having such a service active does fit the criteria of a server that most would use. No, I don't need to say it, the quite clear language of the Comcast TOS speaks for itself.
said by maverick215 :Also, running his own mail server doesn't necessarily mean he is accepting connections from the outside. But, clearly, this isn't something someone with such extensive knowledge would consider.... Apparently the Comcast Security Assurance team was able to connect to the OP's server from the outside, otherwise this thread would not be here. 
But clearly that is something that you did not consider... |
|
drmorley
Premium,MVM
join:2000-12-20
Park Ridge, IL
clubs: | reply to angryman
Exchange 2007 OWA only works with SSL so it would've been port 443. |
|
angryman
@wideopenwest.com | reply to angryman
I chose to run it on 80 instead of 443 I am not sure why though. |
|
maverick215
join:2002-10-03
| reply to No_Servers
said by No_Servers : No, I don't need to say it, the quite clear language of the Comcast TOS speaks for itself. Apparently the Comcast Security Assurance team was able to connect to the OP's server from the outside, otherwise this thread would not be here. But clearly that is something that you did not consider... You're obviously missing my point; let me spell it out for you.
I can set up my machine to show (virtually) all ports as being "open"
by your rationale this would be a violation of TOS even if these open ports would not have to allow access to any usable service.
regardless the clause you quoted would seem to allow precisely what he is doing in the first place:
use or run programs from the Premises that provide network content or any other services to anyone outside of your Premises LAN, except for personal and non-commercial residential use;
ie you can provide services for personal use... exactly what the op says he is doing. But since you quoted it, I'm sure you already knew that. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to No_Servers
said by No_Servers :
Apparently the Comcast Security Assurance team was able to connect to the OP's server from the outside...
Irrelevant. The question is, could they actually use the server? If not, then the service isn't available to outsiders.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
No_Servers
@aol.com
| reply to maverick215
said by maverick215 :You're obviously missing my point; let me spell it out for you.... And you are obviously ignoring the whole Comcast TOS by focusing on what you perceive to be a loophole.
Allow me to provide you with another Comcast TOS excerpt to digest.
said by Comcast TOS :
What happens if you violate this Policy?
Comcast reserves the right immediately to suspend or terminate your Service account and terminate the Subscriber Agreement if you violate the terms of this Policy or the Subscriber Agreement.
How does Comcast enforce this Policy?
Comcast does not routinely monitor the activity of individual Service accounts for violations of this Policy, except for determining aggregate bandwidth consumption in connection with the bandwidth consumption provisions of this Policy. However, in the company's efforts to promote good citizenship within the Internet community, it will respond appropriately if it becomes aware of inappropriate use of the Service.
In other words, the OP has likely not presented the entire story in this thread, and you are not doing him or anyone else a favor by your nitpicking. I think it is quite obvious to most that the Comcast Security Assurance team has better things to do than randomly scan for open ports on Comcast subscribers connections. They will only respond by terminating a subscriber's service if they detect a problem or receive a complaint.
Let us also not overlook this most important part of the Comcast TOS.
However, if the Service is used in a way that Comcast or its suppliers, in their sole discretion, believe violates this Policy, Comcast or its suppliers may take any responsive actions they deem appropriate under the circumstances with or without notice.
In other words, even if you (assuming that you are a Comcast HSI subscriber) may think you have found a TOS loophole, it is only Comcast's interpretation that really counts. |
|
No_Servers
@aol.com
| reply to NormanS
said by NormanS :Irrelevant. The question is, could they actually use the server? If not, then the service isn't available to outsiders. See my reply above to maverick215 since it applies to your response as well. |
|
