ISP's Protecting you From YourselfAt the cost of basic functionality? ( old news - 04:36PM Tuesday Feb 10 2004) tags: business · security With the volume of troublesome traffic bouncing around the web, many ISP's have taken the steel barrier approach to securing their networks and those of their customers. Some argue that measures such as blocking ICMP or in/outbound port 25 TCP traffic eliminates much needed functionality. - In the hopes of blocking spam, more and more ISP's are turning toward blocking either inbound or outbound port 25/tcp traffic, which is utilized by the SMTP protocol for sending mail. Comcast, Cox, Earthlink and many other major providers now block outgoing port 25 traffic (though sometimes on a region by region basis). By forcing residential customers to only send mail via ISP mail-servers, companies can keep a lid on the volume of mass-mailing originating from their residential customers (either intentionally or due to infection). Other ISP's take that tactic a bit further, blocking inbound port 25 traffic. Some claim this less common tactic is usually done to prevent users from running a mail server; forcing them to upgrade to a more substantive business account for the privilege. The ISP's themselves suggest that's often the general consensus, but blocking inbound port 25 traffic really helps them keep inadvertent open relays to a minimum, and therefore off of blacklists. Aside from the port 25 debate, some ISP's have turned to blocking various flavors of ICMP (Internet Control Message Protocol) traffic - another ongoing debate that has been reheated thanks to recent activity by MyDoom and its variants. The practice became particularly more common after the Nachia/Welchia outbreak. ICMP, a sister of the UDP and TCP protocols, is an error reporting and management protocol. As an integral part of IP and the internet itself, the protocol is utilized to exchange error, diagnostic, and control information among cooperating networked systems. Each ICMP message has a "type" which indicates its purpose, and - for instance - the familiar "ping" utility sends an ECHO_REQUEST packet and looks for the ECHO_REPLY response from the other end. By measuring the time difference between the two, it knows your round-trip time. Depending on which ICMP message types an ISP blocks, users can find various basic monitoring functionality impaired. The tactic is often employed by ISP's to reduce the bandwidth impact of worms or hackers utilizing ICMP "Smurfs", pings of death, ICMP flood or Nuke attacks. Cable and shared networks are particularly susceptible, since such messages are transferred to every member of the network. By blocking ICMP echo request/reply traffic, the bandwidth load and impact of so-called "ARP storms" are minimized. The decision to block ICMP traffic is often un-noticed by less experienced users, but is a growing topic of debate among those who utilize the protocol for various reasons. RCN users discovered their provider was doing it last month, with technicians not exactly quick to admit it. It was likewise a hot topic of debate among Optimum On-line users last fall. Another round of debate over the practice has broken out among Adelphia users, who've been waiting for ICMP functionality to be restored for quite some time. Users have found alternatives to direct pings, but there are ongoing complaints that the filtering of such traffic eliminates basic internet functionality. One user gripes "After 4+ years I'm tired of the endless struggle and being told everything I want to do is unreasonable for one reason or another."
Related:- PA Man Charged With Selling Hacked Cable Modems
- Wednesday Evening Links
- Uh, Mom? The Air Force Just Attacked Our PC
- T-Mobile Systems Hacked?
- No, Obama Isn't Taking Over The Internets
- Comcast Employs New Botnet Alert System
- Time Warner Cable Security Flaw Exposes 65,000
- Hackable Time Warner Cable Modems Still Hackable?
|
 
pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs: | hello again verisign! it's like paying for a red book CD and having to use a plug-in
Verisign likes to screw things up too | |
|  | 
furlonium
Computer Over? Virus equals Very Yes?
join:2002-05-08
Bethlehem, PA | Re: hello again verisign! I think you posted in the wrong area, buddy. | |
| | | | spartus
join:2003-03-09
Kalamazoo, MI
| It looks like CHARTER in Michigan is starting to block ICMP also... I can ping some of the internet, but not other parts of it. They are also blocking the TraceRT command... Also, they won't allow me to forward email from my other Email accounts(3) to my Charter account. They get flagged as SPAM and bounced back as undeliverable. | |
| wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Deal with it..... I totally agree on blocking port 25 for basic user accounts. If you want to run a mail server, you should have to have a different account type. It is called accountability. This lets the ISP be more wary of who is running these types of servers without having to constantly scan their networks. for them.
Same goes for ICMP to some extent. Most basic users do not use it. So why not have an advanced tier for users who want the functionality. Just shut it down and only open it for users who want it, like they used to do with shell accounts.
Just deal with it. It will more than likely make life easier if it becomes adopted throughout the internet.
puritan | |
| | 
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA
| Re: Deal with it..... I have to agree with this post. It's difficult to argue interruption in certain types of uses when those uses are a violation of the TOS/AUP of the provider. Most of the mainstream providers prohibit serving, even mail servers and while inconvenient for those violating the TOS/AUP...they're still violating the TOS/AUP.
Providers that do permit serving like I think Speakeasy and Cyberonic do, if they started blocking those services I could agree with complaints.
--
Don't have it?!? Demand it!!! The Anime Network »www.theanimenetwork.com | |
| | plat2on1
join:2002-08-21
Hopewell Junction, NY
clubs:
| said by wentlanc  :
I totally agree on blocking port 25 for basic user accounts. If you want to run a mail server, you should have to have a different account type. It is called accountability. This lets the ISP be more wary of who is running these types of servers without having to constantly scan their networks. for them.
Same goes for ICMP to some extent. Most basic users do not use it. So why not have an advanced tier for users who want the functionality. Just shut it down and only open it for users who want it, like they used to do with shell accounts.
Just deal with it. It will more than likely make life easier if it becomes adopted throughout the internet.
puritan
uhm, by blocking port 25 they are telling users they cannot use external PAY email services and they MUST use ISP provided account. thats absolutely ridiculous. | |
| | |
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA
| Re: Deal with it..... Not necessarily, you just have to use your provider's SMTP server and you can have 3rd party email addy as the return addy, but you can still retreive incoming directly from the 3rd party news server.
--
Don't have it?!? Demand it!!! The Anime Network »www.theanimenetwork.com | |
| | | | | | | | | | | | | yabos
join:2003-02-16
Ingersoll, ON | What if your provider's SMTP server(s) is/are overloaded by the weekly Windoze worm? Then you are forced to wait for their overloaded server to deliver your email. | |
| | | | |
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA
| Re: Deal with it..... said by yabos :
What if your provider's SMTP server(s) is/are overloaded by the weekly Windoze worm? Then you are forced to wait for their overloaded server to deliver your email.
The whole point of widespread port 25 blocking is so that there isn't excess traffic created by worms.
--
Don't have it?!? Demand it!!! The Anime Network »www.theanimenetwork.com | |
| | | | | | yabos
join:2003-02-16
Ingersoll, ON | Re: Deal with it..... That only works when the worm has it's own SMTP server. Most only use Outlook to send via the SMTP server set up in that program, which is almost always the ISP's server. Thus, it becomes overloaded. | |
| | | | Brucefire
join:2000-08-30
Reynoldsburg, OH | Unfortunately most ISP's usually limits the size of the e-mail that can be sent. My ISP limits me to 10Mb per e-mail. I connect to my works SMTP server so I can send larger e-mails. | |
| | | 
Hall
Premium,MVM
join:2000-04-28
Dayton, OH
 ·EarthLink
·AT&T Midwest
 ·Earthlink Cable Mo..
| said by plat2on1 :
uhm, by blocking port 25 they are telling users they cannot use external PAY email services and they MUST use ISP provided account. thats absolutely ridiculous.
Bullsh*t... With Earthlink/Mindspring, who blocks outbound port 25, you can use any e-mail address, account, reply-to, etc, etc you want to. All you HAVE to use is smtp.earthlink.net, smtp.mindspring.com, or smtpauth.earthlink.net to SEND messages. What is the harm in that ?? | |
| | | |
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA
| Re: Deal with it..... Which was my point exactly. Problems can arise though if your provider's SMTP server sucks or you want your own header information.
--
Don't have it?!? Demand it!!! The Anime Network »www.theanimenetwork.com | |
| | | | | | | | | | | ThatsPrettyFunky
join:2001-08-28
Derwood, MD
| Re: Deal with it..... SMTP servers can suck in lots of ways...dropped messages, messages that take a week or more to deliver(big issue when comcast was first on their own after @home died. It's better now...), not supporting SSL, etc etc.
Now back to the thing about 'regular' users. How many regular users are going to know to use smtp.comcast.net or whatever instead of the server they were told to use when they signed up for their third party e-mail account? And who are they gonna call? Comcast wouldn't be my first instinct...I would go bother the tech support of the third party e-mail. And probably not get very much help by doing so... | |
| | | | | | 
JoPito
@comcast.net
| Hall, I used to post in the EL forum as an official Tech. There are always problems with EL servers, sometimes the routing can be messed up between two of them and it takes 10 hours for messages to go over an internal 100mbit connection from 1 server to another (sitting in the same room). There are lots of reasons why people want to be able to use an SMTP server from their own hosting provider.
#1. That way their email cant be logged by the ISP's email server.... (aside from the ISP sniffing their traffic, AKA Carnivore/DCS1000)
#2. Having mail server show up as "mail.mydomain.com" instead of *.earthlink.net
#3. Avoiding EarthLink's blacklist that happens all the time from auto mass-blacklisting spam lists.
I'm sure there are many more... I realize the hosting company can set up a mail server listening on a different port, but should every other company on the internet have to do something special because some isps are breaking standard port numbers?
This is how censorship starts. | |
| | | | | | | | | | | | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH | Re: Deal with it..... With webmail and VPN, you should be able to use any mail from anyplace you need to. And if your company does not have VPN or webmail services, then shame on them.
puritan | |
| | | | | | | | | | | | | | mrs213
join:2002-05-25
Pittsburgh, PA
| Preach on, brotha/sista.
One of the key points is, my parents (your average technology "masses" user) don't even know what a port is, and don't care. Most people (even a lot of gearheads I know) don't bother with running a mail server or playing tricks with mail servers. They use Hotmail or change the REPLY-TO on their Outlook client to a forwarding address or whatnot.
Those playing with the mail servers and find themselves limited are in the VAST minority, and aren't even a blip on the broadband providers' collective radar. This is for the good of the entire network. I suggest you cope. | |
| | | | | | | | | | qcsdave
join:2002-06-29
Greenville, SC | So basically people who run Spam Servers from their home computer and People who spread virus's by not securing their machine will be affected.. Hmmmm How Horrible!
note sarcasm | |
| | | | plat2on1
join:2002-08-21
Hopewell Junction, NY
clubs:
| said by Hall :
said by plat2on1 :
uhm, by blocking port 25 they are telling users they cannot use external PAY email services and they MUST use ISP provided account. thats absolutely ridiculous.
Bullsh*t... With Earthlink/Mindspring, who blocks outbound port 25, you can use any e-mail address, account, reply-to, etc, etc you want to. All you HAVE to use is smtp.earthlink.net, smtp.mindspring.com, or smtpauth.earthlink.net to SEND messages. What is the harm in that ??
wheres the harm in that? the whole point of using an external pay service is so you dont have to rely on your isp. | |
| | | | 
cowboy
So Much For Subtlety
Premium
join:2000-03-14
Morgan Hill, CA
·Covad Communications
·DSL EXTREME
| said by Hall :
said by plat2on1 :
uhm, by blocking port 25 they are telling users they cannot use external PAY email services and they MUST use ISP provided account. thats absolutely ridiculous.
Bullsh*t... With Earthlink/Mindspring, who blocks outbound port 25, you can use any e-mail address, account, reply-to, etc, etc you want to. All you HAVE to use is smtp.earthlink.net, smtp.mindspring.com, or smtpauth.earthlink.net to SEND messages. What is the harm in that ??
What part of external services did you not understand ? You're talking about using your ISPs smarthost services - which should be favoured when possible... but not all ISPs are clueful enough to rely on
--
Richard Nelson | |
| | | |
phunky smell
@207.46.x.x
| Blah blah you can just use your ISP's SMTP and change the reply-to address blah blah.
WHAT ABOUT FILE ATTACHMENTS? If you have an external mail server that you pay for it probably allows for a decent size file attachment, but your ISP probably has a miniscule limit or even disables attachments altogether. | |
| | | | |
Hall
Premium,MVM
join:2000-04-28
Dayton, OH | Re: Deal with it..... Give me a break.... E-mail is NOT the best method for sending "large" files. | |
| | | | 
RARPSL
join:1999-12-08
Suffern, NY
| said by Hall :
said by plat2on1 :
uhm, by blocking port 25 they are telling users they cannot use external PAY email services and they MUST use ISP provided account. thats absolutely ridiculous.
Bullsh*t... With Earthlink/Mindspring, who blocks outbound port 25, you can use any e-mail address, account, reply-to, etc, etc you want to. All you HAVE to use is smtp.earthlink.net, smtp.mindspring.com, or smtpauth.earthlink.net to SEND messages. What is the harm in that ??
The harm is that Earthlink's smtp.earthlink.net servers that are reachable from Non-Earthlink Connectivity (as would be the case if you are on the road and at a hotel using DSL from your room) do not respond on Port587 (I do not know if the ones from the Earthlink LAN do either). Thus you must screw with your settings every time you change connectivity instead of having settings that are Connectivity Independent. If you must use Port 25 to get to Earthlink from the Internet, what happens when you use some other ISP for connectivity who ALSO blocks Port25? If you force all LAN traffic through your servers, you should have Port587 available as a Port25 Alternative for both LAN and WAN (Internet) connectivity sessions . | |
| | | 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by plat2on1 :
said by wentlanc :
I totally agree on blocking port 25 for basic user accounts. If you want to run a mail server, you should have to have a different account type. It is called accountability. This lets the ISP be more wary of who is running these types of servers without having to constantly scan their networks. for them.
Same goes for ICMP to some extent. Most basic users do not use it. So why not have an advanced tier for users who want the functionality. Just shut it down and only open it for users who want it, like they used to do with shell accounts.
Just deal with it. It will more than likely make life easier if it becomes adopted throughout the internet.
puritan
uhm, by blocking port 25 they are telling users they cannot use external PAY email services and they MUST use ISP provided account. thats absolutely ridiculous.
If you're an SMTP service provider and you actually care about servicing customers, you set up SMTP listeners on alternate ports. That way, that segment of your potential customers who are port 25 blocked can still use your service. It's pretty trivial to PNAT at your SMTP network edge to redirect those external port numbers to the SMTP servers' real SMTP listener ports.
So, I don't see the problem, except for incompetent SMTP service providers and maybe for people that can't read instructions on how to configure their SMTP client software. And, I can feel absolutely zero pity for either group.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
| | | |
cowboy
So Much For Subtlety
Premium
join:2000-03-14
Morgan Hill, CA
·Covad Communications
·DSL EXTREME
| Re: Deal with it..... said by nixen :
If you're an SMTP service provider and you actually care about servicing customers, you set up SMTP listeners on alternate ports. That way, that segment of your potential customers who are port 25 blocked can still use your service. It's pretty trivial to PNAT at your SMTP network edge to redirect those external port numbers to the SMTP servers' real SMTP listener ports.
So, I don't see the problem, except for incompetent SMTP service providers and maybe for people that can't read instructions on how to configure their SMTP client software. And, I can feel absolutely zero pity for either group.
Yeah, yeah, {S|P|,}NAT is trivial to setup...
But what do we do when we lose port 587 (the *other* smtp port), and then when we find ourselves limited to only *known* non-threatening (to someone) ports (I'm not sure we're far from that) ?
For me, I'm when under Linux (where I do my 'productive' work), I run my own sendmail - yes fully uptodate and highly customized... I use mailertables and smarthosts appropriately so I can vary my setup by site and/or mail from/to. The windows folk don't have all that (nor could most deal with) much customizability.
Having to swap ports is assinine and a knee-jerk responce - I don't see that it has to this point made much, if any, difference in the amount of spam/viruses that make it through my ISP to be caught by my filters.
--
Richard Nelson | |
| | | | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Re: Deal with it..... said by cowboy :
Having to swap ports is assinine and a knee-jerk responce - I don't see that it has to this point made much, if any, difference in the amount of spam/viruses that make it through my ISP to be caught by my filters.
Granted, by itself, port switching won't buy you anything. You need a more top to bottom approach. Basically one where the only traffic transiting port 25 comes from hosts that are reverse MX'ed (i.e., pretty much just valid SMTP server to SMTP server traffic). Non server-to-server SMTP traffic would/should be relegated to an alternate port. Access to that port should only be by way of authenticated logins (in a very ideal world, logins that used OTP).
Granted, the MUA's would have to be written such that authentication credentials couldn't just be lifted out of them by means of a virus. But, even if a virus did compromise the authentication, the audit trail would still be there, allowing an infected system to be more quickly taken off the air than is currently the case.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
| | bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
| said by wentlanc :
Same goes for ICMP to some extent. Most basic users do not use it. So why not have an advanced tier for users who want the functionality. Just shut it down and only open it for users who want it, like they used to do with shell accounts.
I have to disagree with this point... ICMP is used both by the user-land programs and the IP stack.
The IP stack uses ICMP for feedback from routers from "Destination Host Unreachable", etc. errors that are necessary to a properly functioning internet. It is in no way proper to make people pay extra to have standards compliant IP connection that won't flake out because ICMP is gone.
And even better, I remember being at a friend's house while they were troubleshooting their Cox connection. They had to call Cox and they said run ping and traceroute so they could get some metrics for the ticket. But guess what? Yep, they disabled a tool that would have been useful in fixing the users problem...
ICMP blocking is a totally different issue than blocking port 25.
--
Male by birth... Geek by choice
"A cardinal American virtue, 'ambition', promotes a cardinal American vice, 'deviant behaviour.'" | |
| | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH | Re: Deal with it..... That's why I said to some extent. Most people do not use echo and echo reply at all.
puritan | |
| | | | bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
| Re: Deal with it..... said by wentlanc :
That's why I said to some extent. Most people do not use echo and echo reply at all.
Most people don't, correct. However, some caching services like Speedera do use both the Echo Request and expect an Echo Reply packet. Speedera is a service just like Akamai, except they use latency (to some degree) to figure out which server users need to use.
I could probably find some other systems that would be greatly impaired that are completely non-interactive that use Echo Request and Echo Reply packets.
--
Male by birth... Geek by choice
"A cardinal American virtue, 'ambition', promotes a cardinal American vice, 'deviant behaviour.'" | |
| |
cowboy
So Much For Subtlety
Premium
join:2000-03-14
Morgan Hill, CA
·Covad Communications
·DSL EXTREME
| said by wentlanc :
Same goes for ICMP to some extent. Most basic users do not use it. So why not have an advanced tier for users who want the functionality. Just shut it down and only open it for users who want it, like they used to do with shell accounts.
Bzzt... I've seen both (large) corporations, and ISPs who, in the panic, decide to block *all* ICMP! This means PMTU
no longer works, to connect, you have to ferret out and set
the MTU on your client box according, etc.
Yes, this is idiocy - but it is often done this way! Just like blocking outbound port 25, this means you can't use that free (or expensive) mail hosting account you bought unless they also open port 587 (or other ports) and educate the users one by one.
said by wentlanc :
Just deal with it. It will more than likely make life easier if it becomes adopted throughout the internet.
Yes, like the way it feels when you *quit* banging your head against the wall... Maybe there does need to be a multi-tierd ISP setup, but not just John/Jane Doe vs commercial ! I'd be happy to run my own mail/http/firewal, etc. but I am not a business, nor is my traffic high enough to warrant the expense
--
Richard Nelson | |
| | 
G_Poobah
join:2004-01-17
Schenectady, NY
| In Comcast they came first for the P2P users, and I didn't speak up because I wasn't an P2P users. Then they came for the FTP Users, and I didn't speak up because I wasn't a FTP User. Then they came for the ICMP users, and I didn't speak up because I wasn't an ICMP user. Then they came for the SMTP users, and I didn't speak up because I wasn't a SMTP user. Then they came for me, and by that time no one was left to speak up.
Sounds a lot like the Nazi's are gaining control of the cable company. Freedom is always the first casualty, and anyone who supports the restrictions on freedom doesn't understand what freedom is.
We pay for an INTERNET CONNECTION. The RFC's clearly state what an internet connection is. If they use the word INTERNET in their ad's, then it damn well better be a real INTERNET connection, not some private filtered service. These filters and restriction make it AOL, NOT the internet. | |
| | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: Deal with it..... Your service provider decides what they will allow you to do with their service. Not some RFC. Your attitude is laughable. You pay for a service. the terms of which are lined out in your TOS / AUP. The service provider decides what is allowed to go through the connection. If you don't like their decision, either deal with it or get a new provider. Securing SNMP communications would dramatically decrease the amount of SPAM on the web.
puritan | |
| | | | clonehappy
join:2000-12-11
Portage, IN
| Re: Deal with it..... said by wentlanc :
If you don't like their decision, either deal with it or get a new provider.
That is exactly what it boils down to. Honestly though, an internet connection should be exactly that, a standard connection to the internet. If you screw up, you get booted plain and simple. But TOS or no TOS if you block my ports, thereby telling me what I can or can't do with a connection I'm paying for, you'll see me in your churn statistics for next quarter. | |
| | |
pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs:
| ICMP is very useful and it doesn't have that many alternatives.
People expect that if an ICMP packet doesn't come back the machine is offline. Verisign seems to want more $$$ at the expense of RFCs that everyone expects to be there. ISPs start to block port 25. What's next?
Standards exist for a reason. What if each cable company started to 'enhance' (break) DOCSIS 2.0 in their own way?
Actually those kind of monopolies wouldn't suffer that much. There would be a small rise in modem prices and most likely a dispute over what 3.0 would be, if there was one actually being planned after that.
Since the Internet is a competitive public network, I could use mobile phones for an example because of the similarity. Let's say that VZW is tired of people using their analog network with cloned phones. They implement some type of anti-fraud system. Someone using an unregistered phone dials 911 for help. The network is unable to complete the call because it wasn't registered in their database.
So what we are seeing with Verisign, ICMP, port 25 and whatever's next is the 'breaking' of the Internet's funtionality. | |
| | 
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| said by wentlanc :
Same goes for ICMP to some extent. Most basic users do not use it. So why not have an advanced tier for users who want the functionality. Just shut it down and only open it for users who want it, like they used to do with shell accounts.
ICMP is an integral part of IP protocol and disabling ICMP is partially crippling your TCP/IP stack. There more to ICMP beyond Ping!
Where do you draw the line. Tomorrow someone else is going to switch to exploiting UDP and TCP as well? Block UDP and TCP too? How about taking the money of users and not delivering any service?
quote:
Just deal with it. It will more than likely make life easier if it becomes adopted throughout the internet.
Then we would not have internet. I am all for accountability but I think penalizing everyone is not the right way to fix! | |
| | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: Deal with it..... I never said to eliminate ICMP. I should have been more specific and said echo and reply. As far as using them for a speed test, since ICMP is the lowest priority protocol, it makes a lousy indicator of actual responsiveness of a system or device. Perhaps we need a new protocol to serve this purpose. I hardly see any of these measures as penalizing anyone. It is simply closing up some inadequate gaps in some archaic protocols.
And TCP and UDP have already been exploited many times in the past.
puritan | |
| | | |
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| Re: Deal with it..... said by wentlanc :
And TCP and UDP have already been exploited many times in the past.
So, what is the point of eliminating ICMP Ping? Particularly, UDP is a convenient one to substitute for ICMP.
The hackers, virus writes will just switch protocols. As long as there is a way to send packet anything can be exploited.
You actually do not get harmed by ICMP Echo Request or ICMP Echo Reply. It is just some background jitter and something that fills the logs of your firewall. If you like you can adjust your firewall not reply but elimination of the packet by ISP is plain wrong.
There is no good reason to block ICMP ping by the ISP. | |
| | | | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: Deal with it..... Obscurity. Ping is the simplest method of sweeping for responsive addresses, and then probing for further information. Granted echo request and reply have their place. But echo request to the users of an ISP is not particularly useful to anyone.
puritan | |
| | | | | |
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| Re: Deal with it..... said by wentlanc :
Obscurity. Ping is the simplest method of sweeping for responsive addresses, and then probing for further information. Granted echo request and reply have their place. But echo request to the users of an ISP is not particularly useful to anyone.
puritan
I can write a tool that sweeps a bunch of addresses and solicit negative responses. So, blocking ICMP will not do any good but rather a false sense of security for some and a lot of inconvenience for a lot of users.
Echo request (ping) is a diagnostic tool. It is useful for everyone and it is the simplest means to diagnose a problem on your line. I strongly disagree with you that it is for the ISP.
I think your view is very short sided. You are not solving any problem by blocking ICMP Ping but removing the capability of users self diagnose issues with their lines.
Without tools given to the user ISP will never admit they have issues on their side.
The correct solution for the ISP is to rate limit ICMP bandwidth. That way excessive pings would be blocked while users maintain the simple diagnostics capability. | |
| | | | | | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: Deal with it..... said by DrTCP :
The correct solution for the ISP is to rate limit ICMP bandwidth. That way excessive pings would be blocked while users maintain the simple diagnostics capability.
See what happens when people communicate! I totally agree with this approach. It is better than blocking completely.
My entire point is that for the majority of internet users, they do not need to be pinged from outside of the ISP's network, and security overall needs to be tightened to help prevent spam and many of the other headaches that are wasting the resources on the internet.
puritan | |
| | russotto
join:2000-10-05
Collegeville, PA
| Good old 'ping' is a pretty standard way of seeing if a host is up, and Unix 'traceroute' (which uses the same protocol) is a pretty standard way of seeing where a problem lies. Take those away and you have a crippled connection.
Take any ports away and you have a crippled connection. If you've got a port blocked -- particularly a major useful point such as 25 or 80 or 7 (ok, maybe not 7), you're a second-class user of the internet. | |
| | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: Deal with it..... Traceroute sends UDP and receives ICMP, type 11, time-to-live exceeded packets. Not ICMP echo and reply.
If an ISP blocks ports, then by your definition, they would be a second-class provider of internet connectivity. Them blocking ports has nothing to do with the class of the user.
puritan | |
| 
Tomek
Premium
join:2002-01-30
Brooklyn, NY
 ·Packet8
| Give Options ISPs should give options to subscribers.
They can have their connection filtered or not.
Users who choose not to filter lines should be FINED.
That way everybody will be happy.
--
There are 32 types of people.Those who understand HEX and those who don't. | |
| |
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA
| Re: Give Options IMO it depends on the TOS/AUP, if it prohibits certain activities that the port blocking ends up effectively enforcing, there should be no choice of to filter or not to filter.
--
Don't have it?!? Demand it!!! The Anime Network »www.theanimenetwork.com | |
| | yabos
join:2003-02-16
Ingersoll, ON | I agree. They could turn it on by default, that way all the average people won't be affected, but those who know enough to need another outside SMTP server or run their own can have it turned off. | |
| | 
Nevster
Premium
join:2002-04-06
Dalhousie, NB
| The ISP does give options: You can pay for their service and enjoy the benefits and detriments of their service, or your can pay someone else for a whole new set of benefits and detriments.
That's about as much control you have over your Internet connection. Sorry if this lack of control alarms you, but hey, that's life. | |
| 
Wills
join:2001-01-03
Port Charlotte, FL
| Fine lines. DHCP is the biggest contributor to an attitude like this. If you could know at a glance, what user is causing havoc on your network, you cut him off. You tell him his service will continue once his computer is clean, he stops his spam, or whatever it is he's doing.
But you can't do this quickly and efficiently with DHCP in place. You have to scrounge the logs to find out who had what IP at what time and by the time you're done searching your logs the damage is done.
It was said that the CodeRed virus spread so fast, that if every computer in the world was turned on they would all be infected in under 15 minutes. That's impressive. And even with a good script, you aren't going to search your logs, identify a user and shut him down in that time.
Cable companies are the biggest to blame. Just the topology of cable internet is a haven to spread virii. They supply the modem. There is no reason they can't get it's MAC, set you up static, and monitor their network properly. Yes, it's time consuming (but it can all be automated).
So is cleaning up a virus.
--
Abit VP-6 twin 800EB's @ 1002 Mhz.Proud member of the XDC. | |
| | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH | Re: Fine lines. You can implement DDNS along with your DHCP and know exactly who has which IP address.
Not to mention that MAC addresses that point to the internet rarely change.
puritan | |
| | | | |
Nevster
Premium
join:2002-04-06
Dalhousie, NB
| said by Wills :
DHCP is the biggest contributor to an attitude like this.
But you can't do this quickly and efficiently with DHCP in place.
Cable companies are the biggest to blame. Just the topology of cable internet is a haven to spread virii. They supply the modem. There is no reason they can't get it's MAC, set you up static, and monitor their network properly. Yes, it's time consuming (but it can all be automated).
So is cleaning up a virus.
DHCP is used to provide computers with an IP address, a netmask, a default gateway, a nameserver, and other necessary information. It does not contribute to spam, world hunger, virus activity, porn, or your unhappiness.
If there is a network activity going on right now that I need to abort in a hurry, here's what I and many others do:
1. find the source and destination IP address of the harmful traffic
show ip cache flow | include --harmful traffic search string--
2. find the source or destination MAC address of the harmful traffic.
show ip arp --participating IP address--
3. find the cable modem involved
show cable modem --participating MAC address--
4. Filter or shut off cable modem involved.
do complicated web-interface stuff
-----
If I automate this process, I will peg innocent people. Therefore, I use my judgement before shutting or filtering someone.
=====
Cable modem topology is just like ethernet topology (close enough for this dicussion). I think ethernet came quite some time before DOCSIS. Hey, lets keep going with this: The Internet is Not Perfect in whole or in part!
====
If your computer gets a virus, that's your problem. If his computer gets a virus, that's his problem. If any computer gets a virus, and it causes me problems, then I have a problem, and I will solve my problem with the resources I have control over, and you might not like the solution, if one of those resources happens to be your cable modem service. I wouldn't be angry with YOU, or even your choice of virus protection software or operating system. It's really just me taking care of my problems the best way I know how. I hope you would understand.
====
| |
| 
ArchAngel21x
MacFan Pro
Premium
join:2001-10-28
Lincoln, NE |  So....
| |
| Markie
join:2003-07-26
Kalispell, MT
| CenturyTel censorship at it's best CenturyTel has seriously got into the censorship game. They censor ICMP. They censor outgoing emails with the subject "hello" or "hi"! They are now censoring traffic to www.sco.com. Which doesn't matter now, since there is no sco.com. But one wonders if they'll have access reenabled the instant sco.com is back up. If not, well then, that's really taking control of what users are allowed to see. Personally, I don't care about SCO - I wouldn't mind in some ways seeing their website permanently blocked. But it's the precedent it sets. They're blocking a great deal of ports. Now that Bresnan cable internet is available here, it sure is tempting (of course being that it's ex-Comcast, would it truly be any better?)... | |
| | jassing
join:2004-02-09
Anderson Island, WA
| Re: CenturyTel censorship at it's best you need to contact centurytel.
I've been on them for a while now about ping & tracert - very BASIC functions -- the more people complain, the better we'll be.
Also; regarding the subject of "hello" and "hi" -- they're "censoring" a lot more -- instead of installing something called "virus scanning software" and then deleting infected emails (becuase the from is always spoofed, so why reply) they block subjects.
btw: A lot of companies are doing this -- becuase when the hello/hi virus went around; it caused a huge drain on resources for the scanner to kick in for so many messages -- Centurytel (at least as they've told me) will stop the subject filtering as soon as the virus threat has dropped substantially -- what that "substantial" amount is; I dunno.
complain about ping/tracert -- that's the only way to get them to put it back. | |
| | | rrandel
join:2004-02-07
Lind, WA
| Re: CenturyTel censorship at it's best i believe that centurytel advertises itself as a "full service internet provider" in which case by censoring subject lines of email, (i couldn't send one with "information" as a subject) they are violating that "full service" premise. Maybe if enough of our fellow centurytel customers threatened legal action they might get off their high horse and give us back the basic services required for checking out their claimed connections.
Furthermore, I would really like to see them learn the difference between BANDWIDTH and LATENCY. I am tired of my poor latency on the net and in other applications. | |
| | | | jassing
join:2004-02-09
Anderson Island, WA
| Re: CenturyTel censorship at it's best you can go one step further -- after years of getting my NNTP thru centurytel; they changed providers, so mid month they'd 'use up their allocation' -- so I finally went with a 2.95/mo NNTP service...
If there were a "suecenturytel.net" website with a petition, I'd sign it. | |
| 
tim_k
Buttons, Bows, Beamer, Shadow, Kasey
Premium
join:2002-02-02
Stewartstown, PA
 ·Millenicom
 ·WildBlue
| Blocked Ports My ISP took the easy way out and block ALL inbound ports. I can't remotely connect to my network anymore. Since they also block outbound ICMP and perhaps some other ports, I can't use ping or tracert to T/S connection problems. I have to pay for a static IP if I want any ports opened. | |
| |
See 11 replies to this post | |
alexiares21
join:2001-12-21
Rancho Cucamonga, CA | Charter in Socal also has blocked ICMP It been about months since I have been able to tweek test due to ICMP being by Charterl | |
| 
reub2000
Premium
join:2001-12-28
Evanston, IL | Hey, why not block port 80 outbound? I think those ddos attacks where using port 80 outbound. It'll piss off 99.9999999999999999999999999999999999999999999% of your customers, but that doesn't matter. | |
| |
Nevster
Premium
join:2002-04-06
Dalhousie, NB
| Re: Hey, why not block port 80 outbound? said by reub2000 :
I think those ddos attacks where using port 80 outbound. It'll piss off 99.9999999999999999999999999999999999999999999% of your customers, but that doesn't matter.
In resonse to these DDOS attacks, ISPs put pressure on router vendors so that Cisco and others produced advanced filtering features such as NBAR. When these attacks were prevalent, I was able to put filters that blocked web requests for *default.ida*, and other very specific requests. Not many people noticed these filters.
Stop being silly. Of course it matters. | |
| 
Dominokat
"Hi"
Premium
join:2002-08-06
Boothbay, ME
clubs:
·RoadRunner Cable
1 edit | Just Wondering I bought my own POP email address. It saves me the hassle of having to deal with address changes when/if I change ISPs. It has worked great, using the send and receive servers MY address requires, without having to use any part of my ISPs address. Most of the time I use my ISP for access to the internet and my email (Direcway) but sometimes I am traveling and use a dial up account that isn't Direcway. Everything has always worked.
Now, if I understand this thread, I may be screwed or will have to keep changing my SMTP server address every time I use a different ISP for what is MY own address. That idea sucks a** and pretty much defeats the idea of my own address. So I wouldn't have to worry about this stuff!
--
*DW6000-Pro*G4R/1370H*WinXP-Pro*Linksys Router*2 Wired & 1 Wireless Clients* | |
| kd6cae
P2p Shouldn't Be A Crime
join:2001-08-27
Lancaster, CA
·RoadRunner Cable
·DSL EXTREME
| my feelings on ICMP and port blocks OK take my opinion for what it's worth. ICMP should not be blocked whatsoever! If ICMP is blocked, how are users such as myself suppose to find out where network problems are occuring? Since traceroute is basically pinging each IP hop on the path between you and a given host, if you're having network issues such as slower speeds than usual or the like how can you find out where the problem is! and when I'm away from my internet connection and I want to make sure my system's still up I often ping it which I don't think should be a crime! Now regarding blocking of SMTP, I can see blocking of inbound 25 for major ISPS to their customers with one condition though. If a user wants to run his/her own mail server, their should be a control pannel they could get to on their ISP that would allow them to enable or disable certain services, and SMTP could be one of them. I often wonder if all these blocks are pleasing spammers who take pleasure in making customers go mad! Just a thought. One day I hope to run an ISP and I'll promote the internet and it's potential not try and block everything and limit connection speeds like every other ISP is doing! The only ports that should be blocked really are 135-139, and 445 perhaps and any other useless microsoft port. But if you need 139 open or something you should be able to request that it be open and provide a valid reason. Everyone should be able to decide how they wish to use the internet! Again just my thoughts, so flame away. | |
| | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: my feelings on ICMP and port blocks Traceroute does not use ping. It sends UDP packets and receives ICMP, type 11, Time-to-live-exceeded packets as replies. So traceroute would still work fine if echo request and echo reply were disabled.
If you are away from your system, why would you care if it is up?
Your next statement answered the last one. You are running some type of server such as mail, which is most assuredly against the TOS or AUP of your ISP. And most ISPs for that matter.
puritan | |
| | | russotto
join:2000-10-05
Collegeville, PA | Re: my feelings on ICMP and port blocks Hold on, there, Cotton Mather. Check out L.A. Bridge's web page and you see they explicitly advertise that users can run their own mail server. | |
| | | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH | Re: my feelings on ICMP and port blocks So it does. And I'll go back to the original post. Inadequately implemented mail servers are a big contributor to spam. That ISP will be the one held accountable if and when their users abuse the service.
puritan | |
| | kd6cae
P2p Shouldn't Be A Crime
join:2001-08-27
Lancaster, CA
·RoadRunner Cable
·DSL EXTREME
| Yes the reason I went with LA bridge is that I could run a server, not to mention I could get better upload speeds, I have 768KBPS DSL upstream and the same down. when I had Verizon the best I could get was 128 up not to mention a dynamic IP. as far as I'm concerned, it's the same internet whether you're on LAbridge, comcast, or some dial up provider. so why do most ISps except for small local ones such as LAbridge forbid running of servers? there's plenty of useful things one can do running a server. All the big IsPs seem to want is for you to be able to receive data, but not use your outbound connection! what good is broadband if we can't do anything with it such as run our own mail servers? I like to use the internet to it's fullest, and LA bridge allows me to do that. If all you want to do with your internet connection is surf the web and send email via your IsP and only via your IsP then that's fine too, the choice should be available to the customer. Like I said earlier big spammers probably are laughing cause ISPS are making users use their mail servers and maybe that's what they wanted to do, make users mad and frustrated. the internet should be fun thing not a place where you have to find out for yourself what you can and can't use your connection for. | |
| Meeble
join:2002-09-19
Champaign, IL
| my thoughts let me hit some of the points I just read:
1. Almost every single user violates the TOS of every broadband provider. FTP, Games, File Sharing, Some SSH services all act as servers in their own way shape or form so debating that is hazy sometimes. I play counter strike and have hosted some games within the HL framework but technically I was still running a server to some extent 
2. email = I can't prove when it started but around Sept 2003 when ICMP was first disabled [ I'm on Adelphia] I started paying closer attention to things and I was losing emails left and right. No bounce back is going back to the sender and in some cases my emails are not getting back to them. I'm not the only one having this problem, and their not all on Adelphia. Maybe it's been going on for awhile but it's odd I noticed it creep up substantially around the same time ICMP was disabled - probably not related but still irritating. I think it has something to do with reverse DNS as that seems the only commonality to this point. Anyhow my long winded point is I stopped using Adelphia's email as my primary but if my port 25 was blocked I'd still end up screwed in the end with unreliable mail [I use web mail anyhow now but still]
3. I was the one user quoted with the 4+ year remark. To be fair some of the problems are relegated to my local area - still an issue but whatever. The latest stemmed from my VPN not being able to connect anymore after authenticating once ICMP had been disabled. I agree with whomever said lock it down but open up access to those who request it. With a smaller nbr permissible to use it - wouldn't it also be easier to monitor if someone was abusing it or the source of an attack ? | |
|
Nevster
Premium
join:2002-04-06
Dalhousie, NB
| It's not about YOU. If you find your traffic filtered, try, if you can, not taking it personally. The ISP has to do something to keep their mailservers intact and their HFC plants unsaturated and their routers from barfing. Occasionally, this impacts what you want to do. The ISP understands this. The ISP often regrets this. The ISP hopes that you'll figure out a way around it.
My ISP (who happens to be run by me, so I'm pretty comfy that the following are true):
...tries to not interfere with anybody's functionality...
...but has to take some action to keep things running well...
...and has a limited amount of time in the day...
...and an infinite amount of possible problems...
...can't ignore everything because the network will go to heck...
...can't protect against everything cuz it's impossible...
...wishes to not make problems for itself...
-----
In other words, when I see a problem that I can fix without anybody noticing that there's a filter/restriction, etc, I feel I've succeeded. Of course, I don't get any thanks for this. But, when I filter out ICMP echo/reply of length 92 as per cert.org recommendations... oi.
I might point out that ISPs who care are really trying to protect themselves from problems that USERS-LIKE-YOU are causing, but not necessarily YOU. They can't tell if YOU might get a virus tomorrow, even though YOU don't have one today, and they don't have unlimited resources or nifty software that can pick only on problems that currently exist then test to see when they don't exist any more.
Sometimes they have to make a blanket policy so that they can go on with whatever it is they were going on about before they got interrupted by the newest exploit. They're not happy about all the bitching and moaning that happens either, but they accept that it's going to come, and that's how the world works, and life goes on. They DO care about YOU and YOUR big picture. They might also care YOUR immediate problem, but decided that it's something that YOU will have to deal with.
But, feel free to try to change their mind if you wish.
-nevin | |
| | adriang5555
join:2003-12-09
Amarillo, TX
| Re: It's not about YOU. I completely agree and second everything Nevster has stated. I too help run a small ISP out of Texas, and I can tell you it is not easy battling day to day battles with constant problems that plague the network as a result of misuse and ignorance by users. It is very easy for people to say, "I think ISP's should allow all traffic to flow and there should be no capping, etc, etc.". However, what users do not understand is that the network equipment and resources to provide the bandwidth are extremely expensive and it is unrealistic for people to think that ISPs can just "open up their networks completely" and everything should be hunky doory. With a fully open network, all it takes is a couple of nasty viruses to bring a network down to its knees and plug up all of the available bandwidth so that traffic can not pass through. Then, ALL users suffer. It takes a small army of technicians to stay on top of what is going on at all times and monitor for problems and adjust as need be. I suffer many of sleepless nights to work through issues so that myself and my team can ensure 100% network up-time and so that users can happily use their connections that I feel they often take for granted. Before running a ISP, I worked for 10 years in the telephone industry and I engineered and operated large Central Office sites for a couple of different major local phone companies. I can tell you this, the complexity of providing High-Speed Inet service is 20x that of providing phone service over a phone network, and the problems are never ending. It is a miracle that we can keep customers connected to the internet with zero downtime considering the non-stop battles we constantly have to deal with. I just wish users would try and consider this when they want to complain about their ISPs shutting down services that are not service affecting.
And to further clarify, you CAN block ICMP echo and reply protocols while still allowing all of the important ICMP traffic that could possibly need to pass for sucessfull operation of any and all services over the web, including Tracert. It is just a matter of explicitly blocking and permitting individual ICMP protocol packet types. | |
| Microsoft 98
join:2003-01-22
Micmac, NS
| So if your ISP blocks the port for So if your ISP blocks the port for you 25 what does that really mean? you can't get your ISP mails anymore and can't send even though you using POP3 Access?
I already have my router to block 25 as in * for all bonds. I can still send and recevie from outlook and POP3 access
--
http ://www.freewebs.com/welcome_to_my_store | |
| |
Nevster
Premium
join:2002-04-06
Dalhousie, NB
| Re: So if your ISP blocks the port for A) If your ISP blocks port 25 for you, it really means the ISP made a decision that complaints about blocked port 25 was less important than the benefits from blocking port 25.
B) Or, you could be sending a gazillion viral emails and it means you need to clean up your systems.
If you ask your ISP why they blocked you, they might give you a straight answer. Sometimes the people answering the phones (tier 1 or 2) do not know exactly why tiers 3-5 have done what they've done, so you might not get a straight answer, because the people answering the phones may simply not know for sure, even if they're otherwise well informed and technically adept.
If you don't think you're doing anything wrong, it probably doesn't mean much more than A) or B).
Or did you think your ISP is out to GETCHA?  If so, why do you think that? | |
| 
Spike401
Fox Powered
join:2002-04-27
Labrador
|  Same old story.
Bottom line is that most ISP's do not care about the advanced user at all, since were the minority when compared to the average joeblow down the street. And those are the only people they care about, since they dont have a clue and will never have a need for such ports anyways.
--
#SympaticoSucks @ EFNet | |
| |
Anonymous Name
@adelphia.net
| Re: Same old story. I have a hosting account which offers smtp and pop access. Blocking port 25 would limit my use of the hosting account, which is not right.
My ISP's mail server is crap and slow. Because they use spam filtering I do not feel comfortable sending important mail through that account. Anyway, Adelphia users get bombed with spam. My hosting account does not get much spam at all.
If my ISP did start blocking port 25, I would need to get my own dedicated server and change the port assignment. Just to have reliable E-mail and reduced spam, I should not have to pay an extra $100-$200 per month.
It's my belief that I have a right to use the external mail services that I have paid for. Not only is it more reliable, but helps me to reduce spam. End users should be in control, not some corporation that uses profits as their only motivation. | |
| | |
Nevster
Premium
join:2002-04-06
Dalhousie, NB
| Re: Same old story. said by Anonymous Name:
I have a hosting account which offers smtp and pop access. Blocking port 25 would limit my use of the hosting account, which is not right.
It's my belief that I have a right to use the external mail services that I have paid for. Not only is it more reliable, but helps me to reduce spam. End users should be in control, not some corporation that uses profits as their only motivation.
Blocking port 25 would be unfortunate, but it's hard to say whether it would be right or wrong. From your writing, it appears that you're concerned about what hasn't happened yet. It might, but then when it became an actual problem, you might figure out an alternative.
You can believe in your rights all you wish. However, your beliefs and my beliefs do not come close to agreeing. That's OK. We have different points of view on the subject. I understand your point of view decently enough. I have a similar distrust in spam filtering, which is why I don't deploy it on our mailservers and leave the spam filtering to the customers.
My overall belief (or point of view) is that if I pay money for something and that something does not please me, then I have the right to stop paying for that something and get something else.
-----
So I pay money for my off-site hosting, and now I can't use it because every ISP in the world has blocked port 25 on their cable modems; perhaps I would ask my off-site hosting to open port 24 (gee, they might already because this port 25 thing is not a new problem!) for me.
----- | |
| |
Nevster
Premium
join:2002-04-06
Dalhousie, NB
| You worked around the ISP's problem. That's pretty nifty.
You demonstrated for sure that you're an advanced user. With Friends even!
Did your ISP come after you for using port 24?
Is your life going on as planned?
Btw: Grouping yourself in with 'advanced users' and then saying your ISP is picking on 'advanced users' is still an attempt to make their arbitrary decision all about 'YOU', wouldn't you agree? | |
| |
Spike401
Fox Powered
join:2002-04-27
Labrador
| Yes everything is back to normal. I got sick and tired of sending mail that just disappears into /dev/null or takes 2 weeks to get to its destination. Even worse when the weekly windows worm makes its debut. ISP's couldnt do a thing if your relaying your mail off a friends smtpd. Many people do have hosting providers that listen on another port to get around this cumbersome move that ISP's are forcing upon us users that actually dont use their trash of an email server.
--
#SympaticoSucks @ EFNet | |
| ericusmcki
join:2004-05-25
Slidell, LA
| Communist Internet I find it really interesting how internet ISPs mentality follows much of the political mentality. In other words, Instead of the confrontation and punishment of the offenders lets just make it hard on everyone to do it. Next thing you know our email will be nice and regulated and then ISPs are going to need to recover costs for regulating email and then guess what. PAY PER EMAIL services like the post office. I'm sure that will make for an interesting forum topic. | |
| | b0gey
join:2004-06-06
Burbank, CA
| Re: Communist Internet Hi,
I have the same problem. Charter just blocked smtp ports to other smtp services and I need to send 12 to 20 MB file attachments via email. I can previously do this by using a 3rd party email account but since port 25 is blocked I can't do it anymore. Can someone tell me what needs to be done on the server-side and client side to use a different port for relaying?
Thanks in advace. Hope I get some sort of comment this time for I've been posting but I don't get any replies. It's like emailing myself.  | |
| | | ericusmcki
join:2004-05-25
Slidell, LA
| Re: Communist Internet Frankly there isn't much you can do unless you control both your 3rd party mail server as far as sending out. I am fighting with Bellsouth and their arguement is that they don't want spammers sending mail out. well find but that has nothing to do with opening incoming mail ports. They told me that I can't run a mail server because I would be providing "public information services". Well guess what. It isn't public. I'm the only one that uses it. They really don't care about the customer. I notice however that business class accounts don't have any problems because nothing is blocked. Whats up with that? So what your saying is that spammers (who gets lots of money to send out spam) can still spam from their networks. Bellsouth is the biggest bunch of hipocrites I have ever seen. | |
| | x0000000009
join:2004-06-27
| i agree F#)K ISP. if anyone knows a work around for this please let me know....
What the Anti-Spam community does is alot like what Communist China does with their internet. I've hosted my own web-sight www.tim-city.com with my own email system, for the last 5 years with a dynamic ip address. I had no problems, every time the dhcp renewed my license i just broadcast my custom mac address and walla i always recieved the same internet IP address. over 5 years i give out my private fully customizable sendmail server email address to a lot of people i wanted to stay in contact with.
buckeye-express ISP recently blocked request's on port 25 out and in without any notification. all i knew was i wasn't receiving emails, so i upgraded my linux kernel and senmail, to the latest versions. nope. bought a new router. nope... but the new router told me more than the old one did about what was happenning. I finally traced it down the isp. they want $20 more a month for a static ip to re-open that port. I think that is a crime. I buy something then the manyfacurer turns off a specific feature i use and demands more money, that is
specifically targeting me. Do i have any grounds for a lawsuit here? my private email has been down since feburary and any important emails i might have needed to recieve are now lost forever, without any notification from the isp that
they were targeting me individually for more money? | |
| | | | |
|
|
