Re: [gentoo-user] Bizarre SSH connection reset

Group: linux.gentoo.user
From: "Mark Shields"
Date: Tuesday, March 11, 2008 11:50 AM
Subject: Re: [gentoo-user] Bizarre SSH connection reset

message

------=_Part_2232_12646867.1205253785706
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Tue, Mar 11, 2008 at 10:30 AM, Mike Edenfield wrote:

> Mick wrote:
> > On Tuesday 11 March 2008, Dan Farrell wrote:
> >> On Mon, 10 Mar 2008 22:51:42 +0000
> >>
> >> Mick wrote:
> >>> On Monday 10 March 2008, Dan Farrell wrote:
> >>>> On Mon, 10 Mar 2008 15:43:55 -0400
> >>>>
> >>>> Mike Edenfield wrote:
> >>>>> Comcast?
> >>>> I was on comcast for a long time (2.5 yrs) and never had a problem
> >>>> like this. They might have blocked port 25 and squelched my
> >>>> bittorrenting at times, but never anything like this. Of course,
> >>>> ymmv.
> >>> IIRC they also block port 80 for sure on their retail accounts. They
> >>> don't want the average punter to run a webserver at home.
> >> Even when they blocked port 25 for me bidirectionally (evidently
> >> sending 6 gigs through that port made me look like a spammer, even if
> >> it was all to the same address ;) ), and I called security assurance
> >> and they listed that among all the open ports I wasn't allowed on a
> >> residential account, even then, they still didn't block port 80 (or 26,
> >> 22, 21, 110, 993, or any other port!).
> >
> > Hmm, I don't know . . . The particular address I was trying to connect
> was
> > definitely blocked. Other than not beeing able to connect with a
> browser,
> > nc, httping and tcptraceroute confirmed it). Could it be an
> area/account
> > specific block perhaps? When I questioned the owner he said that this
> was
> > common practice and that his ISP does not allow webservers to run.
>
> When I was on Comcast, the only ports they blocked outright,
> that I found, were mail related. Presumably this was a spam
> prevention measure more than anything else.
>
> However, they did *monitor* other common ports for traffic.
> Occasionally I'd put some local service or another on my
> firewall during development, or for testing, or whatnot. If
> it happened to be on port 80, 443, or 21, I'd usually get a
> nasty-gram from then within a day reminding me of their AUP.
>
> --Mike
>
> --
> gentoo-user@lists.gentoo.org mailing list
>
>
Who knows their Sandvine equipment is horrendous. But let's not get off
topic.

Collin: it may not be a "5-second rule". It may just be cutting it off
after a certain amount of traffic has passed based on the protocol/port
used. But I'm just speculating. Let's hear what fire-eyes has to say.

--
- Mark Shields

------=_Part_2232_12646867.1205253785706
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Tue, Mar 11, 2008 at 10:30 AM, Mike Edenfield <kutulu@kutulu.org> wrote:

Mick wrote:

> On Tuesday 11 March 2008, Dan Farrell wrote:

>> On Mon, 10 Mar 2008 22:51:42 +0000

>>

>> Mick <michaelkintzios@gmail.com> wrote:

>>> On Monday 10 March 2008, Dan Farrell wrote:

>>>> On Mon, 10 Mar 2008 15:43:55 -0400

>>>>

>>>> Mike Edenfield <kutulu@kutulu.org> wrote:

>>>>> Comcast?

>>>> I was on comcast for a long time (2.5 yrs) and never had a problem

>>>> like this. They might have blocked port 25 and squelched my

>>>> bittorrenting at times, but never anything like this. Of course,

>>>> ymmv.

>>> IIRC they also block port 80 for sure on their retail accounts. They

>>> don't want the average punter to run a webserver at home.

>> Even when they blocked port 25 for me bidirectionally (evidently

>> sending 6 gigs through that port made me look like a spammer, even if

>> it was all to the same address ;) ), and I called security assurance

>> and they listed that among all the open ports I wasn't allowed on a

>> residential account, even then, they still didn't block port 80 (or 26,

>> 22, 21, 110, 993, or any other port!).

>

> Hmm, I don't know . . . The particular address I was trying to connect was

> definitely blocked. Other than not beeing able to connect with a browser,

> nc, httping and tcptraceroute confirmed it). Could it be an area/account

> specific block perhaps? When I questioned the owner he said that this was

> common practice and that his ISP does not allow webservers to run.

When I was on Comcast, the only ports they blocked outright,

that I found, were mail related. Presumably this was a spam

prevention measure more than anything else.

However, they did *monitor* other common ports for traffic.

Occasionally I'd put some local service or another on my

firewall during development, or for testing, or whatnot. If

it happened to be on port 80, 443, or 21, I'd usually get a

nasty-gram from then within a day reminding me of their AUP.

--Mike

--

gentoo-user@lists.gentoo.org mailing list

Who knows their Sandvine equipment is horrendous. But let's not get off topic.

Collin: it may not be a "5-second rule". It may just be cutting it off after a certain amount of traffic has passed based on the protocol/port used. But I'm just speculating. Let's hear what fire-eyes has to say.

--
- Mark Shields

------=_Part_2232_12646867.1205253785706--
--
gentoo-user@lists.gentoo.org mailing list