Re: [?] DYNDNS host vulnerability

Moe Trin wrote:

Then get a better ISP. You got your own IP, when connected to
the Internet, all ports on that IP will only affect you. As
long your ISP doesn't share the IP with you (what it hopefully
won't do) there's simply no reason to block traffic on certain
ports.

What planet/galaxy do you live on? It is very common for
providers to restrict access to/from ports and/or services
based on the amount of coin you are paying them.

Not in this country. Actually there are a few providers here that
used to limit bandwidth on certain ports (notably those used by
P2P) in what they offered as "Flatrate" access. However they
lacked to note that little detail in the contract, which led to
a few lawsuits and AFAIK the affected customers here either got
full bandwidth on all ports again, or got their contract
cancelled plus some redemption.

There was also another ISP here, that was unhappy, how many
traffic some people caused with their flatrate accounts. But all
courts said: "They paid for flatrate, they get flatrate."

Those ISPs OTOH were very quick, to update their terms of service
and update all contracts. Still the majority of ISPs here
provide full, unlimited Internet access.

As for "no reason to block traffic on certain ports" - how
about the ISPs desire to stay off the various block lists - or
is spam and other net-abuse unknown in your world?

Dialup IP ranges are in the blocklists anyway. Also it would
simply make no sense to block, say port 25 ingoing on a dialup
connection, as this would also prevent only the setup of a SMTP
server there. And blocking port 25 outgoing was a bad idea, as
then you couldn't send e-mail to your e-mail providers SMTP
server. And Span can't be blocked by this anyway, as this is an
outgoing connection, that is not bound to any port on the client
side.

Maybe that's what you are paying for.

My ISP offers "Full Internet access for $bucks/month". Full
means: No limitations. Luckily I got a sane ISP, that doesn't
block anything, respects your privacy and even gives you IPv6
dialup if you want this.


Wolfgang Draxinger
--
E-Mail address works, Jabber: hexarith@xxxxxxxxxx, ICQ: 134682867

.

Relevant Pages

  • RE: what should I do when....
    ... What Internet cops should I call to defend me from Chinese hackers Philipe? ... Because just last night my 1025 and 1026 ports where getting scanned from a ... if your ISP pays attention to you and fights for you and does something ... This message was checked by NOD32 antivirus system. ...
    (Security-Basics)
  • Re: IPsec with racoon
    ... Well, I am the ISP, so I can be sure there are no ports blocked... ... Adam ... We have a wireless internet ...
    (freebsd-questions)
  • Unwanted (safe?) outgoing attempts to connect to the Internet and incoming traffic
    ... Modem connection to Internet, IE6. ... ZApro blocks access from what looks like my ISP, ... Some come to the same ports from other sources, supposedly from NJ, ...
    (comp.security.firewalls)
  • Re: My ISP closed some ports need help!
    ... then you need to get a different ISP. ... you will find you are *not allowed* to run server class software. ... They enforce this by inhibiting specific ports to flow ... To get access to server class ports, you need Server Class service agreement from the ISP. ...
    (comp.security.ssh)
  • Re: My ISP closed some ports need help!
    ... >> then you need to get a different ISP. ... They enforce this by inhibiting specific ports to flow ... >eg mapping your server ports into other numbers, ... or to provide network or host services to others via ...
    (comp.security.ssh)