Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Broadband Crackdown

Posted by michael on Wed Aug 08, 2001 10:20 PM
from the brave-new-world-of-high-speed-internet-access dept.
MrPeach writes: "In a move unsurprising to those of us who have had interactions with their so-called customer support, AT&T Broadband and Excite@Home are indefinitely filtering all incoming traffic on http port 80 for residential customers. They could have cut access to those running compromised servers, but instead chose to deny the ability to run a web server to all subscribers to their service. DSL anyone?" DSL won't save you. Verizon is apparently also blocking port 80 for their DSL customers, in addition to blocking outgoing port 25 and requiring use of Verizon's SMTP servers to send email. Verizon is also cheerfully paying fines for screwing over their competitors - the fines will be much less than the extra profit they can squeeze out once their competition is gone.
This discussion has been archived. No new comments can be posted.
Broadband Crackdown | Log In/Create an Account | Top | 790 comments (Spill at 50!) | Index Only | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1) | 2
  • NE mediaone user still get hit by the WORM by klops (Score:1) Thursday August 09 2001, @08:04AM
    • 1 reply beneath your current threshold.
  • If their contract says "don't do that" by SimCash (Score:1) Friday August 10 2001, @11:26AM
  • another way around.. by jjshoe (Score:1) Thursday August 09 2001, @06:14AM
  • they've never allowed servers by BroadbandBradley (Score:2) Thursday August 09 2001, @06:13AM
  • AT&T Port 80 Blocking Ineffective, Irresponsible by Brian Ristuccia (Score:2) Thursday August 09 2001, @12:03AM
  • Port 25 by UberLame (Score:1) Thursday August 09 2001, @08:51AM
    • Re:Port 25 by brandon2 (Score:1) Thursday August 09 2001, @10:33AM
      • Re:Port 25 by UberLame (Score:1) Monday August 13 2001, @10:19AM
  • AT&T in Eastern Mass is not blocking by Ececheira (Score:2) Thursday August 09 2001, @06:51AM
  • You silly people and your web servers by thejake316 (Score:1) Thursday August 09 2001, @11:31AM
  • They say it's temporary by Zoinks (Score:1) Thursday August 09 2001, @07:39AM
  • Um, hello? by deblau (Score:1) Thursday August 09 2001, @12:05AM
  • I'm lucky by SCHecklerX (Score:2) Thursday August 09 2001, @10:56AM
  • Hrmmm.. by ImaLamer (Score:1) Thursday August 09 2001, @12:02AM
  • by phoenix_orb (469019) on Thursday August 09 2001, @12:11AM (#2117921) Journal
    I work for a regional CLEC out of chicago. We have several thousand installed DSL lines. This is how we have been coping with the Code Red worm... (*as a buisness class of service, we can't be simply turning off all port 80.. many people do host off of our SDSL lines*)

    We have a large number of 10.x.x.x addresses for our broadband subscribers. (This saves us the trouble of assigning public IP's to every single customer, because most don't want nor need a public IP). Our NAT server was getting so clogged up with TCP/IP sessions because code red was serching for hosts. (and once it got into the 10.x.x.x network, it has lots of addresses to check.

    We simply got a free scanning utility (sorry... I am at home, don't have it here, nor the time to find it. ) After scanning all of our customers, we located around 30 infected computers.) We left messages stating that they were infected, and we were shutting off there connection until they would remove the offending computer..(we could discern the IP itself, and our users are statically assigned, not DHCP thank god..)

    Several users were irate as all hell, but the good of the many outwieigh the good of the few correct? Many times the customer simply unplugged the computer and we put them back on. They are then responsible for patching it.. We have been running scans everyday, and have now gotten fewer and fewer code red worms in our user's DSL systems.

    I think that this was the ideal approach. Why use a damn sledgehammer when all of about 30 minutes of work allows you to use a use a fly swatter to remove the offending computers.
  • Buy CLEC DSL by sulli (Score:2) Thursday August 09 2001, @10:55AM
  • AT&T / Mediaone is blocking ALL HTTP GET REQUESTS! by MikeFarrington (Score:1) Thursday August 09 2001, @09:50AM
  • This is no news to @home by pvera (Score:1) Thursday August 09 2001, @07:35AM
  • The Quest for Perfection by agusus (Score:1) Thursday August 09 2001, @07:33AM
  • Fairly decent Temp Fix for port 80 block by CM39 (Score:1) Thursday August 09 2001, @08:21AM
  • Time to change ports. (Score:3, Insightful)

    by Kozz (7764) on Thursday August 09 2001, @09:09AM (#2121916) Homepage
    So if you must host something but Excite@Home is blocking port 80, change your Apache config to listen on a different port number.
    • 1 reply beneath your current threshold.
  • Don't forget SBC (Verizon)'s other crack down by ben_tarval (Score:1) Thursday August 09 2001, @12:13AM
  • how to get buy with their changes... by Lord_Apophis (Score:1) Thursday August 09 2001, @02:36AM
  • Well, it hasn't really helped much! by SCHecklerX (Score:2) Thursday August 09 2001, @08:31AM
  • Please tell me why this is a bad thing? by Ryan Amos (Score:1) Thursday August 09 2001, @02:23AM
  • I take it back... by E-Rock-23 (Score:1) Thursday August 09 2001, @04:15AM
  • Just be happy you have cable modem by CrazyJim0 (Score:1) Thursday August 09 2001, @12:28AM
  • Help stop CodeRed infections with Vigilante by rs_nuke (Score:1) Thursday August 09 2001, @08:41AM
  • One solution to outgoing SMTP port blocks. by markbanang (Score:1) Friday August 10 2001, @07:51AM
  • Phone analogy by mwillems (Score:2) Thursday August 09 2001, @07:04PM
  • verizon.... by GiMP (Score:1) Thursday August 09 2001, @12:29AM
  • Is your webserver down? Use uptime. by bulb (Score:1) Thursday August 09 2001, @02:50PM
  • Perfectly Reasonable Response (Score:5, Insightful)

    by gnugeekus (463988) on Thursday August 09 2001, @05:46AM (#2125640)
    I'll preface this by saying that I'm a @home customer, and I'm bummed out that I can't run a web server anymore.

    I think that this is a perfectly reasonable response from @home. I work at a large ISP and I've seen how rapidly this code red garbage spreds. The little editorial comment that they can "simply block infected machines" is, quite frankly, garbage. Code Red 2 spreads faster than anyone could possibly keep up with blocking one machine at a time.

    Code Red 2 is tearing up bandwidth at these cable companies. Its noticeably slowing down my speeds on my home internet connection. Something needs to be done in a hurry, and blocking port 80 is a fast solution that works.

    Instead of blaming the broadband providers, why don't you blame the real culprit in this situation: Windows. Get angry at Microsoft; if it weren't for their lousy code and lousy security this problem would not have been possible in the first place.

  • The problem is.... by fataugie (Score:2) Thursday August 09 2001, @09:07AM
  • So don't buy DSL for a big company by Shishak (Score:1) Thursday August 09 2001, @06:31AM
  • canadian DSL by Rev. DeFiLEZ (Score:1) Thursday August 09 2001, @08:04AM
  • All in competition... by Uttles (Score:1) Thursday August 09 2001, @07:57AM
  • Why didn't they pick the elegant solution? by igomaniac (Score:1) Thursday August 09 2001, @02:48AM
  • Contracts by jkmiecik (Score:1) Thursday August 09 2001, @11:17AM
  • My Temporary Work-Around by Anonymous Coward (Score:2) Thursday August 09 2001, @09:10AM
  • Want to have some fun? by drix (Score:2) Thursday August 09 2001, @02:03AM
  • Blocking ports should be fought in court by SlashDread (Score:1) Thursday August 09 2001, @10:03AM
  • @HOME by Anonymous Coward (Score:2) Thursday August 09 2001, @12:44AM
    • 1 reply beneath your current threshold.
  • I must be the only one... (Score:3, Insightful)

    by Anonymous Coward on Thursday August 09 2001, @12:10AM (#2133160)
    I'm posting AC because it seems each time I post my opinion on this topic, I lose karma...

    I don't see any reason why providers shouldn't block port 80 incoming. The only reason to have that open is to run a webserver -- something most broadband providers explicitely disallow for residential customers. That's one of the reasons why a "business" account usually costs a lot more, even for the same speeds.

    Just because they let it ride up to now, doesn't mean they have any less a right to block it now. If they'd been doing this all along, I'm sure most people wouldn't be complaining now.

    Sure, it's nice to run a webserver at home, but residential service doesn't usually come with any kind of real uptime guarantees, etc. It just makes more sense to either get a business account, or get a real webserver (lease one, or use a shared provider, whatever).

    With the amount of port 80 requests in my firewall logs on my cable connection, I would welcome a block on port 80 personally. I've already bored of looking at 'dir' listings and deleting files on these idiot Windows/IIS machines... but seriously, it's time to put this thing to rest and move on. And get a webserver.
  • Verizon sucks by smz420 (Score:1) Thursday August 09 2001, @08:35AM
    • 1 reply beneath your current threshold.
  • Run it on a diffrent port by tvon (Score:1) Thursday August 09 2001, @06:42AM
  • DirectTV by nullhero (Score:1) Thursday August 09 2001, @10:50AM
  • Verizon and port 25 by [Zappo] (Score:1) Thursday August 09 2001, @09:46AM
  • Just spoke to Verizon DSL Support by yohaas (Score:1) Thursday August 09 2001, @09:48AM
  • Roadrunner in Austin by YardgnomeUT (Score:1) Thursday August 09 2001, @01:16PM
  • Help... by Amyloid (Score:1) Thursday August 09 2001, @12:34PM
  • From an AT&T Broadband user... by Alakaboo (Score:1) Thursday August 09 2001, @12:45AM
  • Wrong about SMTP @ Verizon by Salamander (Score:2) Thursday August 09 2001, @07:36AM
  • So? by orblee (Score:1) Thursday August 09 2001, @10:49AM
  • My quasi-AT&T server's still alive. by ediron2 (Score:1) Thursday August 09 2001, @02:08AM
  • roadrunner is fine by Trepidity (Score:2) Thursday August 09 2001, @12:53AM
  • BT Openworld by Bamyazi (Score:1) Thursday August 09 2001, @06:50AM
  • Verizon isn't blocking SMTP by JackiePatti (Score:1) Saturday August 11 2001, @03:47PM
  • At least you can get some form of broadband by donalbain (Score:1) Thursday August 09 2001, @07:04AM
  • Telocity Allows SErvers by wolf- (Score:1) Thursday August 09 2001, @07:59AM
  • Verizon not blocking outbound 25 by alien (Score:1) Thursday August 09 2001, @12:34PM
  • SMTP Service & Spammers by xrayspx (Score:1) Thursday August 09 2001, @07:02AM
  • It's obligatory. (Score:5, Funny)

    by SuiteSisterMary (123932) <slebrun@NoSPaM.gmail.com> on Thursday August 09 2001, @08:05AM (#2151439) Homepage Journal
    In 2001,worm was happening.
    Customer1: What happen?
    Customer2: Somebody set up us the port filter.
    Computer: We get mail. Customer1: What?
    Customer2: Email client turn on.
    Customer1: It's you !!!
    Cable Provider: How are you, gentlemen ???
    Cable Provider: All your TOS are belong to us !!!
    Customer1: What you say???
    Cable Provider: You have no chance to host, make your time.
    Cable Provider: Ha ha ha !!!
    Customer1: Move boxen.
    Customer2: You know what you are doing?
    Customer1: For great serving,
    Custoemr1: Move every boxen.
  • Recess: School's out by Graymalkin (Score:2) Thursday August 09 2001, @01:05AM
  • Recipe for avoiding the Broadband Blues... by sandgroper (Score:1) Wednesday August 08 2001, @11:53PM
  • Quit Complaining by doc_brown (Score:1) Thursday August 09 2001, @02:11AM
  • IMHO the upstreams should be paying webmasters by cdn-programmer (Score:1) Thursday August 09 2001, @06:02PM
  • You can thank IIS.. (Score:5, Interesting)

    by victwenty (451152) on Wednesday August 08 2001, @11:53PM (#2151930)
    Blocking port 80 is the only practical way providers such as @home have to control code red. I'm on their network and in the last 48 hours, I've gotten:

    [root@gamara log]# grep DPT=80 messages | wc -l

    3722

    code red hits, all from other @home users. All W2K/IIS 5.0 users. The ip's I've looked into all have the default pages up too. I've even tried running "dir" commands on a few through the "root.exe" backdoor code red installs, incredulous that it would work, and yes.. thousands of wide open NT boxen. This hasn't even seemed to slow down yet, despite the wide spread publicity which leads me to believe that a large percentage of those stricken are either totally clueless, don't realize they have IIS running (?), or flat out don't care which leaves the ISP little choice. And it may be my perception, or unrelated factors, but my net connection has certaintly seemed more sluggish over the last week, perhaps as a result of upstream saturation, something @home doesn't have much of.

    So I would agree, blocking port 80 is the most practical way of defeating this and it should have happened earlier. It's that or ban all microsoft operating systems as a public hazard :)

    • Re:You can thank IIS.. by geekoid (Score:2) Friday August 10 2001, @12:33PM
    • Re: default home pages by coyote-san (Score:2) Thursday August 09 2001, @10:57AM
    • Re:You can thank IIS.. by Elias Israel (Score:2) Thursday August 09 2001, @02:02PM
    • Re:You can thank IIS.. (Score:4, Interesting)

      by Todd Knarr (15451) on Thursday August 09 2001, @12:07AM (#2153096) Homepage

      I can think of a more effective solution: every time a Code Red probe goes out, deprovision the modem belonging to the customer with that IP address. They've got a proven AUP violation and a proven security problem that's disrupting their network. That's more than enough justification for jerking the account entirely. This has the dual benefits of shutting down Code Red and forcing people to actually learn how to secure their systems which makes future problems slightly less likely, and doesn't impact those of us who aren't susceptible to Code Red at all.

      [ Parent ]
    • Re:You can thank IIS.. by Mark Bainter (Score:1) Thursday August 09 2001, @10:09AM
  • Legality by lanner (Score:1) Thursday August 09 2001, @04:09PM
  • Verizon, SMTP and the universe by beanerspace (Score:1) Thursday August 09 2001, @01:14AM
  • Thanks Micheal, but by loraksus (Score:1) Thursday August 09 2001, @01:18AM
  • MediaOne blocks in the Twin Cities... by HongPong (Score:2) Thursday August 09 2001, @01:27AM
  • Thats nothing.... by AlXtreme (Score:1) Thursday August 09 2001, @04:40PM
  • Only port 80? by vrt3 (Score:1) Thursday August 09 2001, @01:29AM
  • virus protection (Score:3, Insightful)

    by Proud Geek (260376) on Wednesday August 08 2001, @11:52PM (#2152440) Homepage Journal
    All they are doing is trying to eliminate the two latest and nastiest network viruses, sircam and code red. Sircam starts sending stuff on port 25, and code red works by receiving stuff on port 80. I thought people WANTED those two worms squished!

    And for anyone complaining, read your TOS first. As several other people have pointed out, it specifically prohibits running servers, and allows this in other ways as well. You're not guaranteed an unbreakable or complete Internet connection for your $35 a month.

  • Fix if you have apache by hey! (Score:2) Thursday August 09 2001, @01:33PM
  • So why not change your port number? by macemoneta (Score:1) Thursday August 09 2001, @11:21AM
  • Why not make a PatchUp-Worm? by FlyveHest (Score:1) Thursday August 09 2001, @01:41AM
    • 1 reply beneath your current threshold.
  • Cablevision in NJ blocking inbound port 80 by zerofoo (Score:1) Thursday August 09 2001, @02:07PM
  • Only If... by Jebediah21 (Score:1) Thursday August 09 2001, @01:52AM
  • Pout your web server on ANOTHER port! by ggravier (Score:1) Friday August 10 2001, @05:18AM
  • Move to Canada by DickPhallus (Score:1) Wednesday August 08 2001, @10:31PM
    • Re:Move to Canada and use no-ip by Anonymous Coward (Score:1) Thursday August 09 2001, @02:07AM
    • Don't Move to Australia by lazybeam (Score:1) Thursday August 09 2001, @01:16AM
    • Bastards. by bl1st3r (Score:1) Thursday August 09 2001, @12:29PM
    • Re:Move to Canada by SirGeek (Score:2) Thursday August 09 2001, @12:39AM
    • Re:Move to Canada by jmcneill (Score:1) Wednesday August 08 2001, @10:32PM
    • Re:Move to Canada by Swaffs (Score:1) Wednesday August 08 2001, @10:34PM
    • Re:Move to Canada by trolebus (Score:1) Wednesday August 08 2001, @10:47PM
      • Re:Move to Canada by cheezedawg (Score:1) Thursday August 09 2001, @01:17AM
      • Re:Move to Canada by Kwikymart (Score:1) Wednesday August 08 2001, @10:57PM
        • Re:Move to Canada (Score:5, Informative)

          by Enigma2175 (179646) on Thursday August 09 2001, @12:13AM (#2129718) Homepage Journal
          DHCP servers must have a MAC address memory or something because it will assign me the same IP address all the time (and its not a feature of my dhcp client)

          Actually, it is a feature of the DHCP protocol. By default, you attempt to renew your address lease after 50% of it is gone. If you do not have connectivity to the DHCP server, the client will keep trying to renew the lease until it is able to contact the server again. The client will attempt to renew a lease from the same server that gave it the initial lease. Even if the lease has been expired for some time, the server will still attempt to give the same address. This is default on most DHCP servers. Of course, you can change this and automatically assign a different address each time, but it gives better overall network stability to have clients keep their ip addresses.

          [ Parent ]
        • Re:Move to Canada by Penrif (Score:1) Thursday August 09 2001, @08:25AM
        • Re:Move to Canada by Kwikymart (Score:1) Wednesday August 08 2001, @11:56PM
        • 2 replies beneath your current threshold.
      • Re:Move to Canada by Malc (Score:2) Wednesday August 08 2001, @11:01PM
      • 1 reply beneath your current threshold.
    • Re:Move to Canada by Malc (Score:2) Wednesday August 08 2001, @11:05PM
    • 1 reply beneath your current threshold.
  • No blocking yet by Heem (Score:2) Wednesday August 08 2001, @10:31PM
    • Re:No blocking yet by QuasiDon (Score:1) Thursday August 09 2001, @09:40AM
    • Re:No blocking yet by crusher-1 (Score:1) Thursday August 09 2001, @12:00AM
    • Clause? (Score:5, Insightful)

      by DiveX (322721) <slashdotcontact@oasisofficepark.com> on Wednesday August 08 2001, @10:36PM (#2169357) Homepage
      The hide behind clause will most likely be the one that says 'you may not run a server in connection with the @Home residential service'. http://home.com/support/aup/
      [ Parent ]
      • Re:Clause? by geekoid (Score:2) Friday August 10 2001, @12:16PM
      • Re:Clause? by yerktoader (Score:1) Thursday August 09 2001, @05:10PM
      • Re:Clause? (Score:4, Funny)

        by IronChef (164482) on Thursday August 09 2001, @01:08AM (#2151830) Homepage
        I am an @Home subscriber in Seattle. Here is the truly hilarious service they provide.

        - As an @Home user you are not supposed to do anything business related, including someting as simple as sending email to your office.

        - If you want to do business, you can easily upgrade your cable @Home connection to an "Excite@Work" DSL connection. Except that @Work simply isn't available over most of the @Home coverage area.

        So they tell you to upgrade to a product they can't sell you. Hilarious.

        I would happily pay more for @Home CABLE service if they would give me a fixed IP and not block servers. Not that they are at the moment, but I smell trouble on the horizon. That Qwest DSL with the month-to-month pricing is looking better all the time.

        [ Parent ]
      • Re:Clause? by pongo000 (Score:2) Thursday August 09 2001, @12:39AM
        • Re:Clause? by GreyPoopon (Score:1) Thursday August 09 2001, @03:45AM
          • Re:Clause? by dcavanaugh (Score:2) Thursday August 09 2001, @07:58AM
            • Re:Clause? by CerebusUS (Score:1) Thursday August 09 2001, @08:43AM
              • 1 reply beneath your current threshold.
      • Re:Clause? by The Famous Brett Wat (Score:2) Wednesday August 08 2001, @11:43PM
        • Re:Clause? by jrp2 (Score:1) Thursday August 09 2001, @02:05AM
    • Re:No blocking yet (Score:4, Insightful)

      by natet (158905) on Wednesday August 08 2001, @10:49PM (#2169422)
      Hello, read your contract. @home does not allow their residential customers to run webservers anyway.

      From their service agreement.

      AT&T Broadband does not allow servers to be connected to the cable modem. This means that no computer in a personal network can be used as a server.

      Hmmm, sounds like a pretty good clause to hide behind, eh?

      [ Parent ]
      • Re:No blocking yet (Score:4, Insightful)

        by Velox_SwiftFox (57902) on Wednesday August 08 2001, @11:54PM (#2151438)
        That's odd. There isn't any such clause in the subscriber agreement [att.com] that the AT&T page [att.com] listed at in the Slashdot announcement links to.

        Could you provide a URL for what you are quoting?

        The explanation given and the clause given as an excuse are (quoting from the above links) an extremely long stretch in IMO:

        Why Can't AT&T@Home Residential Customers Run Web Servers?

        The AT&T@Home residential service offering is a consumer product designed for your personal use of the Internet. Customers must ensure that their activity does not improperly restrict, inhibit, or degrade any other user's use of the Services, nor represent (in the sole judgment of AT&T Broadband) an unusually large burden on the network itself.

        The benefits and privileges available from the AT&T@Home, and the Internet in general, must be balanced with duties and responsibilities so that other customers can also have a productive experience.

        Under the terms of the AT&T Broadband Subscriber Agreement customers are not to restrict, inhibit or otherwise interfere with the ability of any other person to use or enjoy the AT&T Equipment or the Service. See Prohibited Uses of Service (g) in the AT&T@Home Subscriber Agreement.

        The clause referred to:

        g) restrict, inhibit or otherwise interfere with the ability of any other person to use or enjoy the AT&T Equipment or the Service, including, without limitation, posting or transmitting any information or software which contains a virus or other harmful feature; or generating levels of traffic sufficient to impede others' ability to send or retrieve information;

        So, where do they get off filtering a small, low-bandwidth server that doesn't do what "clause g" prohibits?

        [ Parent ]
      • Re:No blocking yet by icewalker (Score:2) Wednesday August 08 2001, @10:58PM
        • 1 reply beneath your current threshold.
      • Re:No blocking yet by plague3106 (Score:1) Thursday August 09 2001, @09:16PM
    • Re:No blocking yet by X-Dopple (Score:1) Wednesday August 08 2001, @11:01PM
    • Re:No blocking yet by NullPointer (Score:1) Wednesday August 08 2001, @11:14PM
    • Re:No blocking yet by datapt (Score:1) Thursday August 09 2001, @08:17AM
    • 2 replies beneath your current threshold.
  • so what by FreakBoy (Score:2) Wednesday August 08 2001, @10:32PM
  • We haven't done this yet.. (Score:3, Insightful)

    by BiggestPOS (139071) on Wednesday August 08 2001, @10:34PM (#2169343) Homepage
    But considering the average level of intelligence of our customers is close to NIL, I really think we should. We get a lot of emails, and calls from people who have detected attacks from our Customers, and we call the customers, and they are just like, "Wha?"

    Its great. So instead we just let the network FLOOD. But good thing we aren't blocking port 80, that would SCREW over like what, .1% of our cusomters?

  • Quite common already (Score:5, Insightful)

    by SnapperHead (178050) on Wednesday August 08 2001, @10:37PM (#2169359) Homepage Journal

    Actually, cable and DSL providers are already blocking port 80 (and most lower ports) for months. I am a Charter cable customer. When I first signed up, all ports below ~1500 where blocked. (With the expection of 53, 113, and a few of others) Customers where forced to use there proxy server. Even outbound port 80 was blocked.

    After complaining for 4 months about it. and many phone calls to there head techs and managers. I finally won. I proved to them why blocking all of those ports was insaine. I simply wanted to run NTP on my machine. (Well, my entire LAN, but they didn't know anything about that :) Which requires 123/UDP.

    As the months went on, more and more ports started opening. One thing that they have relized is that people will run servers regardless. People who abuse it (setting up high traffic sites) will be shutoff. Personally, I think its insaine. I should have the right to run a personal site, as long as it doesn't get out of hand. If it did get to that point, I wouldn't be hosting on cable.

    So, they blocked the ports. I wonder how long it will stay. I would be very carefull, they may use this as an excuse to keep the ports blocked.

    Working with the large companys his difficault, tring to convince them that they should unblock them. I can kinda of understand there postion. But, then again, it kinda upsets me.

    • Re:Quite common already (Score:4, Insightful)

      by einhverfr (238914) <ctravers@ieee.org> on Thursday August 09 2001, @12:16AM (#2116069) Homepage Journal
      I will never use such a service that requires me to proxy. Simple reason. I support other people in my house and I do so through SSH. If I am not home, I ssh into the box and fix things. If my ISP won't allow it, I won't use them. This is going to play havock with those that use XP when they call for support and drive up support costs for everyone because they can't allow incomming requests for remote desktop support!

      Not that I like XP. But I can see this causing lots of angery letters...

      [ Parent ]
    • Re:Quite common already by balls001 (Score:1) Thursday August 09 2001, @08:12AM
    • They should remain blocked (Score:5, Insightful)

      by Anonymous Coward on Thursday August 09 2001, @07:34AM (#2152341)
      99% of cable modem and DSL subscribers do NOT need to run servers of any kind. By leaving them open across the board you open the door for this kind of worm to propogate across misconfigured systems where people have gone and accidently installed IIS or even an unpatched UNIX box. Does that mean you shouldn't be allowed to run servers period? No! What should be required is for your to sign a consent statement that says you are responsible for any damage caused by attacks taking place from or to your machine and will pay any cleanup costs needed to deal with attacks against a server on your network. There should also be a formal risk assessment and penetration test conducted against your server setup to determine if it is indeed ready to be connected to the Internet. Too many people are putting these god damned buggy open machines on the Internet and then bitching about censorship when an ISP filters them. If people would take responsibility and make sure their systems are constantly updated it wouldn't be an issue, but most DON'T. And no, I'm not talking about the uber geek average Slashdot guy who upgrades their kernel every night to the latest version and has a cron job setup to do an apt-get update. I'm referring to Joe Average who installed his first Linux box to fiddle with or the guy who installs IIS during the Win2k install because it was there and he wants a full install of the OS. These people should not have full unfettered access to the Internet. You guys are starting to sound like the people I have to deal with who absolutely demand to have complete unfiltered access to the Internet so they can run whatever god awful program of the day they've come up with as a business requirement that is blocked by the firewall. Netmeeting anyone? Oh, you want to punch IPSec holes through the firewall? Uh huh.. no... FTP??? You want an FTP site on your desktop? Uhhh.. no.
      [ Parent ]
    • Re:Quite common already by calags (Score:2) Wednesday August 08 2001, @10:59PM
    • 1 reply beneath your current threshold.
  • Verizon DSL is NOT THAT EVIL (Score:4, Informative)

    by Deadbolt (102078) on Wednesday August 08 2001, @10:37PM (#2169361)

    Verizon *DOES NOT BLOCK* outgoing port 25 *OR* port 80! I've been running my own mail server off the standard DSL offering, $40 a month, for almost a month now and never one hint of problems. I can send mail anywhere. I can telnet to port 25 on any Internet-accessible mail server.

    And correct me if I'm wrong, but if Verizon blocks outgoing port 80, wouldn't that put a bit of a dent in most popular web browsers?

    For the love of God, try to be a little accurate! There are plenty of real problems to bitch about!

    • Re:Verizon DSL is NOT THAT EVIL by jpostel (Score:1) Thursday August 09 2001, @07:53AM
    • Re:Verizon DSL is NOT THAT EVIL by loraksus (Score:1) Thursday August 09 2001, @01:11AM
    • Re:Verizon DSL is NOT THAT EVIL (Score:5, Informative)

      by supz (77173) on Thursday August 09 2001, @01:48AM (#2152938) Homepage
      Please forgive me if I don't make entirely too much sense right now, as I just woke up. (Yes I'm on the East Coast, Yes it's 2:29 AM, Yes I have insomnia)

      I noticed this happened around 5 am yesterday morning (Tuesday, August 7th). Well I didn't notice it, I just tailed my apache logs and web requests seemed to stop coming in around that time. None the less, I got into work that day and noticed I couldn't access my personal web page... NOTE: Personal, not commercial. I put pretty pictures, that I've taken with my digital camera, on it. I was however able to ssh into it and ftp into it.

      What was going on? I got scared for a second cause I thought perhaps they started enforcing some term of their service, but it wasn't until I got home and (not so thoroughly) skimmed through their TOS that I realized running a server was not against their TOS, as a matter of fact they worded it so JUST dialup users cannot run a "server of any kind", and it seemed to be fine for DSL users.

      So I call up Verizon, talk to a couple different people, none of which knew a single thing about anything. One tried to accuse me of violating the TOS, and I told them it said I'm allowed to run a server in it. She shut up immediately.

      Another told me that since I wasn't patched against code red, my internet service was being blocked. I told her I wasn't using a Microsoft operating system therefore I'm not affected by it, and even if I wanted to I wouldn't be able to apply the patch. She told me that because I didn't apply the patch, port 80 was being blocked. Again, I explained to her I wasn't running a Microsoft OS. In the end I think I explained it to her around 5 times... hopefully she knows a little more about computers now.

      Finally I got to some guy who was somewhat intelligent, although he did call Linux, L-EYE-NUCKS, he seemed to have some understanding of how to press buttons. I asked him why port 80 was being filtered, and he told me because Microsoft had recommended they block the port. (BTW, I totally agree with someone else that commented on this, who said that because of Microsoft building insecure web servers, we are paying. That is fuct) I asked him if there was anything they could do to unblock the port for me, like put me on another subnet and give me a static IP (I'm a sneaky bastard), or put some kind of flag on my account. He told me that for the time being there was no work around, however he would post a memo and suggest to their tech team they find a way around the port blocking for users who are patched, or not running a Microsoft OS. I asked how long the filtering would stay in place ... he told me it would only last for another couple hours. Right there I told him I didn't think that was true, but he insisted it would only last another hour or two, MAX... port 80 is still blocked.

      I just thought I'd contribute this tid bit. I have Verizon DSL in Northern New Jersey, in Essex County. Again, their TOS did not prohibit running a server, unless you are on a dial up. I would post it here, but there is also some clause in their TOS that prohibits reproducing it, so if some brave soul wants to post it below this, go right ahead =]

      I need to get a higher paying job so I can get a T1 and then just have to deal with UUnet fiber-optic cuts because of train wrecks [yahoo.com].

      [ Parent ]
    • Re:Verizon DSL is NOT THAT EVIL by Bullschmidt (Score:2) Wednesday August 08 2001, @10:39PM
    • by Dutchie (450420) on Wednesday August 08 2001, @10:45PM (#2169397) Homepage
      He said 'incoming port 80'. Yeah that'd be swell, blockign outgoing port 80.
      [ Parent ]
    • Re:Verizon DSL is NOT THAT EVIL by jspaleta (Score:3) Wednesday August 08 2001, @11:30PM
    • 3 replies beneath your current threshold.
  • A simple go-around: by Travoltus (Score:1) Wednesday August 08 2001, @10:39PM
  • Speakeasy! (Score:4, Informative)

    by Evil MarNuke (209527) on Wednesday August 08 2001, @10:39PM (#2169367) Homepage
    If you want to host servers at host there is only one real choice out there, and that's SpeakEasy. Oh, don't take my word for it, read the Terms of Service [speakeasy.net]. It says:
    Personal Web Page Restrictions:

    We believe in the right of the individual to publish information that they feel is important to the world via the Internet. Unlike many ISP's we do allow you to run a server (web, mail, etc.) over your DSL line.

    Enough said.

    • Re:Speakeasy! by MagPulse (Score:1) Thursday August 09 2001, @02:57AM
      • Re:Speakeasy! by nestler (Score:1) Thursday August 09 2001, @11:53AM
        • Re:Speakeasy! by festers (Score:1) Thursday August 09 2001, @03:55PM
    • Re:Speakeasy! by nbvb (Score:1) Wednesday August 08 2001, @11:03PM
    • Re:Speakeasy! by 1Oman (Score:1) Wednesday August 08 2001, @11:05PM
      • Re:Speakeasy! by Gill Bates (Score:1) Thursday August 09 2001, @03:05PM
    • Re:Speakeasy! by Velox_SwiftFox (Score:2) Wednesday August 08 2001, @11:37PM
      • Re:Speakeasy! by mgarraha (Score:1) Thursday August 09 2001, @12:58AM
        • Re:Speakeasy! by Gill Bates (Score:1) Thursday August 09 2001, @02:57PM
    • Speakeasy Rocks by Schmerd (Score:1) Wednesday August 08 2001, @11:38PM
    • Re:Speakeasy! by Nafai7 (Score:1) Thursday August 09 2001, @10:26AM
    • Re:Speakeasy! by andreass (Score:1) Thursday August 09 2001, @01:10PM
      • 1 reply beneath your current threshold.
    • Re:Speakeasy! by Evil MarNuke (Score:1) Friday August 10 2001, @05:41AM
    • 2 replies beneath your current threshold.
  • Not a huge surprise.. (Score:3, Insightful)

    by James_G (71902) on Wednesday August 08 2001, @10:40PM (#2169372)
    To be fair, @Home have always said that their residential customers should not run servers of any kind - this has always been their policy and up until now, they've basically turned a blind eye (At least, they never complained when I ran servers on my cable modem connection).

    Now they're doing the sensible thing to contain potentially hundreds of thousands of machines running IIS (Mostly run by people who probably have no idea about worms and the like anyway - even if they knew they were running a web server in the first place).

    Seems pretty sensible to me, although my DSL ISP has no problems with me running servers, so I'm happy either way..

  • by Anonymous Coward on Wednesday August 08 2001, @10:40PM (#2169373)
    It would mean them having to to do real work shutting down accounts of those who are not smart enought to run a 1mo old patch on their systems. I't makes me angry, because if there was another option for a high speed connection, I would have done it a long time ago. All day I have recieved calls from clients wondering if my dev machine dropped off the web. I called att and what they acually said was "when we installed the service, we set up with NT Based systems because it was the fastest way to get it working, not because it was the most secure", then the tech followed with "all of our servers have viruses",, I'm not sure but it sounded like she was'nt too happy with her job..
  • This really appears to be... by Mhrmnhrm (Score:2) Wednesday August 08 2001, @10:40PM
  • SSL anyone? by DanEsparza (Score:1) Wednesday August 08 2001, @10:40PM
    • Re:SSL anyone? by Maditude (Score:1) Wednesday August 08 2001, @11:52PM
      • Re:SSL anyone? by LinuxHam (Score:1) Thursday August 09 2001, @10:39AM
      • Re:SSL anyone? by Old Wolf (Score:2) Thursday August 09 2001, @02:22AM
  • Read your TOS! (Score:5, Insightful)

    by SClitheroe (132403) on Wednesday August 08 2001, @10:41PM (#2169378) Homepage
    Seriously people... Most, if not all, broadband providers prohibit running servers from home accounts (it's definitely that way for @Home users, even if they do generally turn a blind eye to small time web servers). They generally also have some sort of clause which basically doesn't guarantee unlimited or uncontrolled inbound or outbound access. For that matter, most broadband (and thinband) providers provide a clause which basically exempts them from any sort of service level agreement.

    Signing on with a domestic oriented ISP means that you are essentially "users" on their network. Blocking inbound port 80 access is a good starting point for at least protecting their internal network segments. If you were running what is essentially a DHCP/DNS/proxy service for thousands of users, wouldn't you at least take this step to protect the integrity of your network?? (I admit it doesn't begin to solve all the problems, but...)

    If you want to run your own "mini NOC", then pony up the cash and get ISDN, a T1, or something faster put into your basement. But if you are subscribing to a consumer grade ISP's offerings, don't be suprised when this happens. And especially don't start with the geek indignation, because consumer broadband is not meant, nor sold, under the pretense of running home servers.

    • Re:Read your TOS! by the_tsi (Score:2) Thursday August 09 2001, @09:49AM
    • AT&T even allows commercial PORN servers... by rochlin (Score:1) Thursday August 09 2001, @02:09PM
    • Re:Read your TOS! by meldroc (Score:2) Thursday August 09 2001, @12:26PM
    • Re:Read your TOS! by The Dev (Score:2) Thursday August 09 2001, @09:42AM
    • Re:Read your TOS! (Score:4, Insightful)

      by bacchusrx (317059) on Thursday August 09 2001, @12:53AM (#2123907)
      I don't know if its just the prole in me talking or the heat, but it seems to me that the arrogance & pretentiousness of saying, "Get your own T1 or stop complaining," is just a bit mindboggling.

      From a social standpoint -- where our priorities are less about the "bottom line" and more about providing for a healthy, vibrant, diverse democracy -- there isn't an incredibly good reason why web servers or other content servers are prohibited on so-called "consumer" Internet service providers.

      In some cases the bandwidth isn't there-- I understand that, however, in general, the speeds are suitable for most people's private soapboxes... further, overall and in general, home servers do little harm to the network, Code Red notwithstanding.

      And in all seriousness, I doubt anyone expects strict uptime SLAs or performance guarantees from your local @Home franchise. I'm not suggesting that "consumer-grade" Internet access claims to offer such things or even really ought to... However, I tend to believe that the prohibition on servers is more an effort to control media content creation & affordable distribution more than it is an effort to ensure network stability.

      In effect, a ban on servers prevents citizens from competing affordably for so-called "mindshare" with big corporations and others who don't sweat the cost of dual redundant T3 connectivity.

      Broadband internet access has the potential to really revolutionize media distribution by empowering individuals to affordably control & create new and innovative media outlets.

      On the other hand, most home servers probably aren't even public servers but private servers used for, say, development purposes or sharing files between office & home. These uses are of course even less stressful on the network and certainly more benign.

      Meh... just some food for thought.

      BRx.

      [ Parent ]
      • thank you by twitter (Score:2) Thursday August 09 2001, @11:34AM
        • 1 reply beneath your current threshold.
      • Re:Read your TOS! by ergo98 (Score:1) Thursday August 09 2001, @01:03AM
        • Re:Read your TOS! by bacchusrx (Score:3) Thursday August 09 2001, @01:18AM
          • Re:Read your TOS! by Fred Ferrigno (Score:1) Thursday August 09 2001, @06:10AM
            • Re:Read your TOS! (Score:5, Insightful)

              by bacchusrx (317059) on Thursday August 09 2001, @07:18AM (#2140489)
              Again, these aren't totally valid arguments. I've not seen any valid, technical reason to prohibit servers on broadband connections that cannot be satisfied by other means. As I've said before, the real push seems to be to restrict home users from being content producers.

              It also creates an artificial market-- why would I buy "business class" bandwidth or co-locate a server for a site that's adequately hosted on broadband for a fraction of the price? We're not talking "enterprise, mission-critical, ecommerce" web applications or anything... we're talking about noncommerical, nonprofit media forums.

              I run a site that gets maybe 100 hits a day, is frequented by only a small group of 15 visitors. However, we have very complicated custom web applications the drive the sorts of things we do... free or paid shared hosting is not an option. Nor is it a real possibility to shell out money for co-location or "business class" bandwidth for this sort of thing -- that of course generates no profit. The idea that the home user should settle for less (yanno, the idea that a 5MB, add-riddled, censored, GeoCities account "is good enough") -- that only big corporations should have access to high quality server applications -- is disturbing. It reinforces the idea that the Internet is here for business-- not for culture, not for recreation, not for academia, not for the free exchange of ideas.

              Access to the tools big business uses is a real possibility with broadband since a lot of hobbyists, enthusiasts or professionals working in their spare time can put together a lot of the same things that corporate and "ecommerce" sites can...

              As I say, I'm not claiming that broadband needs to come tethered to the sorts of service levels that corporate folks are expecting-- nobody suggests such a thing... but there's no good reason to limit people to Geocities because... "pfah! if you're serious, you'd co-locate in an Exodus data center."

              That argument is pretentious and elitist. I get no Darwinian thrill from seeing only the moneyed have access to technologies all of us could use, enjoy and share at minimal cost.

              BRx.

              [ Parent ]
      • 1 reply beneath your current threshold.
    • Re:Read your TOS! by tshak (Score:2) Thursday August 09 2001, @12:27AM
    • Re:Read your TOS! (Score:4, Insightful)

      by janpod66 (323734) on Thursday August 09 2001, @04:20AM (#2142656)
      Seriously people... Most, if not all, broadband providers prohibit running servers from home accounts

      And what exactly is a "server"? Is accessing your Pilot calendar remotely using a server? Is using an FTP client a server? What about identd? What about my PC vendor's remote Windows support system? Is running a client connection to establish a VPN to some other host on the Internet and poking out a server socket on that machine "running a server"? Let's be concrete please, because my TOS don't actually say. They are so vague that the provider can make up what they mean whenever they like.

      And especially don't start with the geek indignation, because consumer broadband is not meant, nor sold, under the pretense of running home servers.

      That would be true if broadband providers fully owned all the rights of way and infrastructure. They don't. They tear up public streets and use public spectrum only because the communities where they deliver service let them. They can be kicked out if they don't satisfy the needs of the community. And peer-to-peer and servers are crucially important in particular for non-commercial and non-profit uses.

      Furthermore, for broadband providers to try to control whether you may run a "server" is the beginning of content controls. The next thing you know, you'll only be able to connect to the commercial sites of your provider's choosing.

      Broadband providers should be legally required to provide universal Internet connectivity and set rates and limitations based on bandwidth and volume only. Possibly, there might be two rate structures, one for non-commercial and another for commercial customers. But providers should have no business deciding what content or packets travel over their networks, as long as the packets are properly addressed and their format is according to spec.

      [ Parent ]
      • 1 reply beneath your current threshold.
    • Re:Read your TOS! by Stiletto (Score:2) Thursday August 09 2001, @10:33AM
    • I read my TOS! by Cowculator (Score:1) Thursday August 09 2001, @08:10AM
    • Re: TOS restrictions - Solution by psycho_tinman (Score:1) Thursday August 09 2001, @01:35AM
    • Re:Read your TOS! by Versa (Score:1) Thursday August 09 2001, @01:53AM
      • 1 reply beneath your current threshold.
    • Re:Read your TOS! by cyberdonny (Score:2) Thursday August 09 2001, @03:08AM
    • Re:Read your TOS! by Atzanteol (Score:2) Wednesday August 08 2001, @10:52PM
      • 1 reply beneath your current threshold.
    • Re:Read your TOS! (Score:5, Informative)

      by almeida (98786) on Wednesday August 08 2001, @10:54PM (#2169436)
      http://slashdot.org/comments.pl?sid=01/08/07/19262 12&cid=301 [slashdot.org]. I read my TOS, you obviously didn't.
      [ Parent ]
    • Re:Read your TOS! by Monkeyman334 (Score:1) Wednesday August 08 2001, @11:02PM
    • Re:Read your TOS! by abe ferlman (Score:1) Wednesday August 08 2001, @11:13PM
    • I've read my TOS and it sucks. (Score:5, Insightful)

      by The Famous Brett Wat (12688) on Wednesday August 08 2001, @11:17PM (#2169527) Homepage Journal
      I would definitely like to take issue with the idea that "users" means "client applications". It is my opinion that the ISP should not care one whit whether my applications use the Internet by initiating outbound TCP connections, or by accepting inbound TCP connections. The distinction with UDP is even less relevant. All of these schemes result in inbound and outbound traffic. If they wish to say something about traffic volumes, then let them do so, but I do not want them dictating how I use that volume (other than reasonable constraints on network abuse, and other legal matters).

      If anyone can explain a good reason for banning servers rather than limiting data volumes, I'm all ears. I think it's either a combination of laziness and sloppy thinking on the part of the providers, or a desire to force the "users" to also be "content consumers" rather than "content providers". Hanlon's razor, I believe, favours the former explanation.

      [ Parent ]
    • Simply not true... (Score:4, Informative)

      by Gregoyle (122532) on Wednesday August 08 2001, @11:18PM (#2169532)
      Most, if not all, broadband providers prohibit running servers from home accounts

      Definitely not all. MediaOne (now AT@T Broadband) never prohibited it. I understand your reasoning, but if you chek the TOS, many companies do not explicitly prohibit running your own server, and some even explicitly permit it.

      What AT&T (at least the Roadrunner service) prohibited was duplication of their services. You weren't allowed to run as an ISP, and they also reserved the right to shut you down if you used up too much bandwidth. You weren't allowed to run a commercial web-server, because they sold web hosting.

      I don't disagree with their decision, as inconvenient as it is for me. I can just have my webserver listen to a port that is not 80. I don't even know if MS IIS supports this, but luckily I'm not running IIS.

      Think about it this way: if the virus was actually eating enough bandwidth and resources to affect the general home user experience, they would get complaints from those users. Maybe they will open the ports back up. Ha. that kind of stuff never happens. oh well... guess I have to look for a new ISP (maybe speakeasy.net, even though ovad is going belly up...)

      [ Parent ]
    • Re:Read your TOS! (Score:5, Informative)

      by StarTux (230379) on Wednesday August 08 2001, @11:18PM (#2169533) Homepage Journal
      I'll test this "filtering" in a couple of days (DNS updates going on).

      If you read the link Slashdot kindly provided for you you will notice this:

      Looks as though they updated that part about servers, all I could find was this:

      " (b) FTP/HTTP Service Setup. Customer should be aware that when using the Service to access the Internet or any other online network or service, there are certain applications, such as FTP (File Transfer Protocol) server or HTTP (Hyper Text Transfer Protocol) server, which may be used to allow other Service users and Internet users to gain access to Customer's computer. If Customer chooses to run such applications, Customer should take the appropriate security measures. Neither AT&T nor @Home Network shall have any liability whatsoever for any claims, losses, actions, damages, suits or proceedings resulting from, arising out of or otherwise relating to the use of such applications by Customer, including without limitation, damages resulting from others accessing Customer's computer. "

      So they do not mind you running the services, just that you are responsible for your security.

      For reference:
      http://help.broadband.att.com/faq.jsp?content_id =7 92&category_id=54

      http://help.broadband.att.com/subagreelease.jsp

      StarTux
      [ Parent ]
    • 4 replies beneath your current threshold.
  • Red thingie by X.25 (Score:1) Wednesday August 08 2001, @10:41PM
    • Re:Red thingie by gfhilton (Score:1) Wednesday August 08 2001, @11:26PM
      • Re:Red thingie by nugatory (Score:1) Thursday August 09 2001, @12:02AM
    • 1 reply beneath your current threshold.
  • Give me a break by Moonwick (Score:1) Wednesday August 08 2001, @10:42PM
  • Why not force a download of the patch? by Omerna (Score:2) Wednesday August 08 2001, @10:42PM
  • Not in Hampton VA. by QwkHyenA (Score:2) Wednesday August 08 2001, @10:42PM
  • Leased Line by trolebus (Score:2) Wednesday August 08 2001, @10:43PM
    • Re:Leased Line by dan_bethe (Score:2) Thursday August 09 2001, @12:08AM
    • Re:Leased Line (Score:5, Insightful)

      by figment (22844) on Wednesday August 08 2001, @11:58PM (#2129048)
      No offense, but this is quite possibly the worst idea i've ever heard. Hopefully i can convince you that this is the worst idea you've ever thought of.

      > Granted I don't know how much one costs but I
      > figure at around $40 a month a group of about
      > 20-30 should be able to gets something way
      > faster that DSL/Cable and without the bullshit.

      We have an LADC line (which while only rated for 9600baud, but can do 768k unreliably via HDSL), that runs 4 blocks. It has a heavy distance limitation. It costs $80/mo. This does not include bandwidth charges. Distance matters. A lot. Too far away? Too bad, you'll either need to 56k lease line (haha), or frame relay, or ptp t1. None of these (well except 56k) are in your pricerange.

      > around $40 a month a group of about 20-30
      > should be able to gets something way faster
      > that DSL/Cable and without the bullshit.

      Ok, let's say 25 people @ 40bucks, not including the line charge. that's $1k. Call up qwest, or maybe sprint, or maybe a tier 2-N (because that's all you can afford), and if you live near a POP and you're lucky, maybe you can get a full T1.

      Ok, now we have a shared T1, for 25 people (who i'm assuming will all be geeks, and will be downloading stuff late at night...) Assume a T1 can get maybe 160k/s throughput (you can't get 100% util on a T1 w/o severe latency problems), you get 6.4k/s. Congrats, you've gotten isdn speeds, for the cost of approximately $120/mo/person. This doesn't include startup costs. xDSL equipment costs a few hundred dollars on each end, and 802.11b accesspoints are a lot more expensive than the cards (no, airports don't count, their distance sucks) and the costs of outdoor antennas are horrendous, not to mention you'd have to find/hire someone to do the professional antenna install for you. You'd need a router for your shared T1, add another $600 in startup there.

      > What happens when the network / connection goes
      > down. Either we set up some sort of rotation
      > but we need an admin to fix stuff and that can
      > be expensive.

      Expensive is right. You can get a crappy consultant for $75/hr. Say something significant happens once a month for two hours (that's not too unreasonable, given the current codered/sircam problems, and general maintainence, mailserver/dns crap).

      Your cost is now $125/mo for slightlyhigherthan isdn speeds. See why this idea isn't that great?

      I'm not a big fan of the quality of service of @home or Roadrunner. But at $40/mo, what can you really expect? Does your cable modem/dsl occasionally do over 200k/s? It does? Guess what, just that bandwidth capability alone, would cost you $1.5k/mo to do.

      [ Parent ]
    • Re:Leased Line by RzUpAnmsCwrds (Score:2) Wednesday August 08 2001, @11:56PM
      • 1 reply beneath your current threshold.
    • Re:Leased Line by visualight (Score:1) Wednesday August 08 2001, @11:02PM
    • Re:Leased Line by CommanderTaco (Score:1) Wednesday August 08 2001, @11:30PM
  • by isdnip (49656) on Wednesday August 08 2001, @10:44PM (#2169392)
    The @Home customer agreements never allowed servers, particularly web servers. There's a valid technical reason, too: Cable bandwidth is asymmetric. There's typically a downstream pool of about 27 Mbps (depending on settings) shared among all users, while the upstream pool is more often in the 2 Mbps or less range. This comes about because upstream has to fit into the narrow patches of usable spectrum below 40 MHz, while downstream just fits among the TV channels between 50 and 750 MHz.

    So stick a server out there, get Slashdotted (or even just get mildly popular), and the upstream bandwidth is wiped out for your whole neighborhood (technically, the area of your optical conversion node and CMTS channel). This is a big risk, so the cable companies don't take it. Instead, they do give you some free hosting space at their data centers.

    VeriZontal has no such excuse -- ADSL has little upstream bandwidth (they typically provision only 90 kbps) but it's your very own, and they end up with a huge surplus of upstream bandwidth at the back of the DSLAM, where all of the traffic is aggregated. It's downstream that can congest easily. They're just being shmucks as usual. But if their customer agreement doesn't allow servers, then that's the deal -- commercial-grade DSL services allow servers.

    The real problem they're addressing (even VZ) is Code Red II. Web servers that get infected will probe their own networks like crazy looking for others to infect. This creates congestion. So shutting off port 80 stops the worm. Crude but effective. See the recent LinuxPlanet column about Charter for how a cable company won't admit that its infected servers are causing huge congestion. The author suggests blocking port 80!
  • 911 by bruthasj (Score:1) Wednesday August 08 2001, @10:45PM
    • Re:911 by Cirvam (Score:1) Wednesday August 08 2001, @11:29PM
      • Re:911 by invictus (Score:1) Thursday August 09 2001, @01:06AM
        • 1 reply beneath your current threshold.
    • 3 replies beneath your current threshold.
  • The end of a state of denial by Senor Wences (Score:2) Wednesday August 08 2001, @10:45PM
  • No sympathy by fremen (Score:2) Wednesday August 08 2001, @10:45PM
    • Re:No sympathy by JackiePatti (Score:1) Saturday August 11 2001, @04:01PM
    • Re:No sympathy by James Willard (Score:1) Thursday August 09 2001, @01:40AM
    • Re:No sympathy by icewalker (Score:1) Wednesday August 08 2001, @11:12PM
      • Re:No sympathy by purplemonkeydan (Score:1) Wednesday August 08 2001, @11:26PM
    • Re:No sympathy by thogard (Score:1) Thursday August 09 2001, @12:25AM
    • 2 replies beneath your current threshold.
  • Why don't ISP's provide firewall software? by Jimhotep (Score:1) Wednesday August 08 2001, @10:45PM
    • 1 reply beneath your current threshold.
  • RTFA by jpellino (Score:1) Wednesday August 08 2001, @10:46PM
  • imagine if other utilities did this (Score:5, Insightful)

    by Dr. Awktagon (233360) on Wednesday August 08 2001, @10:47PM (#2169407) Homepage

    Imagine if the phone company checked your lines for "business use" and shut you down unless you got a business contract.

    Or how about the power company, charging you differently depending on how you use the power, and limiting you to, say, 10 amps peak if you don't have a business contract.

    I wonder if it isn't appropriate to have a little (eek) government regulation when it comes to these things? Like not blocking any ports for any customer unless it is clearly marked in advertising or something?

    I always wonder when my ISP will decide, for the good of all customers, to shut down this or that port or filter or monitor traffic. They'll probably not even notify me, they'll just update the terms of service buried in their web page someplace.

    • Re:imagine if other utilities did this by numo (Score:1) Thursday August 09 2001, @05:48AM
    • Re:imagine if other utilities did this by mudshark (Score:1) Friday August 10 2001, @12:50AM
    • Port Filtering - Censoring - Liability by mr. fabulous (Score:1) Thursday August 09 2001, @02:45AM
    • Re:imagine if other utilities did this by jpellino (Score:1) Thursday August 09 2001, @08:58AM
    • Re:imagine if other utilities did this by enocim (Score:1) Thursday August 09 2001, @04:02AM
    • Re:imagine if other utilities did this by Sideways The Dog (Score:1) Thursday August 09 2001, @08:56AM
    • Re:imagine if other utilities did this by davie (Score:1) Wednesday August 08 2001, @11:08PM
    • by Ronin Developer (67677) on Wednesday August 08 2001, @11:18PM (#2169531)
      Imagine if the phone company checked your lines for "business use" and shut you down unless you got a business contract.

      The have do so for many years with regard to digital service. To residential customers, a phone line is sufficient if if passed voice. If you managed to get over a 300 baud connection , consider yourself lucky and don't complain if bandwidth sucks or you have drop offs.

      However, if you want higher bandwidth or guarantees, then you are supposed to order a data grade line (which is usually a business line). In fact, they tell you in their service agreement that if they detect business use of the line, they will charge your more for it.

      Telephone service is not a right but a priveledge to those willing to pay for use of the network. Same thing goes for most residential services like @Home. It is their network. You agree to their terms of service prior to them turning the service on. If you want to go outside the bounds of that agreement, then you are expected to pony up and purchase the appropriate service.

      There is nothing wrong with them enforcing the terms of their agreement. If you don't like their actions or policies, then take your business elsewhere. However, these actions are being taken to protect their customers from others as well as themselves through their own incompetence and negligience.

      The warning signs were plastered everywhere, remedies were posted in accessible locations, and these people did nothing to protect themselves. Now, they complain because their systems have been compromised. Oops.

      Or how about the power company, charging you differently depending on how you use the power, and limiting you to, say, 10 amps peak if you don't have a business contract.

      They can and do. Power companies routinely offer reduced rates for certain customers willing to meet certain guidelines. Example might be reduced rates for home owners willing to curtail power consumption during peek hours. They provide power real cheap so you can run your refrigerator and other minimal services (like keeping your house at 60 degrees). If you use the added circuits outside the conditions imposed on the line, the will either charge your a fortune or cut you off from the special deal altogether. It's not rocket science.

      [ Parent ]
    • 4 replies beneath your current threshold.
  • Just change the port by Vicegrip (Score:1) Wednesday August 08 2001, @10:48PM
  • My port 80 is not blocked... by Gunark (Score:1) Wednesday August 08 2001, @10:49PM
    • 1 reply beneath your current threshold.
  • by Kiwi (5214) on Wednesday August 08 2001, @10:49PM (#2169419) Homepage Journal
    I can understand the thinking behind this move. The sort of people who make a decision are thinking in terms of traditional big media thinking, which goes like this:

    The average American is a mere couch potato which the corporations feed information to the unwashed masses the same way the inhabinents of Huxley's Brave New World were fed soma. The average consumer has nothing to say unless what they have to say is under corporate control. While people running web servers were tolerated when what they did was not attracting the attention of the corporate suits, they are being cut off by those who feel that people really shouldn't be running personal web servers.

    I am also annoyed that, while Apache and other UNIX web servers are able make a web server without countless remote root exploits, all UNIX users on these cable modems suffer because Microsoft did not make a secure web server.

    Thankfully, this is easy enough to work around. E.G:

    http://24.x.x.x:8080/whatever.html

    - Sam

  • Necessary? by J'raxis (Score:2) Wednesday August 08 2001, @10:54PM
    • Re:Necessary? by don.g (Score:1) Thursday August 09 2001, @02:10AM
      • Re:Necessary? by J'raxis (Score:1) Thursday August 09 2001, @05:19PM
        • Re:Necessary? by don.g (Score:1) Friday August 10 2001, @11:37PM
          • Re:Necessary? by J'raxis (Score:1) Friday August 17 2001, @11:47PM
    • Re:Necessary? by Spackler (Score:1) Wednesday August 08 2001, @11:33PM
      • Re:Necessary? by J'raxis (Score:2) Thursday August 09 2001, @05:22PM
  • Road Runner (Score:4, Informative)

    by chill (34294) <Charles.E.Hill@gmail.com> on Wednesday August 08 2001, @10:56PM (#2169443) Homepage Journal
    While Road Runner isn't blocking (my cable modem light is still going nuts even when my computer is off); it is part of their Terms of Agreement: no e-mail servers, no web servers, no port scans.

    If you want to run an e-mail or web server, get a business line ($295/month w/1 IP; $325/month w/5 IP).

    However, they have been turning a REAL BLIND EYE to all of the above. I get port scanned daily and it looks like 30%+ of the machines on my subnet are running a web or mail server. (According to my *cough* port scan *cough* of the subnet.)

  • Even if you did run a Web server... by antdude (Score:2) Wednesday August 08 2001, @10:57PM
  • it would mean they had to do "real" work by mike13down (Score:1) Wednesday August 08 2001, @10:58PM
  • What the hey? by Pollux (Score:2) Wednesday August 08 2001, @11:00PM
  • Verizon has *not* blocked port 80 here... by jlrowe (Score:1) Wednesday August 08 2001, @11:01PM
  • The virtues of small ISPs by hillct (Score:2) Wednesday August 08 2001, @11:02PM
  • Just get a job! by dan_the_heretic (Score:2) Wednesday August 08 2001, @11:03PM
  • How is this going to help? by Anonymous Coward (Score:1) Wednesday August 08 2001, @11:07PM
  • Has affected some games as well by Anemophilous Coward (Score:1) Wednesday August 08 2001, @11:08PM
    • 1 reply beneath your current threshold.
  • AT&T and Excite@Home by Baloo Ursidae (Score:1) Wednesday August 08 2001, @11:13PM
    • 1 reply beneath your current threshold.
  • Southwestern Bell aDSL? by AKA da JET (Score:1) Wednesday August 08 2001, @11:13PM
  • Changing port numbers. by McDoobie (Score:1) Wednesday August 08 2001, @11:14PM
  • Fine with me... by nuxx (Score:1) Wednesday August 08 2001, @11:21PM
  • Pretty simple by pbur (Score:1) Wednesday August 08 2001, @11:21PM
  • Add the different port to the DNS Name.... by Dwaine Garden (Score:1) Wednesday August 08 2001, @11:23PM
  • Umm by savrinor (Score:1) Wednesday August 08 2001, @11:24PM
    • 1 reply beneath your current threshold.
  • TiVoWEB by creep (Score:1) Wednesday August 08 2001, @11:25PM

  • [Rummaging in drawer for flamesuit...]

    "They could have cut access to those running compromised servers, but instead chose to deny the ability to run a web server to all subscribers to their service."

    Honestly, if I was in the position of the ISP, I would just have cut off all port 80. It makes perfect sense, from a business perspective, that is.

    [donning flamesuit...]

    I mean, do you really expect them to sift through millions of accounts, determine which ones were compromised with CodeRed IIS servers and block them off? And this list would have to be dynamically maintained , of course, and more port 80s continually blocked because Code Red II is still on the loose. And the ISP couldn't discriminate. If they decided to block all compromised IIS, they'd have to keep up with each and every server running.

    It would simply be a logistical nightmare where thousands of hours of work are diverted from network administration, support, maintenance, etc. It wouldn't work. They'd probably have to start up a whole new management division to keep track of it. And then their support people would continually be taxed by calls from people who are getting blocked when their neighbor's Apache box is still serving up pages.

    And even if they did do this, how would they correct for human typos in the blocking tables and correcting for all of it, verifying that it was an error, etc?

    So Which would you prefer? An ISP where you could just run a proxy and keep your server running, or one that throws all their support staff into keeping the IIS boxes under control and doesn't have the people to actually manage/administrate the network/support so your site wouldn't be available half the time anyway?

    In an ideal world, they WOULD block only the people who didn't patch their IIS servers and got infected. But unfortunately for *everyone* it just doesn't work that way.

    [peeks out from flamesuit helmet... do I have any friends left on /.? ;-]

  • Not surprising by ioman1 (Score:1) Wednesday August 08 2001, @11:32PM
  • Read the Acceptabel Use Agreement (Score:3, Redundant)

    by q-soe (466472) on Wednesday August 08 2001, @11:33PM (#2169573) Homepage
    This has propably been said but iam an Optus@Home customer in Aust and it firmly states (about 6 times) in the user agreement, FAQ, member pages and help sections that you cannot run a server on the web, this is in breach of the AUP and you get immediate disconnection.

    So if this is the case then why the story ? why the complaints ?

    ignorance is no defense - when you sign up for any service or contract you read the terms and conditions - thus you dont have these problems.

    End of story - if its not acceptable and you do it you get thrown off - i cant see anything fairer than that and whingeing about it happening is like ignoring the warning on a chaisaw that says dont cut off your leg and doing just that !!

    (of course in the US you could sue the company as stupidity is no exclusion - get the right jury and get lucky)
  • I don't know anything about port blocking but.... by poteet (Score:2) Wednesday August 08 2001, @11:34PM
  • Here's a nifty trick by thatdammplage (Score:2) Wednesday August 08 2001, @11:35PM
  • Not Relly Bugging me by will12 (Score:1) Wednesday August 08 2001, @11:38PM
  • This needed to be done last week by AcidBath (Score:2) Wednesday August 08 2001, @11:40PM
  • by maggard (5579) <michael@michaelmaggard.com> on Wednesday August 08 2001, @11:44PM (#2169613) Homepage Journal
    AT&T "Customer Service" is claiming that their Acceptable Use Policy forbids servers. This is not true for all customers; I know it's not true at least for the former customers of MediaOne in Eastern Massachusetts.

    Partially quoted from:
    roadrunner.techtalk.general [roadrunner...lk.general]
    3B709BDA.3480@mediaone.net.invalid
    chelm@mediaone.net.invalid wrote:

    Posting to ATT/RR Home Page on transition to Excited@Home:
    New Service Subscriber Agreement

    Your AT&T Road Runner home page will automatically change to the new content provided by AT&T @Home on June 30, 2001. Effective with the elimination of the Road Runner content, the AT&T Road Runner Service Subscriber Agreement will be replaced with the AT&T@Home Subscriber Agreement. You can see the new agreement at http://help.broadband.att.com/support [att.com] under the Policies section of Answers to Questions. Because you are not using @Home software, the @Home End User License Agreement attached to the end of your new agreement will not apply to you.

    "AT&T@Home Subscriber Agreement" links to:
    http://help.broadband.att.com/support/faq.jsp?cont ent_id=584&category_id=34 [att.com]
    which leads to:
    http://help.broadband.att.com/subagreelease.jsp [att.com]
    Which states:
    9. Service Characteristics

    (b) FTP/HTTP Service Setup. Customer should be aware that when using the Service to access the Internet or any other online network or service, there are certain applications, such as FTP (File Transfer Protocol) server or HTTP (Hyper Text Transfer Protocol) server, which may be used to allow other Service users and Internet users to gain access to Customer's computer. If Customer chooses to run such applications, Customer should take the appropriate security measures. Neither AT&T nor @Home Network shall have any liability whatsoever for any claims, losses, actions, damages, suits or proceedings resulting from, arising out of or otherwise relating to the use of such applications by Customer, including without limitation, damages resulting from others accessing Customer's computer.

    (c) File and Print Sharing. The Service functions as a Local Area Network (LAN) in that each Customer is a node on the network. As such, users outside the Customer's home may be able to access the Customer's computer. As well, some software includes capabilities that permit other users across a network such as the Service and the Internet to gain access to the Customer's computer and to the software, files and data stored on the computer. For example, operating systems such as Windows 95 and Apple Macintosh include file sharing and print sharing capabilities which, when enabled, will permit other users to gain access to the Customer's computer even if the Customer is not using the Service. AT&T therefore recommends that the Customer connect only a single computer to the Service and that the Customer disable file and print sharing and other capabilities that allow users to gain access to the Customer's computer. Any Customer who chooses to participate in the Service using other than a single computer or who chooses to enable capabilities such as file sharing, print sharing, or other capabilities that allow users to gain access to the Customer's computer, hereby acknowledges and agrees that the Customer does so at the Customer's own risk, and that neither AT&T nor @Home Network shall have any liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to such use by the Customer.

    And furthermore from the same document:
    11. Miscellaneous

    (b) Amendment. AT&T may, in it sole discretion, change, modify, add or remove portions of this Agreement, and the Service provided thereunder, at any time. AT&T will notify Customer of any such changes by posting notice of such changes on the Service, or sending notice via e-mail, postal mail or other means. Customer's continued use of the Service following notice of such change shall be deemed to be Customer's acceptance of any such modification. If Customer does not agree to any such modification, Customer must immediately stop using the Service and notify AT&T that Customer is terminating this Agreement in accordance with Section 7(a) of this Agreement. Customer will then be entitled to a refund of any unused portion of any monthly Service fee that has been paid in advance.

    Did anyone else get notification before port 80 was blocked? The above policies certianly still seem to be in effect; they're still posted [att.com] and they clearly imply customers may run HTTP & FTP servers at their own risk.

  • Verizon hasn't blocked me... by zinger (Score:1) Wednesday August 08 2001, @11:46PM
  • My short reply... by Jace of Fuse! (Score:2) Wednesday August 08 2001, @11:47PM
  • how @home seems to be getting SLAMMED... by Polo (Score:2) Wednesday August 08 2001, @11:48PM
  • ONLY SOME ARE BEING BLOCKED by DigitalGlass (Score:1) Thursday August 09 2001, @07:52PM
  • Port 80 workaround by Mark Pitman (Score:1) Thursday August 09 2001, @10:53PM
  • Re:Mailservers? by Lifewolf (Score:1) Thursday August 09 2001, @06:40AM
  • Re:*BSD is dying by Evil MarNuke (Score:1) Sunday August 12 2001, @06:27AM
  • Re:Why does anyone think this is even a problem? by CM39 (Score:1) Thursday August 09 2001, @09:03AM
  • Re:Terrorist Attack - persons to give up rights by CM39 (Score:1) Friday August 10 2001, @04:58AM
  • Re:Mailservers? by skilm (Score:1) Thursday August 09 2001, @12:16AM
  • Re:They ought to filter on an http-server basis by JatTDB (Score:2) Thursday August 09 2001, @06:20AM
  • Re:I'm on @Home and I'm not blocked by SumDog (Score:1) Thursday August 09 2001, @12:14PM
  • Re:why would anyone use windows as a server? by SpaceLifeForm (Score:1) Thursday August 09 2001, @01:19AM
  • Re:Crackdown Shmackdown by DigitalGlass (Score:1) Thursday August 09 2001, @05:10PM
  • Re:Hum... by Mooset (Score:1) Thursday August 09 2001, @01:32AM
    • 1 reply beneath your current threshold.
  • Re:Verizon by SpaceLifeForm (Score:1) Thursday August 09 2001, @01:35AM
  • Re:filtering by SnapperHead (Score:1) Wednesday August 08 2001, @10:40PM
  • Re:filtering by Heem (Score:1) Wednesday August 08 2001, @11:01PM
    • Re:filtering by mike13down (Score:1) Wednesday August 08 2001, @11:22PM
  • Re:Linux is not a contender.. by (void*) (Score:2) Wednesday August 08 2001, @11:31PM
  • Re:@home support by CM39 (Score:1) Thursday August 09 2001, @11:40PM
  • 66 replies beneath your current threshold.
(1) | 2