Broadband Crackdown 790
MrPeach writes: "In a move unsurprising to those of us who have had interactions with their so-called customer support, AT&T Broadband and Excite@Home are indefinitely filtering all incoming traffic on http port 80 for residential customers. They could have cut access to those running compromised servers, but instead chose to deny the ability to run a web server to all subscribers to their service. DSL anyone?" DSL won't save you. Verizon is apparently also blocking port 80 for their DSL customers, in addition to blocking outgoing port 25 and requiring use of Verizon's SMTP servers to send email. Verizon is also cheerfully paying fines for screwing over their competitors - the fines will be much less than the extra profit they can squeeze out once their competition is gone.
As a CLEC, this is how we have been coping. (Score:5, Interesting)
We have a large number of 10.x.x.x addresses for our broadband subscribers. (This saves us the trouble of assigning public IP's to every single customer, because most don't want nor need a public IP). Our NAT server was getting so clogged up with TCP/IP sessions because code red was serching for hosts. (and once it got into the 10.x.x.x network, it has lots of addresses to check.
We simply got a free scanning utility (sorry... I am at home, don't have it here, nor the time to find it. ) After scanning all of our customers, we located around 30 infected computers.) We left messages stating that they were infected, and we were shutting off there connection until they would remove the offending computer..(we could discern the IP itself, and our users are statically assigned, not DHCP thank god..)
Several users were irate as all hell, but the good of the many outwieigh the good of the few correct? Many times the customer simply unplugged the computer and we put them back on. They are then responsible for patching it.. We have been running scans everyday, and have now gotten fewer and fewer code red worms in our user's DSL systems.
I think that this was the ideal approach. Why use a damn sledgehammer when all of about 30 minutes of work allows you to use a use a fly swatter to remove the offending computers.
Re:It would mean them having to do real work (Score:1, Interesting)
Re:Verizon DSL is NOT THAT EVIL (Score:3, Interesting)
I'm a Verizon DSL user. My brother and I just got off the phone with tech support. First they tried to convince us that hosting a web server was illegal (after we convinced them that we had seen the ToS which says DSL users are exempt); after about ten minutes of arguing that was changed to "We don't support that." Then they told us that they would not open port 80 for specific machines, and that they would not even tell us ANY details about other ports (like the mysterious 25). I hope to call back later and speak to someone a bit more helpful...
As for why we learned about the port closing from /. long before we heard about it from verizon in a vaguely worded, hidden post [verizon.net], they told us that they didn't send an email because it only affects about 5% of their customers. They also won't notify us when they reopen port 80, however distant that may be. Furthermore, they claim that the vast majority of users who would receive such an email would not care. Still, if I were the average user I certainly would rather hear service/security updates I can ignore than miss ones that might be relevant.
Conclusion: Verizon is at least approaching Evil, if not already there... please let me know if you've had any better experiences with tech support since the start of the filtering!
TildeMan
My Temporary Work-Around (Score:2, Interesting)
My temporary fix was as follows:
#!/usr/bin/perl
my $redirect = "http://temp." . $ENV{HTTP_HOST} . ":82" . $ENV{REQUEST_URI};
print "Content-type: text/html\n\n";
print "\<meta http-equiv=\"Refresh\" content=\"0\;URL=$redirect\"\>;";
Re:Leased Line (Score:2, Interesting)
Recess: School's out (Score:2, Interesting)
Now virus and worm writers are taken advantage of these people that have been screwing their networks up the ass for years now. I feel so so bad. Webservers that shouldn't have been running in the first place are being blocked. Man I'm heartbroken.
I don't think broadband is a bad thing at all and nor am I against downloading large chunks of data. Freeware, patches, legal ISOs, music, ect is all cool and why you've got the fast pipe in the first place. The problem lies in the folks running their webservers and anon FTPs that are filling up the outgoing frames which normally don't get filled up on consumer oriented pipes. I wouldn't want to be the dude trying to manage the consumer network that was never intended for such traffic. If it were me I'd cap your monthly bandwidth and start charging like web hosts do. Whoever thought it was a good idea to leave broadband unthrottled and uncapped was a jackass. It works fine when you can feed a shitload of dialup users with a single T3 or OC line. Things break down when you apply that same model to people who have bandwidth rated at a signifigant portion of a T3 or OC line.
You can thank IIS.. (Score:5, Interesting)
[root@gamara log]# grep DPT=80 messages | wc -l
3722
code red hits, all from other @home users. All W2K/IIS 5.0 users. The ip's I've looked into all have the default pages up too. I've even tried running "dir" commands on a few through the "root.exe" backdoor code red installs, incredulous that it would work, and yes.. thousands of wide open NT boxen. This hasn't even seemed to slow down yet, despite the wide spread publicity which leads me to believe that a large percentage of those stricken are either totally clueless, don't realize they have IIS running (?), or flat out don't care which leaves the ISP little choice. And it may be my perception, or unrelated factors, but my net connection has certaintly seemed more sluggish over the last week, perhaps as a result of upstream saturation, something @home doesn't have much of.
So I would agree, blocking port 80 is the most practical way of defeating this and it should have happened earlier. It's that or ban all microsoft operating systems as a public hazard :)
Re:You can thank IIS.. (Score:2, Interesting)
Respectfully, that's a load of crap.
I've got a Linux host connected to the AT&T network (they were better as MediaOne), and not only can I produce for you a log of the CodeRed infected customer machines that need to be dropped off the net until their owners get smart, but I also have a firewall in place and I routinely spend 2 hours each week reading the firewall logs and reporting on various l0sers who love to attack the ATT network.
I pay ATT around $200 each month for various services, including cable, telephone, and internet.
I'm policing their network for them because they apparently can't be bothered.
You'd think they'd treat people like me as heroes, or at least good customers.
I leave it to you to decide how we have really been treated.
"We're the phone company. We don't care. We don't have to."
Re:You can thank IIS.. (Score:4, Interesting)
I can think of a more effective solution: every time a Code Red probe goes out, deprovision the modem belonging to the customer with that IP address. They've got a proven AUP violation and a proven security problem that's disrupting their network. That's more than enough justification for jerking the account entirely. This has the dual benefits of shutting down Code Red and forcing people to actually learn how to secure their systems which makes future problems slightly less likely, and doesn't impact those of us who aren't susceptible to Code Red at all.
No blocking yet (Score:2, Interesting)
Leased Line (Score:2, Interesting)
This is an idea I had:
A group of people get together a purchase a leased line, run it into someones home and then put everyone else on a little ethernet network. Granted I don't know how much one costs but I figure at around $40 a month a group of about 20-30 should be able to gets something way faster that DSL/Cable and without the bullshit. I see three main problems.
1. Security: Everyone has to protect their PC a packet filtering router should do the trick but its an added expense. Additionally the security on the leased line has to be good.
2. People: Finding enough people that live such that we can lay all the cable we need without going on city land. This could be the real challenge. I suppose we could hop accross holes in the network with 802.11b but that would be slower and less secure.
3. Time: What happens when the network / connection goes down. Either we set up some sort of rotation but we need an admin to fix stuff and that can be expensive.
Other issues are things like getting IP's (we could use a DHCP server but it would be better to all have our own IP)
Lots of challenges but it could be cool. Has anyone done something like this or has a suggestion on how it could be done better? I get closer and closer especially with crap like this.
The end of a state of denial (Score:2, Interesting)
Re:Read your TOS! (Score:2, Interesting)
I think this is just a way ATT can claim to be 'proactive on security'...
This sickens me..
Re:We haven't done this yet.. (Score:2, Interesting)
It comes down to.. The people that know how to use their computers gt fucked over by those who don't. add the word AGAIN to that phrase. And if we want to get on a network where we are our peers know what they are doing, we have to pay out the ass. I liked it better when it took some BRAINS to use a computer, it wasn't cool to be a geek, and everyone I know isn't calling me every 10 minutes to fix their damn computer.
How is this going to help? (Score:1, Interesting)
Re:Linux is not a contender.. (Score:0, Interesting)
But that doesn't take away the fact that not every one has a high speed internet connection and therefore costly 6+ cdrom packs are needed for most people every few months..
So, my point still stands. Each and every of my arguments is right to the point, and more important, TRUE.
The conclusions remains: Linux is not an option for any serious computing job out there. Try to attack the FACTS given in my 'troll' with some good arguments.
Oh, you can't? I thought so..
I don't know anything about port blocking but.... (Score:2, Interesting)
If you're in Eastern Mass. AT&T's lying (Score:3, Interesting)
Partially quoted from:
Which states: And furthermore from the same document: Did anyone else get notification before port 80 was blocked? The above policies certianly still seem to be in effect; they're still posted [att.com] and they clearly imply customers may run HTTP & FTP servers at their own risk.roadrunner.techtalk.general [roadrunner...lk.general]
3B709BDA.3480@mediaone.net.invalid
chelm@mediaone.net.invalid wrote: