[Coco] Re: I'm back

John E. Malmberg wb8tyw at qsl.net
Sat Feb 14 15:46:05 EST 2004 

Boisy G. Pitre wrote:
> Folks, my ISP (Charter Communications) decided to block all incoming 
> ports into their network for those customers those who either can't 
> afford to go out and buy a firewall device, or don't know better.

Which level of service do you have?  If it is their residential level, 
Charter has not permitted servers to be run for quite a while, even 
though they may not have apparently enforced it until recently.

   http://www.chartercom.com/products/internet/aup.asp
   charter.net section 1A - No servers

Looking at their terms of service they apparently have offerings that 
allow users to run servers.  Adelphia does not.

> I guess the inundation of virus finally got to them.

It could have been a preemptive action to prevent some large ISP(s) from 
refusing all e-mail from Charter.  AOL.COM has been known to do that in 
the past.  The last public block by AOL.COM lasted 72 hours, with the 
ISP complaining to the press for the first 48 hours on how unfair 
AOL.COM was and that blocking the spam was impossible for an ISP of 
their size.  24 hours after their last press release, the blocked ISP 
discovered it was possible to stop their outgoing spam, and AOL removed 
the block.  One of the things that the ISP did was block port 25 for 
direct access from unregistered mail servers.

Or it could be that Charter realized that the open proxies on their 
network were costing them considerable operational cash, and they ran 
out of ways of hiding this in their budget, and thought that a rate 
increase would cost them too many customers.

The viruses are leaving remote access programs (open proxies) on the 
infected computers.  The spammers find them and pump as much spam 
through as host network will handle.

If you are on a broadband ISP and are sharing a network segment with an 
open proxy, you will see many pauses and delays, if not complete outages 
because of the network overload.

So you do not need to be infected to be severely affected by a infected 
machine.

The ISP has to pay refunds to some of these people if they do not shut 
off the open proxy.  They also have to pay excess bandwidth charges.
Those bandwidth charges can be in the neighborhood of thousands of 
dollars a month at the retail rate.  But even with the wholesale rate, 
it can be costly.

Apparently Charter has chosen to block all the ports instead of just 
shutting down e-mail from the machines that are reported to them to be 
compromised.

Expect more of this if you are on a residential broadband connection.

If you are running any sort of server off of a DHCP or a residential 
connection, check the terms of service with your ISP.  If it is against 
their terms of service, you can be cut off with out notice.

With Adelphia, my ports are not blocked, but if they discover me running 
any type of server, be it HTTP, FTP, TELNET, SMTP or what ever, 
Adelphia's official policy is to disconnect service, and charge $25.00 
for reconnection on the first offense.

-John
wb8tyw at qsl.net
Personal Opinion Only

More information about the Coco mailing list