Thanks to Code Red 2, AT&T had an opportunity to shut down all the people who were running web servers on their cable modems, and sucking up bandwidth in the process. They accomplished this by blocking TCP/IP ports that are associated by default with these servers.
My friend operates an Exchange server that handles my e-mail, and thanks to AT&T, my primary e-mail account has been down for a couple of weeks. My friend has tried changing ports, this works for a short while, and then the new ports get blocked. Has anyone found a workaround for this?
Usually with cable internet there’s something in the terms of service that says you’re not supposed to run any kind of server apps over their network. That’s really besides the point. The thing is that port 80 is for http only, not mail. The default for mail servers is 110. Obviously port 80 isn’t the only one that they are blocking.
Well since the ISP is probably monitoring his usage, when it sees a lot of incoming requests on a certain port, it’s obvious there’s a server running there. So they’ll block that port. That’s probably what happened when he changed the port. They also might be doing a port scan and seeing which ports are currently listening. If they see a port that’s always listening, they can also figure that it’s a server and block it.
The only workaround is to keep changing the port so they don’t notice. But that’s a pain, both for the server and for the client.
This is running on an MS Exchange server, which uses the Outlook web client for connection via browser. It’s a very slick setup when it’s not being stepped on. Because it is web-based, it uses port 80…
According to my friend who is a netadmin IRL, it was MediaOne’s policy (they were the original ISP) to forbid web servers. It appears that AT&T had relaxed the rules so that web servers were allowed, but they took no responsibility for supporting any such apps.
According to AT&T one of the big differences between Code Red v1 and v2 was that when it went looking for other machines to infect, it used the IP range that it was running within, rather then a random attempt. This made AT&T’s network very vulnerable to a sort of DDOS or packet storm where pings were flying around within the IP range of the network. This prompted AT&T to disable port 80 on their network.
BTW I apologize if any of my terminology is not quite perfect… I’m a control software engineer, not a netadmin.
-Rav
Can’t you just change the incoming port number on the web server, then specify that port number in your web browser? There’s no law that says HTTP has to use port 80…
Whatever port we move it to works for a while, but ends up getting blocked by AT&T. Thanks for the help, tho!