Is Comcast blocking port 22
in [Linux Networking]
|
Prev: Does anyone use three mobile for their internet connection?
Next: struct ip6_tnl_net? register_netdev(ip6n->fb_tnl_dev) failed?
From: General Schvantzkoph on 11 Jun 2010 07:44 On Fri, 11 Jun 2010 07:16:52 -0400, Maxwell Lol wrote: > General Schvantzkoph <schvantzkoph(a)yahoo.com> writes: > >> What I would like to know is if Comcast has blocked port 22 everywhere >> or if it's just my line or my town? If any of you have Comcast would >> you mine checking to see if you can access port 22. > > Well, you can always use another port number for your home machine. It's > a good idea for other reasons as well. My port gets bruteforced several > times a day (which is why I auto-firewall attempts) Using a non-standard port is a problem for this application. I'm running an ssh server which I use to distribute software to my customers. Non- standard ports are no problem for small companies, however I've found that large enterprises have firewalls that restrict access to standard port numbers. I've run into this a couple of times where someone at a large enterprise was not able to access ssh on a high-port. If this weren't the case I would prefer to use a high port for my ssh server. I also run a cvs server which my partner and I use to manage our code, that runs on a high port. On the ssh server that was using port 22 the logs show daily attacks, on the cvs server, which uses a high port, I've never see an attack in the log files. I have password authorization disabled, I require RSA authentication, so I'm not worried about a break in but I still find the attacks annoying.
From: General Schvantzkoph on 11 Jun 2010 07:58 On Fri, 11 Jun 2010 11:44:25 +0000, General Schvantzkoph wrote: > On Fri, 11 Jun 2010 07:16:52 -0400, Maxwell Lol wrote: > >> General Schvantzkoph <schvantzkoph(a)yahoo.com> writes: >> >>> What I would like to know is if Comcast has blocked port 22 everywhere >>> or if it's just my line or my town? If any of you have Comcast would >>> you mine checking to see if you can access port 22. >> >> Well, you can always use another port number for your home machine. >> It's a good idea for other reasons as well. My port gets bruteforced >> several times a day (which is why I auto-firewall attempts) > > Using a non-standard port is a problem for this application. I'm running > an ssh server which I use to distribute software to my customers. Non- > standard ports are no problem for small companies, however I've found > that large enterprises have firewalls that restrict access to standard > port numbers. I've run into this a couple of times where someone at a > large enterprise was not able to access ssh on a high-port. If this > weren't the case I would prefer to use a high port for my ssh server. I > also run a cvs server which my partner and I use to manage our code, > that runs on a high port. On the ssh server that was using port 22 the > logs show daily attacks, on the cvs server, which uses a high port, I've > never see an attack in the log files. I have password authorization > disabled, I require RSA authentication, so I'm not worried about a break > in but I still find the attacks annoying. I power cycled the modem and that fixed the problem. That should have been the first thing I did, I did power cycle my router and I even updated it's firmware, but I neglected to do it to the modem.
From: Man-wai Chang to The Door (33600bps) on 11 Jun 2010 09:34 On 6/10/2010 07:08, General Schvantzkoph wrote: > I don't seem to be able to ssh into my systems on port 22 anymore, high > ports work fine. Has Comcast started blocking port 22? > If you gave us your server's IP address, we could test it out from another ISP! :) -- @~@ Might, Courage, Vision, SINCERITY. / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.34 ^ ^ 21:34:01 up 9:27 2 users load average: 1.23 1.19 1.04 不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
From: General Schvantzkoph on 11 Jun 2010 09:58 On Fri, 11 Jun 2010 21:34:27 +0800, Man-wai Chang to The Door (33600bps) wrote: > On 6/10/2010 07:08, General Schvantzkoph wrote: >> I don't seem to be able to ssh into my systems on port 22 anymore, high >> ports work fine. Has Comcast started blocking port 22? >> >> > If you gave us your server's IP address, we could test it out from > another ISP! :) Thanks but it's resolved now. While Googling for this problem I found several references to a problem with Cisco DOCSIS 3 modems (which is what I have). There was a Comcast response on a forum where they said they were rolling out a fix but that was several weeks ago. I did a power cycle on the modem which fixed the problem. I don't know if it was fixed because the modem picked up new settings from Comcast or if it was just because it cleared out something that they had inadvertently set. The bottom line is that it's working now.
From: Greg Russell on 11 Jun 2010 12:32
In news:87ei5jF6nrU1(a)mid.individual.net, General Schvantzkoph <schvantzkoph(a)yahoo.com> typed: > What I would like to know is if Comcast has blocked port 22 > everywhere or if it's just my line or my town? If any of you have > Comcast would you mine checking to see if you can access port 22. > > BTW I did see an exchange in an online Forum about this issue where a > Comcast rep claimed that they don't block port 22 but that they were > having a technical problem which they were working on. That response > was from May 21. I'm still seeing the problem today (June 11) which > leads me to believe that Comcast is lying about not blocking port 22. Comcast's "Terms of Service" (TOS) specifically forbids the operation of any "server" on the residential connection. "Server" includes ssh as well as http, smtp, ftp, torrent, icq, nfs, etc. Since you agreed to their TOS, why *wouldn't* you expect them to block all such ports inbound to your connection? You can run an sshd server on any port you wish, so why use standard port 22? |