04-20-2017 01:40 PM - edited 04-20-2017 01:41 PM
We now have a Business fibre 150/150 plan which is great but they still block all the same ports as for residential internet. We had to upgrade to a static ip address in order to get 80/443 open. A list of blocked ports for business dynamic ip address accounts.
The following ports will have inbound (ingress) and in some cases outbound traffic blocked.
Security Measures - Blocked Ports
TCP 21 (ftp)
Clients running an FTP server will no longer be able to have Internet users connect to their server.
Many clients' computers are used as FTP servers to store illegal files.
TCP 25 (smtp)
Clients running a SMTP mail server will no longer be able to receive e-mail requests, nor will it allow outbound traffic for mail servers external to the TELUS.NET, TELUS IDCs and Hostopia networks on port 25.
This prevents mail servers that operate as an open relay. Open relays are used without client's knowledge to send millions of pieces of Spam.
This port is being added to our security measure policy in response to DNS DoS attacks.
TCP 80 (www)
Clients running a Web server will no longer be able to have Internet users connect to their server.
Common exploit on old Window IIS server and Linux boxes that are not properly patched.
TCP 110 (pop3)
Clients running a POP mail server will no longer be able to have Internet users connect to the server.
Prevent mail servers that operate as an open relay. Open relays are used without a client's knowledge to send millions of pieces of Spam.
TCP 6667 (ircd)
Clients running an IRC server (Internet Relay Chat) will no longer be able to have Internet users connect to the server.
TCP/UDP 135-139 (dcom and netbios)
These ports are commonly exploited by worm viruses.
135 Windows RPC
136 PROFILE Naming System (basically unused)
137-139 Windows NetBios
TCP/UDP 443 (ssl)
Clients will not be able to accept inbound ssl connections on this port.
There is no ability to differentiate traffic and packets sent from a POS machine (rather than a server).
Client IP Point Of Sale (IP POS) devices are not blocked. No need for a Server plan for IP POS.
TCP/UDP 445 (ms-ds)
Microsoft Directory Services - Clients that allow legitimate Internet users access to their computers will lose this ability.
This allows hackers to directly connect to a Windows based computer and gain total control over the OS.
TCP/UDP 1433-1434 (ms-sql)
Microsoft SQL server - Clients running an SQL server will no longer be able to have Internet users connect to their server.
There are several worm viruses that exploit holes in SQL server
05-13-2017 01:14 PM
Yeah. And how is IPv6 handled on business plans, still a dynamic prefix?
05-19-2017 12:42 PM
05-21-2017 03:01 AM
Unfortunate. How do you expect business clients to run servers/VPNs over IPv6 then?
06-02-2017 02:25 PM
Hi @JTL, this won't always be the case. For now, if an organization requires the use of a static IPv6 address, they would need to explore a managed solution, which we do offer.
08-28-2018 12:10 AM
Wish I would have seen this before I signed up for Telus Business Internet. I spent quite a while trying to figure out what the problem was before I came across this post.
It is unfortunate that these plans don't come with all the ports unblocked. I didn't factor in the additional $12/month when making my comparison.