cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Port blocking... STILL?

hmakale
Neighbour

So, this is directed at telus more than anything, but its customers should be aware of this...

There's been around a thread a month about this going back for a couple years. If you decided to run a web server, mail server, vpn, file storage, cctv system, home automation, or anything else that's in your home and accessible from outside, you'd drop all your money on the hardware, get home to set it up, and then find that it doesn't work because telus blocks all useful incoming ports.

There was a time when this would be an acceptable practice, but that was a long, long time ago. NO OTHER ISP - SHAW, BELL, EVEN THE SMALLER ONES - DOES THIS! It's telus' way of selling you a business package. If you want to set up a personal website or email or anything else, their response (I called about it today... again) is "we're not trained to change that, but if you want a business package", followed, essentially, by 'f*** you, you peasant, buy the **bleep** business package". This is unacceptable, enough already. This shows no benefit for security or privacy, and no benefit for telus, since someone running a commercial website would crash through their data limits almost instantly and get charged out the ass for it.

So Telus, please, just do the reasonable thing and stop blocking ports. Let your customers use the services they pay you for, before they start looking elsewhere. Between the service, the speed, the prices, the quality of the hardware we're forced to use, you guys cannot afford ANOTHER black spot on your reputation.

33 REPLIES 33

bimmerdriver
Connector

Here is the latest list of blocked ports. I got it using NMAP running on a Windows 10 PC connected to the bridged port of my modem with the firewall disabled. (My service is DSL.)

 

19/tcp filtered chargen
21/tcp filtered ftp
25/tcp filtered smtp
53/tcp filtered domain
80/tcp filtered http
110/tcp filtered pop3
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
6667/tcp filtered irc
7547/tcp filtered unknown

Looks like they added port 19 and port 53 since the last time someone posted the list.

 

I have a very hard time accepting these ports being blocked:

 

21/tcp filtered ftp
53/tcp filtered domain
80/tcp filtered http

port 80 is still blocked in 2018? (almost 2019) >  Purefiber but not pure internet 

 

 

 

The port blocking was never intended to be a temporary measure.

From what I understand, it is blocked because hosting servers, as I mentioned before, is part of the commercial services, not the residential one.

Whining about it "still" being blocked, entitling threads about it "still" being blocked - they never said they would "un block" it.  This is not a task that isn't done yet.

 

From mthe T&C

 

13. You are not permitted to operate an e-mail, web, news or other similar server through a Services account, except where such use is expressly permitted under your service plan.

 

There are ways around it, as has been pointed out, but this is an industry standard thing for home services.  They do block certain ports.

Firstly, no commercial server would ever be provided without a static address, which isn't available under a residential plan. No one who is advocating that port 80 or port 21 should not be blocked is saying that a residential plan should provide static addresses.

 

Secondly, if what you say is true, then why is port 443 not also blocked? If port 443 is not blocked, then port 80 should not be blocked for the same reason.

 

Finally, most companies at least to a degree listen to their customers. Unblocking port 80 isn't going to cost Telus money. If anything, it would cost hosting companies. Unblocking 80 would make the residential service more convenient for the customers.

Okay, ask them why port 443 is not blocked while port 80 is.

 

Although I did say they ran their system well, I would not say "listening to customers" is Telus' strong point.  In fact, that is something they particularly suck at.

Again, if port 443 is open, why is port 80 closed?!?!?!? If there is a reason to open 443, the same reasons apply to 80.

Use of port 80 does not automatically mean commercial use. 

Today almost every home with a internet connection almost has alt east two devices with a HTTP, HTTPD, light-httpd server running on port 80 

 

"industry standard thing for home services. "

Telus does not mean industry Standard. 

 

I have a lot of things on my network and don't need port 80. plus everything works fine.

"Today almost every home with a internet connection almost has alt east two devices with a HTTP, HTTPD, light-httpd server running on port 80"

 

What are you talking about?  The collection of internal devices that have web based administration?  Printer for example?  There are a lot of things that are inside and use that port, yes.  But since you can map only one to external access (if it did work) and it is not something one would want to have exposed to the internet. 

Most people don't have things that they want/need to access externally on port 80.  

Next thing you'll be complaining about needing multiple IP addresses.

 

Lots of residential ISP's block this port.  

Most of what Telus does is the same sort of thing most internet providers do.  And generally speaking, they do it quite well.

 

Thats a socialist way of thinking. This is Canada.


Not everyone needs more than 1 IP address. Not everyone uses or needs a router.  You can argue all you want and if you take a look at other Major and small ISPs they do not close port 80 . 

 

Shaw - no 

Teksavvy - NO

VMedia (using Telus IPs sometimes) - NO

Lightspeed  (using Telus IPs sometimes) - NO

 

 

Who are these other ISPs you speak about? 

There's your answer, switch to Shaw or Techsavvy then...

 

Here are the ports blocked by COX, the Atlanta based provider in the USA, which is the third biggest cable internet provider.

 

 

25TCPSMTPBoth
 
Note: SMTP is only permitted outbound to Cox-provided SMTP servers.
SMTP Relays
80TCPHTTPInboundWeb servers, worms
135UDPNetBiosBothNet Send Spam / Pop-ups, Worms
136-139UDP, TCPNetBiosBothWorms, Network Neighborhood
143TCPIMAPInboundWithout Transport Layer Security (TLS) enabled, customers are more susceptible to having their passwords compromised
445TCPMS-DS/ NetBiosBothWorms, Network Neighborhood
1433TCPMS-SQLInboundWorms, Trojans
1434UDPMS-SQLInboundWorms, SQLslammer
1900UDPMS-DS / NetBiosBothWorms, Network Neighborhood

You bought up other ISPs . Not me.

 

 

No one is talking about SMTP mail servers or COX USA.  Almost Half of the ports listed are Microsoft issues from Windows 98/2000/IIS issues. 

 

You were talking about "only in Canada and only Telus" block port 80 when I said other ISP's do it, so I merely pointed out a major ISP in the USA that did it.

Port 53 is often blocked because of people who leave DNS servers in default UDP configurations which allows being used in a DoS attack but other then that I agree with you.