Port blocking... STILL?

Reply

This thread's discussion is locked. If it doesn't give you the information you need, head to its forum board for active discussions or to start a new discussion.

BillTelusCust
Ambassador

Home automation and cameras work fine, if you configure them correctly, The manufacturers know about this port situation and it is generally taken care of.  If you want to do commercial grade things, like web servers or FTP etc, get a commercial connection.

 

Particularly when you get into the higher speed categories, you are not now, nor are you likely to ever see these ports open on a home user connection.

 

 

 

 

bimmerdriver
Connector

Here is the latest list of blocked ports. I got it using NMAP running on a Windows 10 PC connected to the bridged port of my modem with the firewall disabled. (My service is DSL.)

 

19/tcp filtered chargen
21/tcp filtered ftp
25/tcp filtered smtp
53/tcp filtered domain
80/tcp filtered http
110/tcp filtered pop3
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
6667/tcp filtered irc
7547/tcp filtered unknown

Looks like they added port 19 and port 53 since the last time someone posted the list.

 

I have a very hard time accepting these ports being blocked:

 

21/tcp filtered ftp
53/tcp filtered domain
80/tcp filtered http

CalgaryNetwork
Connector

port 80 is still blocked in 2018? (almost 2019) >  Purefiber but not pure internet 

 

 

 

BillTelusCust
Ambassador

The port blocking was never intended to be a temporary measure.

From what I understand, it is blocked because hosting servers, as I mentioned before, is part of the commercial services, not the residential one.

Whining about it "still" being blocked, entitling threads about it "still" being blocked - they never said they would "un block" it.  This is not a task that isn't done yet.

 

From mthe T&C

 

13. You are not permitted to operate an e-mail, web, news or other similar server through a Services account, except where such use is expressly permitted under your service plan.

 

There are ways around it, as has been pointed out, but this is an industry standard thing for home services.  They do block certain ports.

bimmerdriver
Connector

Firstly, no commercial server would ever be provided without a static address, which isn't available under a residential plan. No one who is advocating that port 80 or port 21 should not be blocked is saying that a residential plan should provide static addresses.

 

Secondly, if what you say is true, then why is port 443 not also blocked? If port 443 is not blocked, then port 80 should not be blocked for the same reason.

 

Finally, most companies at least to a degree listen to their customers. Unblocking port 80 isn't going to cost Telus money. If anything, it would cost hosting companies. Unblocking 80 would make the residential service more convenient for the customers.

BillTelusCust
Ambassador

Okay, ask them why port 443 is not blocked while port 80 is.

 

Although I did say they ran their system well, I would not say "listening to customers" is Telus' strong point.  In fact, that is something they particularly suck at.

bimmerdriver
Connector

Again, if port 443 is open, why is port 80 closed?!?!?!? If there is a reason to open 443, the same reasons apply to 80.

CalgaryNetwork
Connector

Use of port 80 does not automatically mean commercial use. 

Today almost every home with a internet connection almost has alt east two devices with a HTTP, HTTPD, light-httpd server running on port 80 

 

"industry standard thing for home services. "

Telus does not mean industry Standard. 

BillTelusCust
Ambassador

 

I have a lot of things on my network and don't need port 80. plus everything works fine.

"Today almost every home with a internet connection almost has alt east two devices with a HTTP, HTTPD, light-httpd server running on port 80"

 

What are you talking about?  The collection of internal devices that have web based administration?  Printer for example?  There are a lot of things that are inside and use that port, yes.  But since you can map only one to external access (if it did work) and it is not something one would want to have exposed to the internet. 

Most people don't have things that they want/need to access externally on port 80.  

Next thing you'll be complaining about needing multiple IP addresses.

 

Lots of residential ISP's block this port.  

Most of what Telus does is the same sort of thing most internet providers do.  And generally speaking, they do it quite well.

 

CalgaryNetwork
Connector

Thats a socialist way of thinking. This is Canada.


Not everyone needs more than 1 IP address. Not everyone uses or needs a router.  You can argue all you want and if you take a look at other Major and small ISPs they do not close port 80 . 

 

Shaw - no 

Teksavvy - NO

VMedia (using Telus IPs sometimes) - NO

Lightspeed  (using Telus IPs sometimes) - NO

 

 

Who are these other ISPs you speak about? 

BillTelusCust
Ambassador

There's your answer, switch to Shaw or Techsavvy then...

 

Here are the ports blocked by COX, the Atlanta based provider in the USA, which is the third biggest cable internet provider.

 

 

25TCPSMTPBoth
 
Note: SMTP is only permitted outbound to Cox-provided SMTP servers.
SMTP Relays
80TCPHTTPInboundWeb servers, worms
135UDPNetBiosBothNet Send Spam / Pop-ups, Worms
136-139UDP, TCPNetBiosBothWorms, Network Neighborhood
143TCPIMAPInboundWithout Transport Layer Security (TLS) enabled, customers are more susceptible to having their passwords compromised
445TCPMS-DS/ NetBiosBothWorms, Network Neighborhood
1433TCPMS-SQLInboundWorms, Trojans
1434UDPMS-SQLInboundWorms, SQLslammer
1900UDPMS-DS / NetBiosBothWorms, Network Neighborhood
CalgaryNetwork
Connector

You bought up other ISPs . Not me.

 

 

No one is talking about SMTP mail servers or COX USA.  Almost Half of the ports listed are Microsoft issues from Windows 98/2000/IIS issues. 

 

BillTelusCust
Ambassador

You were talking about "only in Canada and only Telus" block port 80 when I said other ISP's do it, so I merely pointed out a major ISP in the USA that did it.

JTL
Advocate

Port 53 is often blocked because of people who leave DNS servers in default UDP configurations which allows being used in a DoS attack but other then that I agree with you.