Go Back   FormKaos: Board > General Discussion > Coffee Lounge > Punching Bag
FAQ Community Arcade Today's Posts Search

Punching Bag Bitch, cry and whine your way into oblivion.

Reply
 
LinkBack Topic Tools Rate Topic
  #1 (permalink)  
Old Jun 17, 04
Gravity Slave
 
Join Date: Apr 2001
MC Hammered has a spectacular aura aboutMC Hammered has a spectacular aura about
TelASS is now blocking ports on ADSL

I've been trying for the last week to figure out why no one can get to port 21 to access my ftp.

So after trying just about everything possible I call tech support and asked them.

The guy I got on the phone initially said he didn't think they blocked port 21 since it is such a widely used port but after he did some digging TelASS put into place port blocking as of June 6, 2004.

On the memo he tells me this is due to the number of users that host web servers on non business packages and TelASS wants to have these users upgrade their packages.

So in order to get port 21 open I'll have to upgrade to a server package which costs $40 more a month.

*sigh*

What to do.
Reply With Quote
  #2 (permalink)  
Old Jun 17, 04
bob bob is offline
ﻆﺓﻁ ﭥﯕ №╔╤╕○ЯΞ ♪♫♪
 
Join Date: Jan 2001
bob is an unknown quantity at this point
can't you just run your FTP serving prog. on a different port?
Reply With Quote
  #3 (permalink)  
Old Jun 17, 04
Gravity Slave
 
Join Date: Apr 2001
MC Hammered has a spectacular aura aboutMC Hammered has a spectacular aura about
Working on putting in on a new port right now.

Shouldn't be too hard but it's just all the BS questions that people are going to ask since it isn't on the default port 21.

I am also checking to see if they are denying people dynamic IP's for more than 5 days as well. if I can't keep a dynamic IP for a period of time then I'll have to setup the autoconfigure program for my DNS server to update it when it changes.

Paying an extra $40 a month to have a static IP is an expensive option right now.
Reply With Quote
  #4 (permalink)  
Old Jun 17, 04
ebbomega's Avatar
1up motherfucker
 
Join Date: Oct 2003
ebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to all
I thought they did that with port 80 a long time ago. I'm not at all surprised.

This is why dns is a useful tool.
Reply With Quote
  #5 (permalink)  
Old Jun 17, 04
....fucking evol
 
Join Date: Feb 2004
neoh will become famous soon enough
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 69 -j DNAT --to 10.0.0.5:21

:)
Reply With Quote
  #6 (permalink)  
Old Jun 17, 04
Gravity Slave
 
Join Date: Apr 2001
MC Hammered has a spectacular aura aboutMC Hammered has a spectacular aura about
DNS is great but it doesn't help me with my port issue.
Reply With Quote
  #7 (permalink)  
Old Jun 17, 04
Celebrate or Suffer
 
Join Date: Nov 2001
SEAN! is a glorious beacon of lightSEAN! is a glorious beacon of lightSEAN! is a glorious beacon of lightSEAN! is a glorious beacon of lightSEAN! is a glorious beacon of lightSEAN! is a glorious beacon of lightSEAN! is a glorious beacon of light
yeah no shit you're probably using well over 10 gigs a month of bandwith on that server. what would you do if you were telus and you had 50,000 people using unsually large amounts of bandwith and paying the same rate as everyone else?
Reply With Quote
  #8 (permalink)  
Old Jun 17, 04
Gravity Slave
 
Join Date: Apr 2001
MC Hammered has a spectacular aura aboutMC Hammered has a spectacular aura about
The following ports will have inbound (ingress) traffic blocked.

TCP 21 (ftp) Customers running an FTP server will no longer be able to have Internet users connect to their server Many customers computers are used as FTP servers to store illegal files

TCP 25 (smtp) Customers running a SMTP mail server will no longer be able to receive email requests Prevent mail servers that operate as an open relay. Open relays are used without a customer’s knowledge to sends millions of pieces of Spam

TCP 80 (www) Customers running a Web server will no longer be able to have Internet users connect to their server Common exploit on old Window IIS server and Linux boxes that are not properly patched

TCP 110 (pop3) Customers running a POP mail server will no longer be able to have Internet users connect to the server

TCP 6667 (ircd) Customers running a IRC server (Internet Relay Chat) will no longer be able to have Internet users connect to the server

TCP/UDP 135-139 (dcom and netbios) These ports are commonly exploited by worm viruses 135 Windows RPC 136 PROFILE Naming System (basically unused) 137-139 Windows NetBios

TCP/UDP 445 (ms-ds) Microsoft Directory Services – Customers that allow legitimate Internet users access to their computers will loose this ability This allows hackers to directly connect to a Windows based computer and gain total control over the OS

TCP/UDP 1433-1434 (ms-sql) Microsoft SQL server – Customer running an SQL server will no long be able to have Internet user connect to their server There are several worm viruses that exploit holes in SQL server

Regards, TELUS Internet Services Help Desk
Reply With Quote
  #9 (permalink)  
Old Jun 17, 04
Gravity Slave
 
Join Date: Apr 2001
MC Hammered has a spectacular aura aboutMC Hammered has a spectacular aura about
Quote:
Originally Posted by SEAN!
yeah no shit you're probably using well over 10 gigs a month of bandwith on that server. what would you do if you were telus and you had 50,000 people using unsually large amounts of bandwith and paying the same rate as everyone else?
I'm going to beat you.
Reply With Quote
  #10 (permalink)  
Old Jun 17, 04
ebbomega's Avatar
1up motherfucker
 
Join Date: Oct 2003
ebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to all
Quote:
Originally Posted by MC Hammered
DNS is great but it doesn't help me with my port issue.
Use it in combination with Neoh's solution and you're set. =)

Isn't there a way of mapping an external port on a DNS server (IE NOT on telus) onto some other port of your telus address? I'm fairly certain I've seen this used before....
Reply With Quote
  #11 (permalink)  
Old Jun 17, 04
....fucking evol
 
Join Date: Feb 2004
neoh will become famous soon enough
^^ can be done in Linux. But not sure in Windows.
Reply With Quote
  #12 (permalink)  
Old Jun 17, 04
DONT BE BITTER BE BETTER
 
Join Date: Apr 2001
rawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to all
Quote:
Originally Posted by ebbomega
Use it in combination with Neoh's solution and you're set. =)

Isn't there a way of mapping an external port on a DNS server (IE NOT on telus) onto some other port of your telus address? I'm fairly certain I've seen this used before....
you could set up a tunnel foobar.notelus.com:21 -> mcham.telus.net:2121

but then you're just creating a shitty traffic path and duplicating your traffic.





anyways all in all im glad telus is blocking ports it saves so many headaches.
Reply With Quote
  #13 (permalink)  
Old Jun 17, 04
Gravity Slave
 
Join Date: Apr 2001
MC Hammered has a spectacular aura aboutMC Hammered has a spectacular aura about
I don't want to setup a tunnel. It's no big deal as I'll just ad the ":69" to the end of the urls I post on the board (time to go edit them all now...)

Now I just wait and see if I get to have a pseudo-static IP anymore.
Reply With Quote
  #14 (permalink)  
Old Jun 17, 04
Straight Outta Mocash
 
Join Date: Nov 2003
Gusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really nice
hah... fuck, that explains why my ftp stopped working too
Reply With Quote
  #15 (permalink)  
Old Jun 17, 04
Straight Outta Mocash
 
Join Date: Nov 2003
Gusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really nice
Quote:
Originally Posted by neoh
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 69 -j DNAT --to 10.0.0.5:21

:)

how does this really help anything, though? in the end the user still needs to specify the non-standard port and its about as easy to change the port your ftpd is listening on. i suppose it might be worth it if you wanted to keep a standard port for access on your lan, but really its just extra routing to process, no? or maybe i missed something, its happened before.
Reply With Quote
  #16 (permalink)  
Old Jun 17, 04
.dirtbag
 
Join Date: Jul 2002
shorerider is an unknown quantity at this point
Quote:
Originally Posted by bob
can't you just run your FTP serving prog. on a different port?
You have tried to acess my port without permission numerous times.
Reply With Quote
  #17 (permalink)  
Old Jun 17, 04
....fucking evol
 
Join Date: Feb 2004
neoh will become famous soon enough
Quote:
Originally Posted by gusto
how does this really help anything, though? in the end the user still needs to specify the non-standard port and its about as easy to change the port your ftpd is listening on. i suppose it might be worth it if you wanted to keep a standard port for access on your lan, but really its just extra routing to process, no? or maybe i missed something, its happened before.
forwarding the port to 69. So it wont be blocked anymore, that's how it helps. :) The ftp is listening on port 69, but Winston was worried everyone connecting to 21 was going to have a problem, so why not forward all 21 requests to port 69? And no, no extra routing to process, because your already being routed, just routed to the right direction.
Reply With Quote
  #18 (permalink)  
Old Jun 17, 04
Straight Outta Mocash
 
Join Date: Nov 2003
Gusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really nice
Quote:
Originally Posted by neoh
forwarding the port to 69. So it wont be blocked anymore, that's how it helps. :) The ftp is listening on port 69, but Winston was worried everyone connecting to 21 was going to have a problem, so why not forward all 21 requests to port 69? And no, no extra routing to process, because your already being routed, just routed to the right direction.
but if telus is blocking traffic on port 21, your router/computer won't get the request at all anyway, so won't have anything to forward to 69, will it?
Reply With Quote
  #19 (permalink)  
Old Jun 17, 04
....fucking evol
 
Join Date: Feb 2004
neoh will become famous soon enough
your right.
brain fart.
jesus christ.
Reply With Quote
  #20 (permalink)  
Old Jun 17, 04
ebbomega's Avatar
1up motherfucker
 
Join Date: Oct 2003
ebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to allebbomega is a name known to all
Quote:
Originally Posted by neoh
^^ can be done in Linux. But not sure in Windows.
/me looks at his wimpering Pentium 90 Debian Router.

Poor thing's been turned off ever since I couldn't get wireless stuffs going on her.

*pat pat*

(PS: i hate wireless routers...)
Reply With Quote
  #21 (permalink)  
Old Jun 17, 04
semblence within chaos.
 
Join Date: May 2003
decypher is a jewel in the roughdecypher is a jewel in the roughdecypher is a jewel in the roughdecypher is a jewel in the roughdecypher is a jewel in the rough
man if i was in grade 9 i'd be all over this with a solution or an opinion.. but i completely forgot the vast knowledge of computing, networking and hacking i absorbed over a 4 year period.. fuckin sucks ass.. sad really
Reply With Quote
  #22 (permalink)  
Old Jun 17, 04
....fucking evol
 
Join Date: Feb 2004
neoh will become famous soon enough
^^ my router is a 166 running debian that's been on for about 5 years now, 48mb ram, 1027 bad sectors on a 1.2gb hdd.

Oh, and it's made out of LEGO!
Reply With Quote
  #23 (permalink)  
Old Jun 17, 04
Straight Outta Mocash
 
Join Date: Nov 2003
Gusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really niceGusto is just really nice
rawb's suggestion would work but you'd need access to a server on another isp so that you could set up the tunnel, and if you had that you might as well put the server on the other isp since all the traffic is going through it anyway.
Reply With Quote
  #24 (permalink)  
Old Jun 18, 04
....fucking evol
 
Join Date: Feb 2004
neoh will become famous soon enough


Her name is niobe. :D
Reply With Quote
  #25 (permalink)  
Old Jun 19, 04
[presence.of.absence]
 
Join Date: Feb 2004
_LuxFerre_ is an unknown quantity at this point
I can't believe they are so stupid. It should be a block against FTP requests, not port 21. They are only making everything a bit more complicated but not at all impossible. They must think a lot of people [hosting servers] are dumb.

I'd think they should only monitor/call/suspend those accounts with ridiculous transfer rates per month. I might use FTP get files to and from work/school etc.

This is not directed at anybody [MCH] but simply addresses the limitations in their logical process. Instead of paying $40 extra every month you could pay it once to sdf.lonestar.org and use their services. Or something.

but it's a money world. :)
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Forum Jump


All times are GMT -7. The time now is 05:20 PM.


Forum software by vBulletin
Circa 2000 FNK.CA