[Discuss] business class ISP recommendations
Bill Horne
bill at horne.net
Fri May 9 11:05:42 EDT 2014
On 5/9/2014 9:39 AM, Jerry Feldman wrote:
> On 05/08/2014 08:51 AM, Edward Ned Harvey (blu) wrote:
>>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Tom Metro
>>>
>>> Comcast Business cable Internet
>> I have used Comcast Business, and I'm the same as you - I would love to avoid using any of those companies ever again, but *especially* comcast, based on this experience.
>>
>> We had a satellite office, and we had Comcast Business cable in there, as well as a T1. We needed to ssh from the home office into the firewall of the satellite office, but it wasn't working. We traced it down: If you try to connect to port 22 of the external IP of the comcast business IP address, then the packet never reaches the destination. But if you ssh to the T1 IP address, traffic gets through just fine. This proved that comcast was blocking inbound port 22, and *not* a failure of the sending side to send the traffic. We hooked up packet sniffers on both the sending side, and each of the receiving sides, and saw the packets go out from the home office, destined to each the comcast IP and the T1 IP. We saw the packets arrive on the T1, but not comcast. Other types of traffic worked fine. It was only port 22 that was blocked. I seem to recall we couldn't change the ssh listen port, because it was a PIX or something, but that particular detail is cloudy now. (T
>> his happened about 5 years ago.)
>>
>> Could not possibly be any more definitive proof that comcast was blocking port 22.
>>
>> Comcast denied it despite hours on the phone with them. Problem was never resolved.
>>
> I don't have Comcast business class at home, but I do have Comcast
> residential. I use a different port number for SSH and it works
> reasonably well. But, on my tests, port 22 has also worked.
Comcast is doing something very clever: they are blocking ports that
threaten their profit model, and they are doing it with FUD tactics,
i.e., in semi-random, non-traceable ways that leave
just-enough-room-for-doubt that the FCC and state PUCs won't feel a need
to act. The motivation is clear: the ISPs, including Comcast, want to
construct data corals around their customers, and charge anyone with
money a premium for access.
However, some of the deep pockets that Comcast is trying to pick are
able to fight back, and they are putting pressure on the government to
retain the "end user pays" model of the early Internet. That is, of
course, naive: the ISPs have made deals with various content providers
that will restrict their customers access to entertainment which isn't
profitable enough for their ever-increasing greed, and they have a
vested interest in preventing their customers from finding *any*
work-around that might allow automated bypass of their port blocking.
That's why the BLU discovered that Comcast was blocking port 25 to
"home" computers, and that's why Comcast is blocking port 22, and will
block post <whatever> in the future, as soon as anyone tries to find a
way to jump the fence of their ever-so-subtle data coral.
Bill
Copyright (C) 2014 E.W. Horne. All Rights Reserved.
--
Bill Horne
William Warren Consulting
339-364-8487
More information about the Discuss
mailing list