|
||||||||||
I have a problem with them too. Choosing internet service providers in the rural areas of Alabama however, is shockingly similar to voting for US Presidents. (Choose the one you dislike the least) We've got three choices: Satellite (through various companies) Problem: Latency - 800-2000ms and Upload bandwidth: for DirecPC - advertised was 128k, real world, 22k. (Uploading a website is literally better on dialup) Dial-up (also through various companies) Problem: Bandwidth - 56k Wireless (through one company) Problem: Problematic security restrictions/precautions The main reason is, this company will, optionally, charge a "protection" fee similar to insurance, in that if computers get tainted with virii, they'll charge a nominal fee to come out and straighten out the problems. So, it's to their benefit to keep down infections. It's a marketing thing (What isn't?) At any rate, they let us have incoming ports (that we pre-specify) and VPN tunnels well (as opposed to DirecPC of course) At any rate, they used to block ANY traffic on non-standard ports (they claimed it also effectively stopped p2p - which is probably true. While m0n0 can take 1000 connections or so (dependent on hardware), the wireless radios will freeze once they hit a much lower ~400 limit) What can I say though. We get T1 speeds (well, real world: 1.1mb off dslreports.com) and T1 latency (32ms to google), as said above, they let us choose incoming ports and it only costs $100 a month. So, getting back to my question, is it possible to specify which ports are used for connections? I'd imagine that m0n0 needlessly waits for them to time out otherwise. Thanks Falcor for your quick response, Brandon Holland (Brandon at Cookssaw dot com) Network Administrator Cooks Saw MFG, LLC (www.CooksSaw.com) "Leading the bandsaw Industry by providing tomorrow's innovation today" 160 Ken Lane Newton, AL 36352 (Click for map) Ph: 1-800-473-4804 [ (334) 692-5074 ] Fax: (334) 692-3704 -----Original Message----- From: Falcor [mailto:falcor at netassassin dot com] Sent: Thursday, January 08, 2004 9:17 PM To: Brandon Holland Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] Blocked Port Detection? Brandon Holland wrote: >Our ISP blocks certain ports highly used by trojans (we can ask them to >remove a certain rule on an individual basis) but my question is, from >what "PORT pool" does m0n0 get the "available" ports for use? > >Because, I guess if m0n0 tries a port that has been blocked, the >connection just dies, and it becomes a lost packet. > >I'd like to be able to manually set the list of ports it can use if the >"default" list is unacceptable. Is that configurable? > >I wouldn't think that the firewall would think "well, this port NEVER >responds, it needs to be marked as unusable" and even if it did, a >reboot would "fix" that, huh? > >An interesting thought, >Brandon Holland ( <mailto:brandon at cookssaw dot com> Brandon at Cookssaw dot com) >Network Administrator >Cooks Saw MFG, LLC ( <http://www.cookssaw.com> www.CooksSaw.com) > "Leading the bandsaw Industry > by providing tomorrow's innovation today" >160 Ken Lane >Newton, AL 36352 (Click for map) > Ph: 1-800-473-4804 [ (334) 692-5074 ] > Fax: (334) 692-3704 > > > > Does your ISP block outbound ports? I have heard of many that block inbound ports. E.g. they won't let you run a HTTP, SMTP, or other standard servers with your "residential" account. If they are blocking outbound ports you really have some issues with them... or at least should. That just isn't cool of them, no matter the reason. Chances are more and more trojans will be using standard ports. E.g. of some that have are like bugbear, SQL Slammer, CodeRed, etc. They all used the standard ports for the applications they targeted. :( |