[ previous ] [ next ] [ threads ]
 
 From:  "Brandon Holland" <brandon at cookssaw dot com>
 To:  "'Falcor'" <falcor at netassassin dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Blocked Port Detection?
 Date:  Fri, 9 Jan 2004 10:07:28 -0600
I have a problem with them too.  Choosing internet service providers in
the rural areas of Alabama however, is shockingly similar to voting for
US Presidents.

(Choose the one you dislike the least)

We've got three choices:

Satellite (through various companies)
Problem: Latency - 800-2000ms and Upload bandwidth: for DirecPC -
advertised was 128k, real world, 22k.  (Uploading a website is literally
better on dialup)

Dial-up (also through various companies)
Problem: Bandwidth - 56k

Wireless (through one company)
Problem: Problematic security restrictions/precautions

The main reason is, this company will, optionally, charge a "protection"
fee similar to insurance, in that if computers get tainted with virii,
they'll charge a nominal fee to come out and straighten out the
problems.

So, it's to their benefit to keep down infections.

It's a marketing thing (What isn't?)

At any rate, they let us have incoming ports (that we pre-specify) and
VPN tunnels well (as opposed to DirecPC of course)


At any rate, they used to block ANY traffic on non-standard ports (they
claimed it also effectively stopped p2p - which is probably true.  While
m0n0 can take 1000 connections or so (dependent on hardware), the
wireless radios will freeze once they hit a much lower ~400 limit)

What can I say though.  We get T1 speeds (well, real world: 1.1mb off
dslreports.com) and T1 latency (32ms to google), as said above, they let
us choose incoming ports and it only costs $100 a month.

So, getting back to my question, is it possible to specify which ports
are used for connections?  I'd imagine that m0n0 needlessly waits for
them to time out otherwise.

Thanks Falcor for your quick response,


Network Administrator
Cooks Saw MFG, LLC (www.CooksSaw.com)


160 Ken Lane





-----Original Message-----
From: Falcor [mailto:falcor at netassassin dot com] 
Sent: Thursday, January 08, 2004 9:17 PM
To: Brandon Holland
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Blocked Port Detection?

Brandon Holland wrote:

>Our ISP blocks certain ports highly used by trojans (we can ask them to
>remove a certain rule on an individual basis) but my question is, from
>what "PORT pool" does m0n0 get the "available" ports for use?
> 
>Because, I guess if m0n0 tries a port that has been blocked, the
>connection just dies, and it becomes a lost packet.
> 
>I'd like to be able to manually set the list of ports it can use if the
>"default" list is unacceptable.  Is that configurable?
> 
>I wouldn't think that the firewall would think "well, this port NEVER
>responds, it needs to be marked as unusable" and even if it did, a
>reboot would "fix" that, huh?
> 
>An interesting thought,
>Brandon Holland    ( <mailto:brandon at cookssaw dot com>
Brandon at Cookssaw dot com)
>Network Administrator
>Cooks Saw MFG, LLC ( <http://www.cookssaw.com> www.CooksSaw.com)
>    "Leading the bandsaw Industry
>         by providing tomorrow's innovation today"
>160 Ken Lane
>Newton, AL 36352  (Click for map)
>   Ph: 1-800-473-4804    [ (334) 692-5074 ]
>   Fax: (334) 692-3704
> 
>
>  
>
Does your ISP block outbound ports?   I have heard of many that block 
inbound ports.  E.g. they won't let you run a HTTP, SMTP, or other 
standard servers with your "residential" account.  

If they are blocking outbound ports you really have some issues with 
them... or at least should.  That just isn't cool of them, no matter the

reason.  Chances are more and more trojans will be using standard ports.

 E.g. of some that have are like bugbear, SQL Slammer, CodeRed, etc. 
 They all used the standard ports for the applications they targeted.
:(