[ale] AT&T Broadband blocking inbound http?

Kenneth W Cochran kwc at world.std.com
Mon Aug 13 11:35:08 EDT 2001


Hmmm, somehow this didn't make it to the list...(?)

>Date: Mon, 13 Aug 2001 00:28:32 -0400
>From: "Transam at cavu.com" <transam at cavu.com>
>To: ale at ale.org, jonathan at xcorps.net
>Subject: Re: [ale] AT&T Broadband blocking inbound http?
>Cc: josh at xcorps.net
>
>> http://help.broadband.att.com/faq.jsp?content_id=792&category_id=54
>
>> Looks like the party is over for AT&T and @Home customers...
>
>Thanks for the URL.  I just sent a "support" email to them telling 'em
>what greedy bastards they were for using this as an excuse to block
>port 80 to force people operating web servers to pay them more for
>commercial service.  (You may want to tell them too.)

It would be most effective for those unhappy with them & their
knee-jerk policies/prodecures to move their business elsewhere,
and let then know *why*.  At the same time, it would come as
no surprise to me if their commercial customers are similarly
affected; heh, commercial customers share the same network
infrastructure and their blockage appears to be network-wide.
Because of its "shared-access" model, I would question the
appropriateness of commercial (business) usage over this type
of network anyway.  Those of us who have no alternatives as
yet are probably Just Plain Screwed.

I hesitate some to use the term "greedy bastard," but I do think
they have been following Questionable Advice...  I wonder how
arguable it is that port-blockage without customer consent amounts
to a Denial of Service...  Sure, we can move our things to different
ports, but that, of course, introduces other problems.

Here in Alexander City, Alabama, Charter Pipeline (aka HighSpeed
Access Corp) started blocking port 80 this past Thursday
evening.  A phonecall to their support pointed me to language
in their Contract both allowing them to do this and prohibiting
servers (of various kinds, not only http, but also ftp, telnet,
rlogin, pop, smtp, dns & proxy, etc.).  At this time I'm not
aware of their offering any kind of "commercial" service here.

Last month, they did a blanket turn-off of several hundered
customers here in an "audit" & it took days to weeks to get
service restored for these customers.

Now this is a little-bit funny:  They have sent an email, apparently
to *all* their customers/users, with the relevant patch-warning
and a link to Microsoft's patch-URL.  This message wasn't sent
until the next day *after* their port blockage here.

I submit that their port-80 blocking makes any patching moot.
Since they now block that port, affected systems's administrators
now have a *disincentive* to keep their OS patchlevels up-to-date
("hey, not my problem anymore").  And even if they do fix
their systems, their ways of verifying the effectiveness of
their maintenance just became much more complicated.

One thing I find interesting is that Code Red was "making
rounds" for about 3 weeks before the broadband/cable companies
started this blockage.  It is also known that Code Red was/is
only affecting a small minority of webservers.

>I also pointed out that I run Linux so I'm immune to M$'s stupid bugs.

Uh-ooohhh, you told them you run Linux; they might prohibit
*that* too...

>I also suggested that if they wanted to protect their M$ clients from
>the SirCam virus too that they should block email.

Indeed.  Why should they stop at a port-block?

I think that port-blocking on part of a "common carrier" is
the start of a "slippery slope..."

I can think of some other useful ports for them to block, too,
while they're at it (RPC, NFS, & SMB for starters), but I'm
not seeing this done.  Why not?

Now that they're, in effect, filtering content, I wonder how
prepared they are to assume any (perhaps resultant) responsibilities
for the "protection" of customers' systems...  (Especially
now; since they're blocking incoming port 80, customers have
no need for patching their OS/Webserver :).

>(I wasn't operating my web server through them but I've been totally
>disgusted with their service and I have no decent alternatives since
>I cannot get DSL.)

Same here; currently no broadband alternative to cablemodem.

>Bob
>transam at cavu.com                       [Bob's ALE Bulk email]
>bob at cavu.com                           [Please use for email to me]

-kc
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list