| Author |
Message |
aaron
Joined: 12 Sep 2003
Posts: 27
|
| Posted: Wed Feb 21, 2007 3:37 am Post subject: Filtered ports at new datacenter |
|
|
I just want to point this out before people begin mass migrations to the new DC.
I've already brought this to caker's attention (and I'm unsure of where the issue stands currently) but I migrated to the new DC a couple days ago, and discovered that AtlantaNAP is filtering a lot of ports. Much more than ThePlanet does.
And it's filtering them inbound and outbound, such that not only can I not host something on port 6667, for example (not that I do), but I cannot connect to a remote server on the same port, either.
Here's the list (from nmap -vv -sA)
Code:
1/tcp filtered tcpmux
9/tcp filtered discard
11/tcp filtered systat
13/tcp filtered daytime
15/tcp filtered netstat
19/tcp filtered chargen
93/tcp filtered dcp
111/tcp filtered rpcbind
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
512/tcp filtered exec
514/tcp filtered shell
515/tcp filtered printer
540/tcp filtered uucp
593/tcp filtered http-rpc-epmap
707/tcp filtered
1075/tcp filtered
1080/tcp filtered socks
1180/tcp filtered
1182/tcp filtered
1434/tcp filtered ms-sql-m
1900/tcp filtered UPnP
2282/tcp filtered
3128/tcp filtered squid-http
3332/tcp filtered
3802/tcp filtered
4444/tcp filtered krb524
5000/tcp filtered UPnP
5490/tcp filtered connect-proxy
6001/tcp filtered X11:1
6002/tcp filtered X11:2
6003/tcp filtered X11:3
6004/tcp filtered X11:4
6005/tcp filtered X11:5
6006/tcp filtered X11:6
6007/tcp filtered X11:7
6008/tcp filtered X11:8
6009/tcp filtered X11:9
6010/tcp filtered
6011/tcp filtered
6012/tcp filtered
6013/tcp filtered
6014/tcp filtered
6015/tcp filtered
6016/tcp filtered
6017/tcp filtered xmail-ctrl
6018/tcp filtered
6019/tcp filtered
6020/tcp filtered
6021/tcp filtered
6022/tcp filtered
6023/tcp filtered
6024/tcp filtered
6025/tcp filtered
6026/tcp filtered
6027/tcp filtered
6028/tcp filtered
6029/tcp filtered
6030/tcp filtered
6031/tcp filtered
6032/tcp filtered
6033/tcp filtered
6034/tcp filtered
6035/tcp filtered
6036/tcp filtered
6037/tcp filtered
6038/tcp filtered
6039/tcp filtered
6040/tcp filtered
6041/tcp filtered
6042/tcp filtered
6043/tcp filtered
6044/tcp filtered
6045/tcp filtered
6046/tcp filtered
6047/tcp filtered
6048/tcp filtered
6049/tcp filtered
6050/tcp filtered arcserve
6051/tcp filtered
6052/tcp filtered
6053/tcp filtered
6054/tcp filtered
6055/tcp filtered
6056/tcp filtered
6057/tcp filtered
6058/tcp filtered
6059/tcp filtered
6060/tcp filtered
6061/tcp filtered
6062/tcp filtered
6063/tcp filtered
6588/tcp filtered analogx
6667/tcp filtered irc
6669/tcp filtered
6711/tcp filtered
6712/tcp filtered
6776/tcp filtered
7000/tcp filtered afs3-fileserver
7441/tcp filtered
12345/tcp filtered NetBus
12346/tcp filtered NetBus
16660/tcp filtered
22788/tcp filtered
27665/tcp filtered Trinoo_Master
31337/tcp filtered Elite
33270/tcp filtered
39168/tcp filtered
53201/tcp filtered
65000/tcp filtered
Updated list of blocked ports on 2008-07-05. In the past year, they seem to have unblocked ports 138, 139, 445, 623 and 664 |
|
| Back to top |
|
OverlordQ
Joined: 04 Jun 2004
Posts: 200
|
| Posted: Wed Feb 21, 2007 7:14 pm Post subject: |
|
|
Cheese n Rice!
Thanks for the heads up. Main reason why I like Linode, can run an small IRC server for like a dozen people, our main way to keep in touch. |
|
| Back to top |
|
klaruz
Joined: 22 Apr 2005
Posts: 8
|
| Posted: Wed Feb 21, 2007 9:58 pm Post subject: |
|
|
Indeed. I just set up a small irc server for a project on my server, and use another small irc server that's also on a linode (not mine) to communicate with my small group of friends as well.
Too bad, I remember when you used to be able to run anything on a linode. What's next? Filtering everything except 22, 25, 80 and 443? Gotta keep those mean hackers out yah know. |
|
| Back to top |
|
Quik
Joined: 17 Sep 2003
Posts: 124
|
| Posted: Tue Mar 06, 2007 9:05 am Post subject: |
|
|
These filtered ports are certainly a nuisance. I have a couple of services affected by this that I've had to move elsewhere (unfortunately the ports they run on are fixed).
Aaron, did you hear back from Chris about any likely resolution? |
|
| Back to top |
|
c1i77
Joined: 23 Sep 2004
Posts: 70
Location: Delft, Netherlands
|
| Posted: Thu Mar 08, 2007 1:39 pm Post subject: |
|
|
I asked Tom about this during my Fre->Atl migration (via support ticket system), and Linode.com is/was of the opinion that this wouldn't affect any Linode customers migrating to Atlanta.
Obviously this does affect you negatively. I'd suggest opening a support ticket asking for the required ports to be unblocked. Hopefully Linode.com will then take it up with AtlantaNAP and fix it.
Cliff |
|
| Back to top |
|
trickv
Joined: 16 May 2007
Posts: 5
Location: Chicago, IL
|
| Posted: Thu Jul 05, 2007 11:29 am Post subject: Too bad |
|
|
| Too bad these ports are filtered. Any update on progress, or are we simply at a loss if our Linode is in Atlanta? |
|
| Back to top |
|
tasaro
Joined: 15 Apr 2003
Posts: 135
Location: Manahawkin, NJ
|
| Posted: Thu Jul 05, 2007 11:47 am Post subject: |
|
|
Unfortunately, this was unknown to us before we deployed in Atlanta (lesson learned). We did talk to the dc at the time, and this is the way it's staying.
I'm sure there are other instances, but I have yet to field a support ticket to be moved out of Atlanta for anything other than port 6667 (irc).
oftc can be reached from Atlanta on port 6668 and freenode on port 8000. In most cases, this solves the problem. For the balance, we offer migrations to the Dallas or Fremont facilities.
-Tom |
|
| Back to top |
|
monarch
Joined: 05 Feb 2006
Posts: 22
Location: Sydney, Australia
|
| Posted: Fri Jul 06, 2007 9:14 am Post subject: Future changes? |
|
|
| I wonder if there is a list of ports that will always be available. For example, if I host my ssh port on x, is there a chance that the Atlanta datacentre will decide (out of the blue) that they will shut down port x and I'll find myself locked out? |
|
| Back to top |
|
tphyahoo
Joined: 11 Oct 2005
Posts: 8
|
| Posted: Fri Mar 14, 2008 6:40 pm Post subject: irssi commands for using alternative port |
|
|
irssi -c chat.freenode.org -n thartman -p 8000 #/join #haskell #happs
irssi -c irc.oftc.net -n thartman -p 6668 #/join #linode
irssi --help for more options |
|
| Back to top |
|
Toranin
Joined: 23 Apr 2008
Posts: 1
|
| Posted: Wed Apr 23, 2008 1:45 pm Post subject: |
|
|
I just got pointed at this topic thanks to IRC. I have to say, despite the workaround ports available from the bigger IRC nets, I'm very disappointed at this. Unconditionally blocking a big list of ports to a whole DC sets a really bad precedent, and one I am not at all happy about.
Yeah, I know the arguments they use, how the common things on these ports are variously insecure or undesirable. I don't care; I'd rather have an open network and all the pitfalls and annoyances thereof than have to worry about which service the DC admins will decide is next on the hit list. As long as I'm not doing anything harmful, what I run on my server, and on what ports, is my business.
I may or may not file a ticket to be moved, still thinking about whether it's currently worth the trouble, but at the very least I wanted to register my displeasure with the situation here. At least it's nice to know that I can always move if the Atlanta people decide to crack down any further, and I hope this will continue to be the case. |
|
| Back to top |
|
| |
