Port Prioritisation or not? For ProAsm

S

slobbargoat

Active Member
Joined
Mar 24, 2004
Messages
54
Reaction score
0
Location
South Africa.
Ok, i have decided to do some portscans to see exactly what is going on. That same webserver (www.i-roar.com) has ftp facilities too and a few other ports open aswell. I disabled my firewalls, so i could have a clean connection to test all this stuff with. Here's what i discovered so far:

Code: 
root@gateway|/: nmap -sS -P0 -v -v www.i-roar.com

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-06-04 22:41 SAST
Host ns43.edns1.com (207.44.206.36) appears to be up ... good.
Initiating SYN Stealth Scan against ns43.edns1.com (207.44.206.36) at 22:41
Adding open port 80/tcp
The SYN Stealth Scan took 642 seconds to scan 1659 ports.
Interesting ports on ns43.edns1.com (207.44.206.36):
(The 1658 ports scanned but not shown below are in state: filtered)
PORT   STATE SERVICE
80/tcp open  http

Nmap run completed -- 1 IP address (1 host up) scanned in 642.790 seconds
root@gateway|/:

K so this shows everyone that i can only a connection to port 80 can be made to that server.

Next, i decided to portscan a random server, i chose www.somethingawful.com. Here's ther results:

Code: 
The SYN Stealth Scan took 103 seconds to scan 1659 ports.
Interesting ports on drweird.somethingawful.com (66.54.81.15):
(The 1642 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
9/tcp    open     discard
13/tcp   open     daytime
22/tcp   open     ssh
25/tcp   open     smtp
37/tcp   open     time
80/tcp   open     http
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
199/tcp  open     smux
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
873/tcp  open     rsync
2021/tcp open     servexec
3306/tcp open     mysql

Nmap run completed -- 1 IP address (1 host up) scanned in 103.702 seconds


Why would all connections to i-roar.com be blocked except for port 80? Like i said, this has happend with some torrent trackers aswell, but i'd be damned if i could remember the hostnames.

Is anyone else experiencing a similar problem?
 
I just wanna jump in here and apologise if I insulted your intelligence in the other topic [:I]

I havent had any issues with bittorrent and I use it pretty extensively. I will check up on it though.

How are you connecting your modem to the net? ie. via gateway or PPPoE or linux USB or what? there could be an issue with your gateway (most likely)

I tried the i-roar here on my ISDN (not at my flat with mywi modem)
and got access denied (user+pass problem)

Ok I just VNCd into my pc. I tried www.i-roar.com:2082 and it did not work. well then I tried http://www.i-roar.com:2082 and IT DID work on mywireless. sooo.. make sure you put in the http part.

So thats at least 2 mywi users in Dbn and Pta that are opening it. Perhaps the problem is more local than you think??

I hope the info helps..
 
Hey well, that just makes me figure its a local tower problem. I'm on tower 12 (randburg) 18% signal.

It's not the http:// thats the problem, since i have also tried just plain telnetting into it. Also the portscans show its specific to this one server and/or range of servers. Its definately not my gateway pc, since i portscanned somethingawful.com without problems. I connect using pppoe via a gateway but i doubt that's the problem, since i ran these tests off the gateway pc itself.

I am so stumped :/
 
ok. this is gonna sound insane but we are using windows pcs (I am at least) so can you perhaps try it from a windows pc? If you have one that is..

Otherwise you are gonna have to get a fellow tower user to test it. I dont think they even have the availability of a feature to set port blocking for each tower even by accident. ProAsm has said before that each tower doesnt have a server of its own otherwise it would have been possible to hook up some kind of local wireless WAN using the Sentech network.

I suggest trying from another PC nearby (maybe a neighbour) and probably a windows PC just to make sure (on the same tower)
 
port 80 may be force proxied and thus the overseas host sees the connection comming from the proxy and not your IP.
I would suspect a routing problem somewhere.
What does a traceroute show?
 
Can't see how it could be a routing problem, since everyone using wireless uses more or less the same routes for international traffic?

Anyhow here's my traceroute:

Code: 
root@gateway|/: traceroute www.i-roar.com
traceroute to i-roar.com (207.44.206.36), 64 hops max, 44 byte packets
 1  66.18.87.51 (66.18.87.51)  200.446 ms  119.889 ms  97.633 ms
 2  66.18.65.105 (66.18.65.105)  97.173 ms  98.562 ms  98.839 ms
 3  gige-0-0-102.rtr-core4-stp.infosat.net (66.18.65.110)  98.228 ms  98.161 ms  199.643 ms
 4  gige-0-0-21.rtr-bdr1-rbn.infosat.net (66.18.65.209)  140.839 ms  98.173 ms  98.611 ms
 5  168.209.18.61 (168.209.18.61)  218.681 ms  115.653 ms  100.851 ms
 6  196.26.0.11 (196.26.0.11)  96.892 ms  98.170 ms  257.907 ms
 7  168.209.0.142 (168.209.0.142)  339.959 ms  340.243 ms  440.167 ms
 8  cmsfc2a-ny.nmszone.is.co.za (168.209.244.7)  335.657 ms  359.730 ms  479.520 ms
 9  fast0-0.iix-igr01.nycl.twtelecom.net (198.32.160.35)  357.892 ms  561.508 ms  336.412 ms
10  core-01-so-2-2-1-0.nycl.twtelecom.net (66.192.240.61)  436.914 ms  560.833 ms  359.752 ms
11  core-02-so-0-0-0-0.atln.twtelecom.net (66.192.255.23)  354.927 ms  400.932 ms  381.511 ms
12  66.192.243.16 (66.192.243.16)  415.914 ms  398.391 ms  419.314 ms
13  168.215.172.47 (168.215.172.47)  476.873 ms  418.765 ms  398.694 ms
14  * * *
15  * * *
16  * * *

Remains like that till it gets up to 64.

Will someone else thats on MyWireless do a traceroute too?
 
Got to 15 hops then it just timed out, but then I cannot ping that site so thats why it probably times out when it reaches the host.

Starting trace - Jun 05, 2004 03:56:43
Tracing to www.i-roar.com [207.44.206.36]....
Hops IP Address RTT(ms) DNS Name
1 66.18.87.50 167
2 66.18.65.105 188
3 66.18.65.110 102 gige-0-0-102.rtr-core4-stp.infosat.net
4 66.18.65.209 114 gige-0-0-21.rtr-bdr1-rbn.infosat.net
5 168.209.18.61 156
6 196.26.0.11 121
7 168.209.0.142 529
8 168.209.244.7 352 cmsfc2a-ny.nmszone.is.co.za
9 198.32.160.35 395 fast0-0.iix-igr01.nycl.twtelecom.net
10 66.192.240.61 397 core-01-so-2-2-1-0.nycl.twtelecom.net
11 66.192.255.23 397 core-02-so-0-0-0-0.atln.twtelecom.net
12 66.192.243.16 456
13 168.215.172.47 391
14 216.54.253.2 406 216-54-253-2.gen.twtelecom.net
15 207.218.245.117 456 ivhou-207-218-245-117.ev1.net
16 TIMED OUT
17 TIMED OUT
18 TIMED OUT
Trace Cancelled
Host not reached


<hr noshade size="1"><center><font color="blue">MyWireless Stuff</font id="blue">
<font size="1"><font color="black">The opinions expressed here are mine alone and do not necessarily reflect the opinions of my employer</font id="size1"></font id="black"></center>
 
Just got 128k package and I must agree with greedyflyza I have no speed problems yet [8D] on any type of internet traffic - ftp, http, torrent etc.

Tower 22 Signal 25% Frquency 2.530 GHz
 
HMMMK, lets try realise what we are talking about.

Firstly, what you're doing there is not exactly good. Don't do it again.

A port scanner shows what ports a server is accepting connections on
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Why would all connections to i-roar.com be blocked except for port 80? <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
Because *they* are firewalling all the other ports. If its supposed to be accepting on port 21 too, then you probably triggerd it to firewall your IP by portscanning it.

Most sites firewall traceroute too, if it gets somewhere near its location and you know it usualy does accept traceroutes then i guess there is a problem with the specific site.



- Colin Alston
colin at alston dot za dot org

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
No Karnaugh, you are wrong. If you took the time to read what the other people have said/experienced, you would learn that the ports are NOT firewalled. In Any case, this happened before I did the portscan.
 
oh no, I'm "wrong" and apparently I never read anything in the post.

A port scan will not show you port <b>prioritisation</b>. I think that confused me a little on what you're on about.

Code: 
[root@banzaai-tza]/etc/namedb: nmap -sS -P0 -p 1-1024,2082 -v -v www.i-roar.com

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-06-05 10:25 SAST
Host ns43.edns1.com (207.44.206.36) appears to be up ... good.
Initiating SYN Stealth Scan against ns43.edns1.com (207.44.206.36) at 10:26

Interesting ports on ns43.edns1.com (207.44.206.36):
(The 1013 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
21/tcp   open   ftp
25/tcp   open   smtp
73/tcp   open   netrjs-3
80/tcp   open   http
110/tcp  open   pop-3
143/tcp  open   imap
443/tcp  open   https
554/tcp  open   rtsp
993/tcp  open   imaps
995/tcp  open   pop3s
1024/tcp closed kdm
2082/tcp open   unknown

Very strange, suggest you look at your own outbound connection policies though - cant see an ISP blocking that many ports - Unless that site had some temporary problem.

- Colin Alston
colin at alston dot za dot org

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
Hello,

Using a custom application I developed some time ago I did some comparative testing on different ports to a site in israel. I honestly don't see anything that would indicate any prioritisation on TCP traffic. I cannot attest to UDP / ICMP though.

R

************************************************************
The views expressed on this site are my own and NOT those of my employer.
 
135, 137, 138, 139, 445, 593.

what about these ports?
in general these are the ones that gets blocked by ISPs, reason being windows sux...




-------------------------
WWCD?
 
ISP's do not block *any* ports. That would be stupid and irresponsible of them.

- Colin Alston
colin at alston dot za dot org

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
----------------------------------------------------------------------
ISP's do not block *any* ports. That would be stupid and irresponsible of them.

- Colin Alston
colin at alston dot za dot org

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
----------------------------------------------------------------------
oh....

http://www.microsoft.com/serviceproviders/columns/isp_security.asp

...Security is as much about policing and good practice as it is about using products that help protect security. Internet service providers (ISPs) are on the cutting edge of developing security practice because their operations rely on exposing systems and services in a way that most companies do not.

From remote access server (RAS) terminals to Web servers, ISPs expose different services on different hardware to different users whose connection, access, and usage rights must all be set, authenticated, and enforced.

To discover best practices for managing and policing all these variables, Microsoft Service Providers asked Coho Internet (we've changed their name and distinguishing information to protect them) to detail the security checklist they use for their all-Windows platform. This list separates actions by their frequency—some actions are constant; others are performed daily, weekly, or monthly. Use the checkboxes to compare your security practice with Coho Internet's recommendations....

...Adopt the following firewall rules as a base set:

Default deny, explicitly allow services, and explicitly deny others, for additional security.
Deny all traffic to ports 135-139,445 TCP/UDP (NetBios/SMB).
Deny all traffic to port 3389 TCP/UDP (Terminal Services).
Deny all traffic to DCs.
Deny all traffic to internal DNS servers.
Allow traffic from firewall management console to firewall.
Deny all other traffic to and from your firewall.
Permit only DNS (port 53 TCP/UDP) traffic to external DNS servers.
Permit only required ports for each service on each server thereafter....




lions, and tigers, and bears... oh my...




-------------------------
What Would C'thulhu Do?
 
reasons why...

http://isc.sans.org/top10.php



-------------------------
What Would C'thulhu Do?
 
Please read your own post.

They firewall windows machines they host, they do not place filtering on their side of customer lines. Firewalling is to be done on the client side if they want it.

I repeat, ISP's do *not* firewall ports for you - that IS irresponsible and stupid.

- Colin Alston
colin at alston dot za dot org

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
i'm not trolling or anything [it's much easier to just log onto another board and post "elan"]...

i was just asking if anybody checked those ports... from the article it looked like they are the ones that gets blocked by ISPs regularly... just wanted to check...



-------------------------
What Would C'thulhu Do?
 
And I'm saying, ISP's do not block those ports.

- Colin Alston
colin at alston dot za dot org

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X