Is Comcast blocking port 22

I don't seem to be able to ssh into my systems on port 22 anymore, high
ports work fine. Has Comcast started blocking port 22?

On 2010-06-10, Moe Trin <(E-Mail Removed)> wrote:
> On 9 Jun 2010, in the Usenet newsgroup comp.os.linux.networking, in article
><(E-Mail Removed)>, General Schvantzkoph wrote:
>
>>I don't seem to be able to ssh into my systems on port 22 anymore,
>>high ports work fine. Has Comcast started blocking port 22?
>
> [compton ~]$ whatis hping2 hping3 tcptraceroute
> hping2 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> hping3 (8) - send (almost) arbitrary TCP/IP packets to network hosts
> tcptraceroute (8) - A traceroute implementation using TCP packets
> [compton ~]$
>
> Old guy

And there you have it, straight outta compton.


--
Mike Bleiweiss
Devout Unixophile

On Thu, 10 Jun 2010 14:48:02 -0500, Moe Trin wrote:

> On 9 Jun 2010, in the Usenet newsgroup comp.os.linux.networking, in
> article <(E-Mail Removed)>, General Schvantzkoph wrote:
>
>>I don't seem to be able to ssh into my systems on port 22 anymore, high
>>ports work fine. Has Comcast started blocking port 22?
>
> [compton ~]$ whatis hping2 hping3 tcptraceroute hping2 (8) -
> send (almost) arbitrary TCP/IP packets to network hosts hping3
> (8) - send (almost) arbitrary TCP/IP packets to network hosts
> tcptraceroute (8) - A traceroute implementation using TCP packets
> [compton ~]$
>
> Old guy

I've done port scans using external scan tools, specifically Gibson
Research's ShieldsUp. It shows that port 22 is in Stealth mode (to use
Gibson's parlance), the high ports that I've assigned to ssh on a couple
of my machines are shown as Open which gives me confidence that their
port scanner works.

What I would like to know is if Comcast has blocked port 22 everywhere or
if it's just my line or my town? If any of you have Comcast would you
mine checking to see if you can access port 22.

BTW I did see an exchange in an online Forum about this issue where a
Comcast rep claimed that they don't block port 22 but that they were
having a technical problem which they were working on. That response was
from May 21. I'm still seeing the problem today (June 11) which leads me
to believe that Comcast is lying about not blocking port 22.

On Fri, 11 Jun 2010 07:16:52 -0400, Maxwell Lol wrote:

> General Schvantzkoph <(E-Mail Removed)> writes:
>
>> What I would like to know is if Comcast has blocked port 22 everywhere
>> or if it's just my line or my town? If any of you have Comcast would
>> you mine checking to see if you can access port 22.
>
> Well, you can always use another port number for your home machine. It's
> a good idea for other reasons as well. My port gets bruteforced several
> times a day (which is why I auto-firewall attempts)

Using a non-standard port is a problem for this application. I'm running
an ssh server which I use to distribute software to my customers. Non-
standard ports are no problem for small companies, however I've found
that large enterprises have firewalls that restrict access to standard
port numbers. I've run into this a couple of times where someone at a
large enterprise was not able to access ssh on a high-port. If this
weren't the case I would prefer to use a high port for my ssh server. I
also run a cvs server which my partner and I use to manage our code, that
runs on a high port. On the ssh server that was using port 22 the logs
show daily attacks, on the cvs server, which uses a high port, I've never
see an attack in the log files. I have password authorization disabled, I
require RSA authentication, so I'm not worried about a break in but I
still find the attacks annoying.

On Fri, 11 Jun 2010 11:44:25 +0000, General Schvantzkoph wrote:

> On Fri, 11 Jun 2010 07:16:52 -0400, Maxwell Lol wrote:
>
>> General Schvantzkoph <(E-Mail Removed)> writes:
>>
>>> What I would like to know is if Comcast has blocked port 22 everywhere
>>> or if it's just my line or my town? If any of you have Comcast would
>>> you mine checking to see if you can access port 22.
>>
>> Well, you can always use another port number for your home machine.
>> It's a good idea for other reasons as well. My port gets bruteforced
>> several times a day (which is why I auto-firewall attempts)
>
> Using a non-standard port is a problem for this application. I'm running
> an ssh server which I use to distribute software to my customers. Non-
> standard ports are no problem for small companies, however I've found
> that large enterprises have firewalls that restrict access to standard
> port numbers. I've run into this a couple of times where someone at a
> large enterprise was not able to access ssh on a high-port. If this
> weren't the case I would prefer to use a high port for my ssh server. I
> also run a cvs server which my partner and I use to manage our code,
> that runs on a high port. On the ssh server that was using port 22 the
> logs show daily attacks, on the cvs server, which uses a high port, I've
> never see an attack in the log files. I have password authorization
> disabled, I require RSA authentication, so I'm not worried about a break
> in but I still find the attacks annoying.

I power cycled the modem and that fixed the problem. That should have
been the first thing I did, I did power cycle my router and I even
updated it's firmware, but I neglected to do it to the modem.

On 6/10/2010 07:08, General Schvantzkoph wrote:
> I don't seem to be able to ssh into my systems on port 22 anymore, high
> ports work fine. Has Comcast started blocking port 22?
>

If you gave us your server's IP address, we could test it out from
another ISP!

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.34
^ ^ 21:34:01 up 9:27 2 users load average: 1.23 1.19 1.04
�借貸! ��騙! ��交! �打交! �打劫! �自殺! 請考慮綜� (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa

On Fri, 11 Jun 2010 21:34:27 +0800, Man-wai Chang to The Door (33600bps)
wrote:

> On 6/10/2010 07:08, General Schvantzkoph wrote:
>> I don't seem to be able to ssh into my systems on port 22 anymore, high
>> ports work fine. Has Comcast started blocking port 22?
>>
>>
> If you gave us your server's IP address, we could test it out from
> another ISP!

Thanks but it's resolved now. While Googling for this problem I found
several references to a problem with Cisco DOCSIS 3 modems (which is what
I have). There was a Comcast response on a forum where they said they
were rolling out a fix but that was several weeks ago. I did a power
cycle on the modem which fixed the problem. I don't know if it was fixed
because the modem picked up new settings from Comcast or if it was just
because it cleared out something that they had inadvertently set. The
bottom line is that it's working now.

In news:(E-Mail Removed),
General Schvantzkoph <(E-Mail Removed)> typed:

> What I would like to know is if Comcast has blocked port 22
> everywhere or if it's just my line or my town? If any of you have
> Comcast would you mine checking to see if you can access port 22.
>
> BTW I did see an exchange in an online Forum about this issue where a
> Comcast rep claimed that they don't block port 22 but that they were
> having a technical problem which they were working on. That response
> was from May 21. I'm still seeing the problem today (June 11) which
> leads me to believe that Comcast is lying about not blocking port 22.

Comcast's "Terms of Service" (TOS) specifically forbids the operation of any
"server" on the residential connection. "Server" includes ssh as well as
http, smtp, ftp, torrent, icq, nfs, etc.

Since you agreed to their TOS, why *wouldn't* you expect them to block all
such ports inbound to your connection?

You can run an sshd server on any port you wish, so why use standard port
22?

General Schvantzkoph <(E-Mail Removed)> wrote:
> Using a non-standard port is a problem for this application. I'm
> running an ssh server which I use to distribute software to my
> customers.

Do you then have a commercial/business account with Comcast? I'd
think their commercial/business support reps would be a bit more
helpful/useful than their residential ones.

rick jones
--
oxymoron n, commuter in a gas-guzzling luxury SUV with an American flag
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On Fri, 11 Jun 2010 16:50:54 +0000, Rick Jones wrote:

> General Schvantzkoph <(E-Mail Removed)> wrote:
>> Using a non-standard port is a problem for this application. I'm
>> running an ssh server which I use to distribute software to my
>> customers.
>
> Do you then have a commercial/business account with Comcast? I'd think
> their commercial/business support reps would be a bit more
> helpful/useful than their residential ones.
>
> rick jones

I'm using the residential version (I have a home office). The business
service is slower and more expensive than the home version so there is no
reason to use it.