[187772] in North American Network Operators' Group
Re: Thank you, Comcast.
daemon@ATHENA.MIT.EDU (Mikeal Clark)
Fri Feb 26 01:36:11 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20160226062707.2B6894340F53@rock.dv.isc.org>
Date: Fri, 26 Feb 2016 00:36:07 -0600
From: Mikeal Clark <mikeal.clark@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Totally agree. It's silly that my home lab has to cost me 5x the
normal rate if I want to use some of the standard ports but that is
normal now.
On Fri, Feb 26, 2016 at 12:27 AM, Mark Andrews <marka@isc.org> wrote:
>
> In message <alpine.DEB.2.02.1602260718460.11524@uplift.swm.pp.se>, Mikael Abrah
> amsson writes:
>> On Thu, 25 Feb 2016, Jared Mauch wrote:
>>
>> > Make sure you permit TCP/53 for DNS queries so if TC=1 lookups work.
>>
>> Speaking of which, historically ISPs have been blocking TCP/135, TCP/445
>> and a few others towards customers (at least that's what I know). TCP/25
>> seems to be blocked as well.
>>
>> Why isn't UDP/53 blocked towards customers? I know historically there were
>> resolvers that used UDP/53 as source port for queries, but is this the
>> case nowadays?
>>
>> I know providers that have blocked UDP/53 towards customers as a
>> countermeasure to the amplification attacks. As far as I heard, there were
>> no customer complaints.
>
> Because complaining is like talking to a brick wall most of the
> time. People work around the ISP idiocy by shifting ports, its
> easier than trying to get through help desk hell.
>
>> --
>> Mikael Abrahamsson email: swmike@swm.pp.se
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
