We build Linux systems, I use Linux some myself, and I talk (sometimes kind of advanced-ly) on this blog about it quite a bit.
For those who are not familiar - and I know there are a lot of you - this is the nicest, most concise article I've seen to lay it all out for you. Right down to the penguin mascot!
And for those who are familiar, this is a good resource to bookmark, so you can refer your "uninitiated" friends to the world of Linux (without getting too geeky and intimidating about it).
Foxtrot's fave Linux version right now is Ubuntu. It's free to download and try, the setup is simple (no real techie jargon questions to install), and the device support is unrivaled among Linux distros. I'm not sure how they do it, but just about every time I've loaded Linux it has found all my devices and made them work without any interference from me.
Thursday, March 13, 2008
Tuesday, March 11, 2008
Disappointment at Comcast's Network Blocking
We've had a couple interesting episodes lately, with Comcast unilaterally and without warning permanently blocking certain traffic to/from some of our customers.
In the worst case, they started blocking port 25 for one of our customers, which is the SMTP port for sending/receiving e-mail. I have many issues with how they've handled the issue:
In the worst case, they started blocking port 25 for one of our customers, which is the SMTP port for sending/receiving e-mail. I have many issues with how they've handled the issue:
- It was completely without warning. Apparently, there was a large outbound e-mail sent, that triggered some (spam/virus) alarm within Comcast's network management systems. Either way - whether the traffic was actually nefarious or non-threatening, which Comcast could not possibly know - why not alert the customer? The customer needs to take action to take care of a virus problem, or they now need to change their port to get mail to send.
- There was no intelligence. We manage routers (not expensive ones, even) that know how much bandwidth goes through certain ports, and when to be concerned and possibly temporarily disable connection to/from certain IPs. If someone creates a virus that does something simple like ping the heck out of our IP, the firewall will sense X packets on port Y within Z seconds, and will put that IP in temporary quarantine. I think it's typically either 10 or 30 minutes of no traffic to/from that address. It would have been appropriate in a case like this, because if the traffic was bad-intentioned (spam, etc.) it would have continually retried its action and a more pemanent escalation could have been enacted. Since this was a one-time big e-mail, there's no way a sophisticated network like Comcast's should have been so touchy about it and taken such permanent action.
- Comcast staff denied it as even a possibility. I had not heard about it before, but looking around the internet, there are posts galore, dating back as far as 2004, documenting this exact issue with Comcat's network. So, their staff either knew and denied it (lied) or they just don't know their network very well. After the third call (and the third hour on hold), they finally "noticed" that they did indeed have a block in place on port 25 for this customer.
- It wasn't immediately corrected. Their admission happened on a call last week, and I don't believe they have yet figured a fix or attempted a follow-up call to provide an update on what's happening (stay tuned for updates).
I grasp the fact that most spammers and virus-disseminators operate on port 25, but I totally disagree with something as stupid as just blocking a port and telling the customer (as Comcast did here) to "use another port." In our case, since our customer's mail service is through a third party, switching to another port did not work because the server is not answering on that port.
Also, how long before the spammers start sending on port 26 or 587 or whatever other port they move us to? Let's get intelligent and understand the "profile" of nasty traffic, and block that. Spammers can always change ports, but it's much more challenging to force them to vary the profile of their traffic (timing and IPs involved in their attacks).
Comcast is definitely disappointing in this episode. They could choose to take the route that's technically more difficult but more customer-freindly . . . but instead they chose to hit the problem with the biggest mallet they could and let the customers sort things out or call with issues. I don't see how that makes business sense at all.
Subscribe to:
Posts (Atom)
