• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Apartment Blocked Ports

F

feralmind

Junior Member
Ok guys, first time post, long time reader.

I have recently moved into a new apartment complex and they have alot of ports blocked. The main port that causes me problems is port 6667. I have been working with their tech support guys for the last two months trying to get to someone who has the authorization to change the ports for me. It lead me to the General Manager of the complex. I contacted him and asked him why the port was blocked. Two weeks later I received this letter.


"Dear XXXX,

I spoke with our companys IT professional on Friday about the 6667 IRC port. He said that this is one of the most malicious ports there is. As an example, almost all virus protection software with a firewall blocks this port by default. As a result, this port will remain blocked for now.

We are willing, however, to listen to arguments. If you would like to put together a request, in writing, of the reasons why you would like access to this port and why you feel it is safe, I will submit it to my company.

Sincerely,
XXXXXXXX"



This is where I need some help. I have some general ideas of what to say but I really could use some help. Any insights or comments would be very helpful. Basically what I was going to say are these points.

1.) Virii can't be transfered through port 6667 without being hacked or the user downloading the virus. Hackers can "hack" any of the 65535 ports.
2.) Banning people from using IRC because they could get a virus is overprotecting people. People can get a virus more likely through email or visiting any of the billion of websites on the internet.
3.) Firewalls block almost all ports regardless of their commonness to be used for "malicous" activities.


Thanks alot in advance,
Feralmind
 
Some websites have java irc proxy programs and will let you connect to any irc server that way.

But yes their arguement is flawed. You can't get a virus by just connecting to IRC, and the firewall would probably block DCC transfers anyway.
 
Jeez there's a million ways to get past that... go sign up for a free bouncer at some website, or portscan your irc server from 6660-6669, possibly other IRCD ports are open
 
Well, the problem is the IRC port is used for a game. Command and Conquer Generals which uses 6667 for gamespy chat and wont let you play the online game without access to it. I have heard of Proxy Tunnelings, but I don't have any information on it. But yeh, can anyone help me with ideas on what to write.

Feral
 
The comment on viruses probably deals with the fact that many trojans connect to an IRC server to setup a DDoS bot.

Get a shell account somewhere and setup your game to use a bnc to connect to the IRC server.

Put together your arguements and send a letter. Sounds like the best option.
 
Originally posted by: feralmind
Can anyone else think of any other arguements? Or possibly a better way to state mine?

-feral
Click to expand...

I can think of more not to open the port than to open it.
 
These guys are gay. You should let them know that. Outgoing traffic on EVERY port should be open if they have a firewall for an entire apartment complex. Each user should be responsible for their own security (just like every other ISP out there).
 
Originally posted by: Oaf357
These guys are gay. You should let them know that. Outgoing traffic on EVERY port should be open if they have a firewall for an entire apartment complex. Each user should be responsible for their own security (just like every other ISP out there).
Click to expand...

This model is broken. It does not work.
 
Oaf, from the sounds of it, this is inbound, not outbound.

They're preventing anyone from running an IRC server, a good policy IMHO. 🙂 The alternative is to just not use GameSpy's chat, or try and argue with them and fail miserably. Unless they're stupid, they're not likely to change policy so one person can use the GameSpy chat feature for his online game. You've always gotta try and look at it from the other guy's angle. You're just 1 person out of 100s -- why make policy exceptions?

That being said, it does sound promising that he invites argument... Maybe he plays C&C Generals too. 😀
 
Originally posted by: n0cmonkey
Originally posted by: Oaf357
These guys are gay. You should let them know that. Outgoing traffic on EVERY port should be open if they have a firewall for an entire apartment complex. Each user should be responsible for their own security (just like every other ISP out there).
Click to expand...

This model is broken. It does not work.
Click to expand...

Then why's it still being used. It works, perfectly, IMO. If a user doesn't want security then they don't have it. If their lack of security become a problem, well, cut them off. I totally agree that some filtering has be done to keep rogue servers off your network but not allowing a common chat client, that's not good customer service.
 
Originally posted by: Oaf357
Originally posted by: n0cmonkey
Originally posted by: Oaf357
These guys are gay. You should let them know that. Outgoing traffic on EVERY port should be open if they have a firewall for an entire apartment complex. Each user should be responsible for their own security (just like every other ISP out there).
Click to expand...

This model is broken. It does not work.
Click to expand...

Then why's it still being used. It works, perfectly, IMO. If a user doesn't want security then they don't have it. If their lack of security become a problem, well, cut them off. I totally agree that some filtering has be done to keep rogue servers off your network but not allowing a common chat client, that's not good customer service.
Click to expand...

Just because a security model is broken, does not mean people are gung-ho about getting a new model. Users are too dumb to be able to handle security on their own.

If he hates it that much, he should use his customer/consumer right and change ISPs, if all other methods have been exhausted.
 
Originally posted by: n0cmonkey
Originally posted by: Oaf357
Originally posted by: n0cmonkey
Originally posted by: Oaf357
These guys are gay. You should let them know that. Outgoing traffic on EVERY port should be open if they have a firewall for an entire apartment complex. Each user should be responsible for their own security (just like every other ISP out there).
Click to expand...

This model is broken. It does not work.
Click to expand...

Then why's it still being used. It works, perfectly, IMO. If a user doesn't want security then they don't have it. If their lack of security become a problem, well, cut them off. I totally agree that some filtering has be done to keep rogue servers off your network but not allowing a common chat client, that's not good customer service.
Click to expand...

Just because a security model is broken, does not mean people are gung-ho about getting a new model. Users are too dumb to be able to handle security on their own.

If he hates it that much, he should use his customer/consumer right and change ISPs, if all other methods have been exhausted.
Click to expand...

I don't know how it works for Internet access but I know I once lived in an apartment complex that had its own cable system and you couldn't get the local cable company to come in to the place. Which would suck if that held true in this case.

Who's to say that users are too dumb. Hell a lot of companies looked pretty stupid in regards to security after the Slammer worm hit. Your argument is just, I agree, but Nazi networking tactics are flawed for the home environment.
 
Originally posted by: Oaf357
Originally posted by: n0cmonkey
Originally posted by: Oaf357
Originally posted by: n0cmonkey
Originally posted by: Oaf357
These guys are gay. You should let them know that. Outgoing traffic on EVERY port should be open if they have a firewall for an entire apartment complex. Each user should be responsible for their own security (just like every other ISP out there).
Click to expand...

This model is broken. It does not work.
Click to expand...

Then why's it still being used. It works, perfectly, IMO. If a user doesn't want security then they don't have it. If their lack of security become a problem, well, cut them off. I totally agree that some filtering has be done to keep rogue servers off your network but not allowing a common chat client, that's not good customer service.
Click to expand...

Just because a security model is broken, does not mean people are gung-ho about getting a new model. Users are too dumb to be able to handle security on their own.

If he hates it that much, he should use his customer/consumer right and change ISPs, if all other methods have been exhausted.
Click to expand...

I don't know how it works for Internet access but I know I once lived in an apartment complex that had its own cable system and you couldn't get the local cable company to come in to the place. Which would suck if that held true in this case.

Who's to say that users are too dumb. Hell a lot of companies looked pretty stupid in regards to security after the Slammer worm hit. Your argument is just, I agree, but Nazi networking tactics are flawed for the home environment.
Click to expand...

NAZI network tactics? I would love to see ISPs take an active stance in the security department. There is too much happening from these ISPs' networks to ignore the home users.

Even Microsoft got hit by the slammer worm. All that tells me is that there is good reason to review the current (or former) security policies in place, and fix them.
 
Howabout asking the IPO guys (Information Protiection Office) for a specific port filter for your IP address? That way, any problems with 6667 will be yours only. They can track suspicious activity. I am sure they segregated the network so you can't connect to your neighbors.
 
Security wouldn't such a huge issue if products weren't as vulnerable or if companies and network admins actually patched their systems. Security itself is flawed because it relies too much on humans.
 
Originally posted by: Oaf357
Security wouldn't such a huge issue if products weren't as vulnerable or if companies and network admins actually patched their systems. Security itself is flawed because it relies too much on humans.
Click to expand...

OpenBSD is working a lot on the first part. I havent seen any other OS take the pro-active approach they have in this arena, and that is *very* disappointing.

As far as the second part goes, there are softwares being developped to take care of that too, but for a while its going to be tough.
 
Originally posted by: Oaf357
What is OpenBSD doing?
Click to expand...

Packet Filter was "recently" introduced into OpenBSD. Its a firewall built from the ground up. Not breakthrough stuff, but great none the less.

chrooted apache by default.

systrace

This. Summary: 1. Per-page execute permissions (x86/PPC do not fully support this). 2. No page will have both write permissions and execute permissions. 3. .rodata (which I do not really understand). 4. ProPolice. These all help against buffer over flows.

non-exec stack and non-exec heap, which also help against buffer over flows.

OpenSSH was started by OpenBSD developers.
 
That still doesn't help the fact that if that "firewall" has a flaw that needs to be patched by a person, it will get done.
 
Originally posted by: Oaf357
That still doesn't help the fact that if that "firewall" has a flaw that needs to be patched by a person, it will get done.
Click to expand...

Agreed, but like I said, some big name companies are jumping on this...
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top