ISP port blocking practice
Jared Mauch
jared at puck.nether.net
Wed Nov 4 02:13:35 UTC 2009
On Nov 3, 2009, at 8:51 PM, mark [at] edgewire wrote:
> Hi all,
>
> Just out of curiosity for those whom may manage Hotel Wifi networks
> (I know I know, not really ISP level but since we're on the topic of
> port blocking). Does anyone actually make an effort to be blocking
> port 443? I've had that experience at a few Hotels in Philippines
> and I can't think of a valid reason as to why those ports would be
> dropping traffic. Would like to hear from anyone whom has had this
> experience.
I've found that some public (eg: Hospital) networks have very
draconian security policies on their guest wireless. The University
of Michigan hospitals block IMAP over SSL (tcp/993), SMTP-Submit (tcp/
587) and all the vpn software I had at my disposal.
This blocking is becoming more common to force people to HTTP/HTTPS
ONLY based systems. They make utilizing these networks from a mobile
device hard, and quickly forget your mac authentication quickly and
are overall poorly run (no feedback loop to get things unblocked that
are legit).
I have found that I am having to vpn-out more often from these 'guest'
networks to obtain "real" internet access. I recommend running a few
gateways (eg: pptp, ipsec, openvpn) to get around these issues.
(I have found some well run hotel networks that intercept tcp/3128 and
send it to a local squid cache).
- Jared
More information about the NANOG
mailing list