Newbie bewilderment IV the saga continues

Daniel V Klein dvk@lonewolf.com
Thu Jan 2 06:34:06 UTC 2003


My thoughts on this: they are running a Cisco router with a specific
ruleset enabled.  Specifically, if a contact is made from the inside
to an outside location, the outside is allowed to answer back.  But
for all but a very select few ports (and 6277 ain't one of them), no
one from the outside can come in.  It's called a "reflexive ruleset",
and I use them myself.  Since you found that TCP works on 6277 coming
in, that may mean that the reflexive rule is not used for TCP.  But
since it *doesn't* work for UDP, it may be.  I specifically enable UDP
6277 for the DCC sites I peer with.

-Dan

>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I am awaiting a response from my hosting company presently.
>  
> I'm sure they have battled several hundred billion bad guys who rented out se
> rvers. Paranoia is a great security policy !
> I'm sure they have blocked out certain things because of past abuse from bad 
> guys. I am certain the vast number of servers in the Interland server farm wi
> ll never need the type of UDP services we are talking about so I could see th
> e point of doing weird UDP blocking. As a huge company they have to apply pol
> icy across a huge vast number of users and there is no room for indiv excepti
> ons.
>  
> This is not however covered in the manual for the server. They do talk about 
> "unavailable services" like ping and traceroute:
>  
> "For security reasons a Freedom server does not have the ability to directly 
> manipulate the network
> interface on the machine. For this reason, features and applications that dir
> ectly
> manipulate the network interface, such as those listed below, do not function
>  on Freedom
> Servers"
>  
> Ping, traceroute, packet based firewalls IPFW and additional IP address are c
> alled out as disabled.
>  
> I assume this is a important attempt to keep people from doing all sorts of e
> vil stuff. But just like spam blocking - some legitimate traffic will be bloc
> ked -
>  
>  
> This is the first time in 2 years and zillions of app installs I have had som
> ething not work on my server.
>  
> I do want confirmation from Interland that indeed they are blocking DCC's UDP
>  usage to confirm what we have surmised already here in these emails.
>  
> I am also going to work them to support DCC as Spam is a huge problem for cli
> ents and hosts alike.
>  
> Again.... Thanx for the support I will continue the fight for running DCC on 
> my server.
>  
> I am gonna leave the server running for a few days if anyone has any suggesti
> ons...
>  
> 
> 
> - -----Original Message-----
> From: dcc-admin@rhyolite.com [mailto:dcc-admin@rhyolite.com] On Behalf Of Tim
>  Wicinski
> Sent: Wednesday, January 01, 2003 8:56 PM
> To: :)
> Cc: 'Vernon Schryver'; dcc@rhyolite.com
> Subject: Re: Newbie bewilderment IV the saga continues
> 
> 
> 
> .
> >  
> > I guess I will ask my hosting company about it. However they are 
> > idiots and this will cause complete brain boilover from them. My odds of fi
> xing this are slim to none. Man this sure is very specific filtering !
> >  
> 
> I'm sure there are several people on this list who work for server 
> hostng companies with not such draconian policies on filtering, and with 
> support mechanisms to work these things out.  Just a suggestion.
> 
> _______________________________________________
> DCC mailing list      DCC@rhyolite.com
> http://www.rhyolite.com/mailman/listinfo/dcc
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
> 
> iQA/AwUBPhPBRnzhLX3UbeVTEQIdCwCfb0mOwChpnPCOVVrsUR89q15L48EAoKSr
> Y3cs0tO2dt9imabbX5TGEs0G
> =6K5R
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> DCC mailing list      DCC@rhyolite.com
> http://www.rhyolite.com/mailman/listinfo/dcc



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.