Telecom/Spark now blocking port 53?

Forums › Spark New Zealand (including Skinny and BigPipe) › Telecom/Spark now blocking port 53?

ElectronicFerret

125 posts

Master Geek

#151861 8-Sep-2014 11:12

Sometime over the weekend, Spark started blocking me from connecting to my home router on port 53.

I used to (it worked on Friday) SSH over port 53 (to get around a work firewall) but back at work this morning it no longer works. I also can't connect from other locations (including another Spark connection) so it appears that they've started blocking port 53.

Anyone else notice this? I've had to change to SSH over port 443 instead.

cbrpilot

955 posts

Ultimate Geek

Trusted

Spark NZ

#1124151 8-Sep-2014 11:17

Yes, we are now blocking incoming port 53.
If you need it unblocked, give us a call. Just ask to unblock port 25 and that will unblock 53 as well.
Normally we would provide more in advance communications of a change like this, but I'm sure you understand how quickly we had to move over the weekend.

My views are my own, and may not necessarily represent those of my employer.

ElectronicFerret

125 posts

Master Geek

#1124158 8-Sep-2014 11:22

cbrpilot: Yes, we are now blocking incoming port 53.
If you need it unblocked, give us a call. Just ask to unblock port 25 and that will unblock 53 as well.

Thanks. Is there any particular number, email address or contact form I should use to expedite the unblocking?

sidefx

3711 posts

Uber Geek

Trusted

#1124159 8-Sep-2014 11:23

Probably this one:

https://www.spark.co.nz/form/1,6849,5664,00.html

(I had to do this for a relative a little while ago)

"I was born not knowing and have had only a little time to change that here and there." | Octopus Energy | Sharesies
- Richard Feynman

ElectronicFerret

125 posts

Master Geek

#1124170 8-Sep-2014 11:34

sidefx: Probably this one:

https://www.spark.co.nz/form/1,6849,5664,00.html

(I had to do this for a relative a little while ago)

Thanks. Just filled it in.

Who writes this stuff? - "Please remember to restart your modem or router for the port 25 changes to take affect."

cbrpilot

955 posts

Ultimate Geek

Trusted

Spark NZ

#1124173 8-Sep-2014 11:37

You have two options:
1) You can fill out our official form at: https://www.spark.co.nz/form/1,6849,5664,00.html
Not sure of the official turnaround time on that one.
2) You can PM me your details. Please include:
Your Spark account number
The line# that you want the port 25/53 filtering disabled on
Hopefully I can get that done relatively quickly.

Please bear in mind the following that by opting out you agree to the terms and conditions listed on the form (linked above). E.g.
o I agree to maintain up to date anti-virus and firewall software.
o I have read and agree to the Spark terms and conditions.
o In accordance with the above terms Spark reserve the right to filter port 25 for all customers at any time and without any additional notice.

My views are my own, and may not necessarily represent those of my employer.

OnlyJoe

10 posts

Wannabe Geek

#1124175 8-Sep-2014 11:42

ElectronicFerret: Sometime over the weekend, Spark started blocking me from connecting to my home router on port 53.

I used to (it worked on Friday) SSH over port 53 (to get around a work firewall) but back at work this morning it no longer works. I also can't connect from other locations (including another Spark connection) so it appears that they've started blocking port 53.

Anyone else notice this? I've had to change to SSH over port 443 instead.

Port 53 is the DNS port. If you have that open and a DNS running on your router, others can use your router to relay packets to Sparks DNS server as part of a DNS amplification attack. So it makes total sense for them to block it.

Zeon

3916 posts

Uber Geek

Trusted

#1124203 8-Sep-2014 12:31

What dodgy CPE has that running?

Speedtest 2019-10-14

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

cbrpilot

955 posts

Ultimate Geek

Trusted

Spark NZ

#1124216 8-Sep-2014 12:45

It's not usually the CPE itself that is broken, it is that it gets hacked, and then the hackers open up that relay.

My views are my own, and may not necessarily represent those of my employer.

ElectronicFerret

125 posts

Master Geek

#1124252 8-Sep-2014 13:05

Zeon: What dodgy CPE has that running?

I'm doing a port forward from public TCP 53 to 22 on an internal linux box.

It's far from dodgy, it's simply running SSH on a non standard port.

chevrolux

4962 posts

Uber Geek
Inactive user

#1124542 8-Sep-2014 17:12

ElectronicFerret:
Zeon: What dodgy CPE has that running?

I'm doing a port forward from public TCP 53 to 22 on an internal linux box.

It's far from dodgy, it's simply running SSH on a non standard port.

So why not go right out of the standard service ports? 8022 might be good easy one to remember for SSH.

slingynz

154 posts

Master Geek

#1124565 8-Sep-2014 17:31

chevrolux:
ElectronicFerret:
Zeon: What dodgy CPE has that running?

I'm doing a port forward from public TCP 53 to 22 on an internal linux box.

It's far from dodgy, it's simply running SSH on a non standard port.

So why not go right out of the standard service ports? 8022 might be good easy one to remember for SSH.

"To get around work firewall"

cbrpilot

955 posts

Ultimate Geek

Trusted

Spark NZ

#1124589 8-Sep-2014 17:51

Let me know how you get on with that online form.
I don't want to circumvent the normal processes, but if you're not getting any joy fast enough there, let me know and I can look into where those forms go, and see what I can do to hurry it along.

My views are my own, and may not necessarily represent those of my employer.