Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne NZ (including Farmside)Vodafone blocking port 22 on mobile broadband (3g)
kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


#62943 17-Jun-2010 14:13
Send private message

Looks like vodafone are blocking port 22 on 3G/GPRS..
According to their twitter feed it's because "of virus activity".

Can someone from vodafone please investigate this and get it unblocked ASAP!

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

xpd

xpd
Geek of Coastguard
14116 posts

Uber Geek
+1 received by user: 4578

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #342670 17-Jun-2010 14:24
Send private message

And while at it, can someone from ANZ wipe out my mortgage ? Thanks. :)

I doubt Vodafone are going to unblock it if they have valid concerns about it, just becuase you say to do it ASAP.....





XPD / Gavin

 

LinkTree

 

 

 



icepicknz
309 posts

Ultimate Geek
+1 received by user: 5

Trusted

  #342674 17-Jun-2010 14:31
Send private message

Wow, blocking port 22, ssh or management is not good.
What if a virus came out and targeted port 80, would they close this too?

I suspect the blocking of port 22 may be something to do with jailbroken iphones perhaps? Or could it be too many people are tunneling data through SSH and their basic qos cant manage the traffic or something.

Just sees strange to block something so important.




Barry Murphy
ISPMap - New Zealand ISP map
Vibe Communications LTD - Business ISP and Wholesale Carrier



Any comments made by myself don't reflect the views of my employer, they are mine and mine alone

johnr
19282 posts

Uber Geek
+1 received by user: 2526
Inactive user


#342679 17-Jun-2010 14:37
Send private message

kyhwana2: Looks like vodafone are blocking port 22 on 3G/GPRS..
According to their twitter feed it's because "of virus activity".

Can someone from vodafone please investigate this and get it unblocked ASAP!


What are we investigating?

John



kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


  #342680 17-Jun-2010 14:38
Send private message

They could at least be smart about it and block incoming destination port 22 and not just "all port 22, which includes outgoing ->dest port 22"..

I use 3G for remote adminning my linux box and sshing into work.
If they can't figure out how to block just incoming ssh requests then it's off to telecom/2d's for data. (Would mean swapping my desire for a telstra one, but oh well)

And before you suggest switching ssh ports, ITS at work won't do that.

kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


  #342681 17-Jun-2010 14:40
Send private message

johnr:
kyhwana2: Looks like vodafone are blocking port 22 on 3G/GPRS..
According to their twitter feed it's because "of virus activity".

Can someone from vodafone please investigate this and get it unblocked ASAP!


What are we investigating?

John

"
@jethrocarr: hey @vodafonenz, it seems you guys are still dropping port 22 when on 3G.... all other ports work fine.
@vodafoneNZ: @jethrocarr Yep we are. Virus issue using that port. ^PB
@jethrocarr: @vodafoneNZ are you f@#$king kidding me? Why not block all ports, that'll stop all viruses... port 22 is vital for remote access to Linux srv
"


I can't SSH out from my mobile on vodafone 3G to my server boxes. (Which are running SSH on port 22).
As I just posted, you could just drop incoming (to 3G IP's) TCP connection requests to destination port 22.

kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


  #342688 17-Jun-2010 15:01
Send private message

Hmm, looks like this is fixed now..

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
openmedia
3449 posts

Uber Geek
+1 received by user: 878

Trusted

  #342694 17-Jun-2010 15:29
Send private message

Not good for my support team who use a Vodem or a tethered mobile phone to do on-call.

Any additional details on Vodafone about why they blocked the port?




Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

VFNZPaulBrislen
970 posts

Ultimate Geek

Trusted

  #342696 17-Jun-2010 15:30

Righto, that's a bit of excitement for the afternoon...!

So, this is what we're doing. We are blocking Port22 for device to device traffic on the VF network. We saw a storm of signalling traffic from jailbroken iPhones that were connecting peer to peer. Customers were getting bill shock for no apparent reason and so we blocked device to device traffic on Port 22.

If you are using Port 22 for ssh you won't notice any difference because you're either connecting to a server or you're connecting to a device outside the VF network.

device-server-device - unaffected.
device-outside VFNZ - unaffected.

OK?

This has been in place for two months now. If you suddenly notice a problem it will be unrelated - you should log a job and we'll look into it.

Cheers

Paul




Paul Brislen
Head of Corporate Communications
Vodafone

http://forum.vodafone.co.nz

freitasm
BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41043

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #342699 17-Jun-2010 15:35
Send private message

Here comes the rumour mill, obviusly to be squeezed later by Paul Brislen.

A few weeks ago I received an anonymous phone call. It appears that Vodafone isn't (wasn't) blocking device to device mobile data traffic, and charging for mobile data traffic between devices.

The problem with that is the number of trojans scanning the network - a lot of people who complained of "I never used that much data" could probably blame on their PCs being infected and using megabytes of data scanning the network.

But don't blame PCs only. iPhones apparently were badly hit by a couple of trojans and used up a lot of data - and their owners still complaining about paying all that data.

So I'd say Vodafone moved to block this traffic. Obviously blocking the whole thing, not only device to device, but device to Internet as well.





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


  #342700 17-Jun-2010 15:42
Send private message

Hmm, looks like it's only happening on certain IPs (device side)..
121.90.226.xxx is fine, but from 121.90.81.xx it's not.

So if it's not working, try stopping 3G/reconnecting and see if you can get a different IP..

freitasm
BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41043

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #342703 17-Jun-2010 15:45
Send private message

kyhwana2: Hmm, looks like it's only happening on certain IPs (device side)..
121.90.226.xxx is fine, but from 121.90.81.xx it's not.

So if it's not working, try stopping 3G/reconnecting and see if you can get a different IP..


It also depends which APN you are using...




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Shop now at Mighty Ape (affiliate link).
kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


  #342707 17-Jun-2010 15:59
Send private message

freitasm:

It also depends which APN you are using...



Im using www.vodafone.co.nz

kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


  #342801 17-Jun-2010 22:44
Send private message

So apparently they're only doing device to device (on their 3g network) filtering, but obviously it's broken somehow..


On a IP subnet (118.90.48.xx)

Doing a internet sharing from my HTC desire to my netbook and firing up wireshark on the netbook shows that i'm only getting SYNs from my netbook to the ssh server. There aren't any packets getting back to me at all..

On the SSH server side, i'm seeing a RST, ACK for the 2nd (SEQ=1) packet from 118.90.48.xx..

So vodafone is sitting in the middle and sending a TCP RESET packet to my ssh server.

But only from certain IP's apparently..

Who do I email packet dumps or who can I contact about this?


kyhwana2

2572 posts

Uber Geek
+1 received by user: 233


  #342803 17-Jun-2010 22:46
Send private message


SSH works on 121.90.218.x.. fails on 121.90.119.xx..
(Gets RST as above)

michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #342826 18-Jun-2010 00:35
Send private message

Try using the APN direct.vodafone.net.nz

Never had issues with SSH on that APN :)




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright