Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


kyhwana2

2469 posts

Uber Geek


#62943 17-Jun-2010 14:13
Send private message

Looks like vodafone are blocking port 22 on 3G/GPRS..
According to their twitter feed it's because "of virus activity".

Can someone from vodafone please investigate this and get it unblocked ASAP!

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

xpd

xpd
Im a pirate
10790 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  #342670 17-Jun-2010 14:24
Send private message

And while at it, can someone from ANZ wipe out my mortgage ? Thanks. :)

I doubt Vodafone are going to unblock it if they have valid concerns about it, just becuase you say to do it ASAP.....





XPD^ / DemiseNZ

 

Blog         Free Games        Twitter      My TradeMe Goodies

 

Pirating in Sea Of Thieves

 

Coming Soon - BBS door games - all the classics!

 

 


icepicknz
309 posts

Ultimate Geek

Trusted

  #342674 17-Jun-2010 14:31
Send private message

Wow, blocking port 22, ssh or management is not good.
What if a virus came out and targeted port 80, would they close this too?

I suspect the blocking of port 22 may be something to do with jailbroken iphones perhaps? Or could it be too many people are tunneling data through SSH and their basic qos cant manage the traffic or something.

Just sees strange to block something so important.




Barry Murphy
ISPMap - New Zealand ISP map
Vibe Communications LTD - Business ISP and Wholesale Carrier



Any comments made by myself don't reflect the views of my employer, they are mine and mine alone

 
 
 
 


johnr
19282 posts

Uber Geek
Inactive user


#342679 17-Jun-2010 14:37
Send private message

kyhwana2: Looks like vodafone are blocking port 22 on 3G/GPRS..
According to their twitter feed it's because "of virus activity".

Can someone from vodafone please investigate this and get it unblocked ASAP!


What are we investigating?

John

kyhwana2

2469 posts

Uber Geek


  #342680 17-Jun-2010 14:38
Send private message

They could at least be smart about it and block incoming destination port 22 and not just "all port 22, which includes outgoing ->dest port 22"..

I use 3G for remote adminning my linux box and sshing into work.
If they can't figure out how to block just incoming ssh requests then it's off to telecom/2d's for data. (Would mean swapping my desire for a telstra one, but oh well)

And before you suggest switching ssh ports, ITS at work won't do that.

kyhwana2

2469 posts

Uber Geek


  #342681 17-Jun-2010 14:40
Send private message

johnr:
kyhwana2: Looks like vodafone are blocking port 22 on 3G/GPRS..
According to their twitter feed it's because "of virus activity".

Can someone from vodafone please investigate this and get it unblocked ASAP!


What are we investigating?

John

"
@jethrocarr: hey @vodafonenz, it seems you guys are still dropping port 22 when on 3G.... all other ports work fine.
@vodafoneNZ: @jethrocarr Yep we are. Virus issue using that port. ^PB
@jethrocarr: @vodafoneNZ are you f@#$king kidding me? Why not block all ports, that'll stop all viruses... port 22 is vital for remote access to Linux srv
"


I can't SSH out from my mobile on vodafone 3G to my server boxes. (Which are running SSH on port 22).
As I just posted, you could just drop incoming (to 3G IP's) TCP connection requests to destination port 22.


kyhwana2

2469 posts

Uber Geek


  #342688 17-Jun-2010 15:01
Send private message

Hmm, looks like this is fixed now..

openmedia
2281 posts

Uber Geek

Trusted
Subscriber

  #342694 17-Jun-2010 15:29
Send private message

Not good for my support team who use a Vodem or a tethered mobile phone to do on-call.

Any additional details on Vodafone about why they blocked the port?




Generally known online as OpenMedia, now working for Red Hat APAC a Technology Evangelist and Product Manager. Still playing with MythTV and digital media on the side.


 
 
 
 


VFNZPaulBrislen
970 posts

Ultimate Geek

Trusted
Vodafone

  #342696 17-Jun-2010 15:30

Righto, that's a bit of excitement for the afternoon...!

So, this is what we're doing. We are blocking Port22 for device to device traffic on the VF network. We saw a storm of signalling traffic from jailbroken iPhones that were connecting peer to peer. Customers were getting bill shock for no apparent reason and so we blocked device to device traffic on Port 22.

If you are using Port 22 for ssh you won't notice any difference because you're either connecting to a server or you're connecting to a device outside the VF network.

device-server-device - unaffected.
device-outside VFNZ - unaffected.

OK?

This has been in place for two months now. If you suddenly notice a problem it will be unrelated - you should log a job and we'll look into it.

Cheers

Paul




Paul Brislen
Head of Corporate Communications
Vodafone

http://forum.vodafone.co.nz


freitasm
BDFL - Memuneh
68798 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #342699 17-Jun-2010 15:35
Send private message

Here comes the rumour mill, obviusly to be squeezed later by Paul Brislen.

A few weeks ago I received an anonymous phone call. It appears that Vodafone isn't (wasn't) blocking device to device mobile data traffic, and charging for mobile data traffic between devices.

The problem with that is the number of trojans scanning the network - a lot of people who complained of "I never used that much data" could probably blame on their PCs being infected and using megabytes of data scanning the network.

But don't blame PCs only. iPhones apparently were badly hit by a couple of trojans and used up a lot of data - and their owners still complaining about paying all that data.

So I'd say Vodafone moved to block this traffic. Obviously blocking the whole thing, not only device to device, but device to Internet as well.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


kyhwana2

2469 posts

Uber Geek


  #342700 17-Jun-2010 15:42
Send private message

Hmm, looks like it's only happening on certain IPs (device side)..
121.90.226.xxx is fine, but from 121.90.81.xx it's not.

So if it's not working, try stopping 3G/reconnecting and see if you can get a different IP..

freitasm
BDFL - Memuneh
68798 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #342703 17-Jun-2010 15:45
Send private message

kyhwana2: Hmm, looks like it's only happening on certain IPs (device side)..
121.90.226.xxx is fine, but from 121.90.81.xx it's not.

So if it's not working, try stopping 3G/reconnecting and see if you can get a different IP..


It also depends which APN you are using...





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


kyhwana2

2469 posts

Uber Geek


  #342707 17-Jun-2010 15:59
Send private message

freitasm:

It also depends which APN you are using...



Im using www.vodafone.co.nz

kyhwana2

2469 posts

Uber Geek


  #342801 17-Jun-2010 22:44
Send private message

So apparently they're only doing device to device (on their 3g network) filtering, but obviously it's broken somehow..


On a IP subnet (118.90.48.xx)

Doing a internet sharing from my HTC desire to my netbook and firing up wireshark on the netbook shows that i'm only getting SYNs from my netbook to the ssh server. There aren't any packets getting back to me at all..

On the SSH server side, i'm seeing a RST, ACK for the 2nd (SEQ=1) packet from 118.90.48.xx..

So vodafone is sitting in the middle and sending a TCP RESET packet to my ssh server.

But only from certain IP's apparently..

Who do I email packet dumps or who can I contact about this?


kyhwana2

2469 posts

Uber Geek


  #342803 17-Jun-2010 22:46
Send private message


SSH works on 121.90.218.x.. fails on 121.90.119.xx..
(Gets RST as above)

michaelmurfy
/dev/null
9617 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #342826 18-Jun-2010 00:35
Send private message

Try using the APN direct.vodafone.net.nz

Never had issues with SSH on that APN :)




 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS1621+ 
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.