[NCLUG] A question about a web server and broadband.

Sean Roberts sean623 at attbi.com
Wed Feb 20 11:09:24 MST 2002


On Wednesday February 20 2002 8:40am, you wrote:
> Naw, I've got dynamic IP from ATT and it's never changed in a two years,
> go for it.
>
> Also to my knowledge it was @home that was blockign those ports, and ATT
> isn't doing it anymore

I'm not sure ATT or @home were ever blocking port 80 SYN into their subnets.
I say that because I have always had (before and after the change over) a lot 
of attempted connections to my port 80 show up in my firewall logs.  I never 
actually ran a web server so I can't be 100% sure so I'm curious - if they 
were/are blocking web servers on their subnets how did/do they do it?  I 
assume they would do it by monitoring and blocking parts of the tcp 3-way 
handshake.  If they wanted to prevent you from running a web server it seems 
they would block any incomming packet to port 80 with the SYN bit set but no 
ACK - i.e. cut off your ears. - you could run a web server but it would never 
see any traffic, however my firewall logs indicate this isn't true.  They 
could block outgoing packets with SYN and ACK i.e. cut off your tongue - so 
you could run a web server that could never respond.  Since I drop all 
incoming SYN's I can't tell if they are doing the latter.  Am I missing 
something here?  Were they ever blocking port 80 or just scanning it with the 
possibility of shutting off your service.  When the provider was @home they 
would regularly scan several ports (mostly nntp), but I haven't seen that 
since ATT took over.

> On Wed, 2002-02-20 at 01:40, John L. Bass wrote:
> > 	I also realize that I would probably have to type the port in to the =
> > 	address ie www.mylinuxserver.com :8088 but with AT&T blocking 80 is it =
> > 	possible?
> >
> > 	Brett=20
> >
> > If you have a static IP address, that is certainly possible. But more
> > likely you are assigned an IP with a dynamic DHCP lease, which makes
> > listing it in a DNS zone problematic.
> >
> > John

Since AT&T took over DNS name resolution is different.  Before you could 
resolve yourself based on your host and domain name something similar to 
c88939-b.ftclns1.co.home.com (note fake hostname).  Now though your IP 
address will be resolved as < /"\."/-/ $IP >.client.attbi.com but 
c88939-b.attbi.com will not get resolved.

Sean Roberts



More information about the NCLUG mailing list