Remember remember the 5th of November (OP)
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
August 22, 2013, 07:41:29 PM |
|
This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up.
How will this affect Bitcoin?
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
wallet.dat
|
|
August 22, 2013, 07:48:11 PM |
|
Went to the ATM machine today and entered my PIN number and it showed up on the LCD display. On a serious note though, are you sure he wasn't talking about corporate traffic? You know, to prevent employees from torrenting?
|
"MOOOOOOOM! THE MEATLOAF!!! F**K!"
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
August 22, 2013, 07:55:51 PM |
|
This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up.
How will this affect Bitcoin?
ISP's could/would deploy packet filters?!? That's just tinfoil hat paranoid. Doh! No problem. We'll just switch to some other country like South Africa. Doh! Now it is perfectly possible to tunnel just about anything through just about any port even without active support of the system developers...who in Bitcoin-land seem to view packet filters as a fringe theoretical threat which could not possibly be deployed by our benevolent protectors in corp/gov-land. That's not to say it is trivial, particularly if one wishes to remain undetected in doing so. As I've always said, I consider the blockchain itself to be safe from attack to a high degree of confidence. The same cannot be said for the actual protocol. I structure my Bitcoin activity with the anticipation that it is possible for the system to become unusable, and even potentially dangerous to attempt to use, for protracted periods of time.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
twobits
|
|
August 22, 2013, 08:09:56 PM |
|
This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up.
How will this affect Bitcoin?
So they have to visit all the web sites by using ip addresses? Also, you can run bitcoin on port 80. Then there is always tunneling.
|
█████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ►WhitePaper ►One-Pager | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | █████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ |
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1434
|
|
August 22, 2013, 08:11:07 PM |
|
This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up.
How will this affect Bitcoin?
bitcoin protocol uses TCP on port 8333, although it can be reassigned to any port, including port 80.
|
|
|
|
ArticMine
Legendary
Offline
Activity: 2282
Merit: 1050
Monero Core Team
|
|
August 22, 2013, 08:13:12 PM |
|
I doubt they would block post 443 used for https, so a common way to get around a censor is to tunnel over port 443 to an uncensored VPN. The following article explains some of the arms race between the censors and those getting around the censorship. http://www.bestvpn.com/blog/5919/how-to-hide-openvpn-traffic-an-introduction/
|
|
|
|
nbtcminer
|
|
August 22, 2013, 08:14:43 PM |
|
This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up.
How will this affect Bitcoin?
So they have to visit all the web sites by using ip addresses? Also, you can run bitcoin on port 80. Then there is always tunneling. +1; You can set ports on any torrent client to 80. Just can't browse with the machine that is setup like that. BTW most ISP do something call Deep Packet Inspection under the guise of ITMP (Internet Traffic Management Protocols) and while they can't see the whole packet they can even uncover generally what you are d/ling (especially if it is not encrypted).
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
August 22, 2013, 08:22:13 PM |
|
This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up.
How will this affect Bitcoin?
bitcoin protocol uses TCP on port 8333, although it can be reassigned to any port, including port 80. If you want to run bitcoind as root. I like to run nothing as root. Linux dudes can use ipchains to avoid this and BSD guys have similar methods as well. Of course this does nothing to guard against DPI. It would be pretty straightforward to differentiate between http and other traffic. As for port 443, it seems to me that it would be fairly triffling to employ a whitelist of netmasks which would leave 99.9% of customers unaffected. And those who are can go piss up a rope since they are more trouble to an ISP than they are worth. Or at least to an ISP who was incorporated under Western law and thus legally obligated to maximize shareholder profits.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
Buffer Overflow
Legendary
Offline
Activity: 1652
Merit: 1016
|
|
August 22, 2013, 08:24:29 PM |
|
If they allowed only port 80 and block all the rest, DNS queries wouldn't resolve.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
August 22, 2013, 08:28:32 PM |
|
If they allowed only port 80 and block all the rest, DNS queries wouldn't resolve.
Most people use either the resolves configured by the ISP, or one of the compliment providers of such service. Rules to pass port 53 could easily be constructed.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
Buffer Overflow
Legendary
Offline
Activity: 1652
Merit: 1016
|
|
August 22, 2013, 08:35:07 PM |
|
If they allowed only port 80 and block all the rest, DNS queries wouldn't resolve.
Most people use either the resolves configured by the ISP, or one of the compliment providers of such service. Rules to pass port 53 could easily be constructed. I always resolve my own queries with dnsmasq. If I use my ISPs ones, they redirect to a page pumped with adverts if a page doesn't exist. No thanks!
|
|
|
|
twobits
|
|
August 22, 2013, 08:42:04 PM |
|
If they allowed only port 80 and block all the rest, DNS queries wouldn't resolve.
Most people use either the resolves configured by the ISP, or one of the compliment providers of such service. Rules to pass port 53 could easily be constructed. Now you are going beyond the premise of the OP though. More likely, a restricted environment would/should force everything to go through a proxy they run anyway.
|
█████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ►WhitePaper ►One-Pager | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | █████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ |
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
August 22, 2013, 08:49:19 PM |
|
If they allowed only port 80 and block all the rest, DNS queries wouldn't resolve.
Most people use either the resolves configured by the ISP, or one of the compliment providers of such service. Rules to pass port 53 could easily be constructed. I always resolve my own queries with dnsmasq. If I use my ISPs ones, they redirect to a page pumped with adverts if a page doesn't exist. No thanks! I use Google since 8.8.8.8 and 4.4.4.4 are easy to remember. I ran Bernstein's old jdbdns for a while but eventually it had to many problems that I didn't fell like dealing with. In the future if I have nothing better to do I may run one in the cloud and access it through a tunnel or something like that. Of course I had to deal with BIND as well for work reason. At least to the degree that I had to make it work and make a token effort to keep it secure...again...and again...and again... Point is, from an ISP's point of view the though of losing a tiny fraction of customers, and especially highly technical ones who are more prone to cause problems, is simply not a huge concern. Also, it is unlikely that we geeks are going to rally a army of grandmothers to our cause on the basis of being denied use of an obscure system which very few people understand. This is especially true if it can be painted as a tool for miscreants, and like it or not a lot of this technology can be. With some amount of legitimacy even. Failure to appreciate this unpleasant reality will lead to a failure to construct the proper defenses against potential threats.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
pedrog
Legendary
Offline
Activity: 2786
Merit: 1031
|
|
August 22, 2013, 08:54:48 PM |
|
That's the worst traffic control policy I've ever heard of, many ISP's, like the one I use, use this, http://www.sandvine.com/ , it is able to shape traffic by protocol no matter what port you are using, I have to use a VPN to bypass traffic shaping.
|
|
|
|
cr1776
Legendary
Offline
Activity: 4200
Merit: 1312
|
|
August 22, 2013, 09:23:41 PM |
|
... works at an ISP provider ...
Did this person work in The Department of Redundancy Department? Seriously, the previous response had good suggestions. The ISP has to know that the technical minded can get around the block s for most or all protocols. This was interesting to hear about.
|
|
|
|
Buffer Overflow
Legendary
Offline
Activity: 1652
Merit: 1016
|
|
August 22, 2013, 09:43:39 PM |
|
The ISP has to know that the technical minded can get around the block s for most or all protocols.
Amusing we've been blocked here in UK from visiting Pirate Bay. Obviously our government hasn't heard about TOR.
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1724
|
|
August 22, 2013, 10:25:25 PM |
|
This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up.
How will this affect Bitcoin?
Is this a very small ISP?
|
Signature space available for rent.
|
|
|
TitanBTC
|
|
August 23, 2013, 06:35:53 AM |
|
Seems pretty unlikely, no? I've talked to employees at Boeing who have no idea how a plane flies. Maybe that's what's going on here?
|
|
|
|
Rampion
Legendary
Offline
Activity: 1148
Merit: 1018
|
|
August 23, 2013, 07:42:57 AM |
|
Only port 80? So no https, no FTP, no email... WTF? He was joking I guess.
|
|
|
|
MGUK
Member
Offline
Activity: 83
Merit: 10
|
|
August 23, 2013, 08:25:14 AM |
|
This seems quite hard to believe. There are so many Web based services that don't use port 80. Mail clients, flash streaming, messengers, HTTPS, login for most web control panels. That's what I use at least, so that's at least 5 - 10 ports for me, and I'd say that's pretty average web use. He told me that if someone wants to use any other port than port 80 he needs to call them and ask for permission to open X port up. If they do this, then they are going to have to have enough phone staff to handle several calls from every single client of theirs over the next few days. After the initial surge of calls, so long as people keep writing software which utilizes the web, they're going to have a constant stream of phone calls from angry customer because the favourite new IM doesn't work, or they can't skype their grandma in Scotland. Is there any evidence of any other ISPs doing this ever? I'd be intrigued to find to find out how they handle it. This person works at an ISP provider in South Africa, he told me that from morning to 8PM only traffic on port 80 is allowed, this is done to prevent torrenting. Who is "this person"? Some random drunk you met in a pub? Your best friend who you can confirm works for an ISP? I'm really surprised that everyone that has responded so far seems to have just accepted this is true. I suppose even if it's not true, it's still helpful/useful to consider how resilient Bitcoin would be if someone did actually choose to do it.
|
|
|
|
|