Will Bitcoin work if my ISP blocks outgoing port 8333?

[Mahkul]

Like in the subject line. Anyone tried?

[1713558631]

1713558631

[1713558631]

1713558631

[1713558631]

1713558631

[1713558631]

1713558631

[1713558631]

1713558631

[Matt Corallo]

You can use my patched branch and the -port option (Gavin's port branch), you won't get many incoming connections (if any) and outgoing connections might be a bit more difficult, but in theory it should work.

[Hal]

Does your ISP also block incoming port 8333?

[theymos]

It probably won't work if your ISP blocks destination port 8333, but you can use Tor to get around that.

[snedie]

Wow you actually have an ISP that blocks ports....you know that is against the privacy act right? (Blocking a port that has no illegal activity associated to it is classed as an intrusion into your private activities).

Anyway, going on the assumption that your not actually trying to run bitcoin at your company/school network then the simple answer is no. You could try running some sort of port address translation, but if your ISP blocks port 8333 on the outbound TCP connection (As in, the destination port number of 8333) then you don't stand a chance of connecting to a public pool*

*You could quite easily run your own pool on a different port that is allowed.

[Luke-Jr]

Wow you actually have an ISP that blocks ports....you know that is against the privacy act right? (Blocking a port that has no illegal activity associated to it is classed as an intrusion into your private activities).

What privacy act?

[snedie]

Wow you actually have an ISP that blocks ports....you know that is against the privacy act right? (Blocking a port that has no illegal activity associated to it is classed as an intrusion into your private activities).

What privacy act?

THE privacy act: http://en.wikipedia.org/wiki/Privacy_Act_of_1974

I had my ISP remove a DNS redirection system they put in place to detect unknown addresses and redirect it to their own search engine: I threatened to sue them for breaching of the privacy act and the data protection act and within two weeks the system was taken off-line.

Your ISP can only block, intercept, redirect, monitor, analyse or share you data/information with the direct intervention of a court order or your consent. They can also do this without a court order if they suspect you to be committing some kind of a crime, but they must be able to justify this first if they don't want to risk a law suit. A good example of when this occurs is with torrents (And other peer-peer systems such as limewire), almost every ISP on the planet performs some kind of alteration to traffic using peer-peer ports (and protocols): In most cases this is simple traffic flow management, and they just make the download/upload speeds so slow it isn't worth the time. Others will log all these activities (I can provide a video showing this) and the data is used to land your ass in a jail.

So long story short, unless your ISP has an explicit reason to be blocking those ports they are breaking the law. Now if you are trying to run bitcoin at your work, then they have every right to block those ports and they do so to stop rouge applications using their network: an organisation can actually be fined if stuff like spam mail or viruses emanates from their network.

[Luke-Jr]

Ever hear of jurisdiction? Not everyone lives in the US.

[snedie]

Ever hear of jurisdiction? Not everyone lives in the US.

The data protection act is still applicable in most nations: http://www.legislation.gov.uk/ukpga/1998/29/contents

[MoonShadow]

Like in the subject line. Anyone tried?

Yes I have, and the answer is yes, sort of.  Based on the assumption that your ISP is blocking incoming connections, presumedly for your own protection;  you must start the client with a command line flag to tell it to connect to a known node.  It should be able to connect to that node explicitly, but other nodes will not be able to connect to you.  You will be hamstrung, and mining would be futile, but sending and receiving coins will work, slowly.  Initial bootstrapping across one connected node can take as long as a day.  And if it drops off the Internet, well you're going to have to start all over.

Another alternative is to port forward over SSH, or use Tor.  Either method is just a work-around, is not simple, and incrediblely slow.

EDIT:  I just re-read the title, and feel kinda silly.  How do you know that they block 8333 outgoing connections?  That is very unsual, unless you are trying to do it over an employer's network, or a university's.

[MoonShadow]

Wow you actually have an ISP that blocks ports....you know that is against the privacy act right? (Blocking a port that has no illegal activity associated to it is classed as an intrusion into your private activities).

That's not true.  ISP's block ports all the time, but usually incoming ports, or ports of known worms; for security reasons.  It would be a violation of the privacy act to redirect your datagrams without your consent, but that does not seem to be the case here.

[MoonShadow]

Have you tried calling your ISP and asking them to unblock port 8333 for your machine, or simply asking them why it is done?

[snedie]

Have you tried calling your ISP and asking them to unblock port 8333 for your machine, or simply asking them why it is done?

I work for a level 3 ISP, and we never block ports unless we get demanded to with a court order. And virus transmission is not the concern of any ISP, but rather just protecting their own equipment. What we do run is systems such as Cisco MARS, which is capable of detecting floods, attacks, viruses etc. and reconfigure any device(s) on the fly to prevent "any" form of attack from evolving.

What does happen is policy based routing and filtering to ensure that external traffic can never directly or indirectly communicate with internal devices without explicit permisions, this ensures that even if an attack should emanate from one of our customers the rest of our network remains unaffected.

[snedie]

Have you tried calling your ISP and asking them to unblock port 8333 for your machine, or simply asking them why it is done?

If you do this and they give you an answer post it up here, I would like to see what reason they have.

[MoonShadow]

Have you tried calling your ISP and asking them to unblock port 8333 for your machine, or simply asking them why it is done?

If you do this and they give you an answer post it up here, I would like to see what reason they have.

If they are using an automated system to dynamicly block ports, as has been suggested, but don't take the time to check the system, it's possible that Bitcoin looks like a botnet or worm to such a system that is otherwise unaware of Bitcoin.

[snedie]

Have you tried calling your ISP and asking them to unblock port 8333 for your machine, or simply asking them why it is done?

If you do this and they give you an answer post it up here, I would like to see what reason they have.

If they are using an automated system to dynamicly block ports, as has been suggested, but don't take the time to check the system, it's possible that Bitcoin looks like a botnet or worm to such a system that is otherwise unaware of Bitcoin.

Our systems use strict filters for detecting dangerous streams of data in the following manner: Admin defined>System Defined (As in specified by the proprietary updates)>Hueristic scanning

This model allows us to first off allow or deny anything we wish (Doesn't even have to be all that specific, and can be such things as how a connection was formed), then for the system to scan TCP/UDP streams/packets (and frames for layer 2 connections) automatically for anything that matches a predefined criteria, and lastly to pick up and alert us to anything that appears dangerous or out of the normal (say a company that sends 8k emails a day now sends 400k) and for us to then set a parameter to stop this activity.

The system(s) in question that picks up something on the heuristic based scanner is also capable of completely choosing and action to perform itself, and then to notify us: So for instance if it picks up a connection/user/account that has created a TCP stream that contains suspicious data it can block any TCP streams from forming that contain that data after the first packet has traversed the scanner (So in less than <0.1ms).

It really is clever stuff and if it is doing its job properly no one should even know it's there (Even when it buggers up we never tell customers about it and just put it down to "Device Failure". But if the OP is actually on an ISP that is blocking ports to ALL users for no good reason (And not actually trying to run a miner at his work place as I suspect) then chances are they cannot afford a system like the Cisco MARS and must resort to manual intervention: Only thing I can think of that would do this is a very small local wireless ISP in a village with no more than 300 users.

[error]

Probably has something to do with Bitcoin starting up an IRC connection, especially on an unexpected port. Looks a lot like a botnet to such tools as those.