[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 699
  • Last Modified:

do cable companies block port 1723?

Hi, I have multiple remote users, and more and more of the Cable users (comcast, adelpia) are unable to connect.  I worked with many of the users and it seems we have shut off all of there software firewalls, and I can't see any blocking at the router appliance.   one of these clients changed over to dsl, and was able to connect (vpn) right after with no other configuration nessissary.

now, when i have them run a port checker on port 1723 (pptp, what the vpn uses) it comes back with the following info

Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
 
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
   
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

if you need to know the port scanner Ill post it.  the cable companies say they dont block that port, but I dont think Im talking to anything past tier 1 support, so they seem to deny everything.  I just want an awnser so i can tell the clients a hard answer.

thanks and any help is greatly appreciated.

Dan
0
pcavenue
Asked:
pcavenue
  • 4
  • 4
  • 3
  • +1
1 Solution
 
xrokCommented:
Lots a new cable modem now has built on router and it may come in with same subnet.
I would check on that first
Also that depned on how your VPN is setup.
Can you give us little more in Subnet Configuration and what is use for PPTP Server.

0
 
Carlo-GiulianiCommented:
I know that some ISPs (the technology - cable or DSL is not the issue) deliberately block VPN-related protocols on "retail" connections in order to force corporate clients to use a more expensive "professional" services.  But, if that is your problem, they should confess when you call support.  After all, you won't buy the more expensive service if they don't tell you about it!

It could also be a function of the modem/router device....but that seems less likely.  
0
 
srikrishnakCommented:
Not likely unless the cable guys want to loose bucks....I suspect more on the cable modems or the settings on the end machine....
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
pcavenueAuthor Commented:
Thanks guys.

Xrok, the modem is a typical cable modem deal with no router on it.  the user in this case is using a linksys (dont know model) as his fire/router/nat box.

the vpn used at this client is the mighty Linksys RV042.  the clients connect using Linksys's QuickVPN client software (good stuff), but other situations just like this I have used Snapgear's  (now cyberguard) VPN (pptp servers) boxes as seen below.

http://www.cyberguard.com/products/firewall/SG_Family/SG530.html?lang=de_EN

the big thing is how we can see that port 1723 is blocked at the client side.  I plan on taking my laptop to my friends house who has a cable connection, that way I can play with it a bit.
0
 
Carlo-GiulianiCommented:
I will be very curious to know what you find out.  It's not easy to find info about what ISPs block what ports, but they all do it for a variety of reasons.
0
 
srikrishnakCommented:
Well..Probably you can run a online scan using nmap or Nessus...it will give you the values...But if i understood correctly n the user is using LinkSys router, then it could be the culprit..Most of the linksys models have a option to set port forwarding under the option "Application & Gaming"...Probably you may want to have a look..
0
 
pcavenueAuthor Commented:
Srikrishnak - I did look, and the "allow pptp passthrough" was enabled on the linksys. this is something that im famaliar with searching out.  I could try forwarding the port 1723 to the computer address, but I dont think this is needed, but ill try.

I didnt go to the cable friend yet, but ill try tommorow.

thanks again for sticking with me.
0
 
srikrishnakCommented:
sure..no probs...my answers will be a bit delayed due to the time diff...;) hope doesnt cause any inconvenience..
0
 
xrokCommented:
I really don't see why you have to open any ports on client side.
Since it was working with DSL, I would think it is in cable ISP Side.
0
 
pcavenueAuthor Commented:
Xrok, yes your right, but since the ISP cable company states that they dont block any ports, I feel like I need an awnser, becides checking it is a quickie.

Another wierd thing to me is, i had one of these blocked home clients using a blocked setup, but I was able to created a vpn connection between his router (behind adelphias router) and the main office.  it seems as if they were blocking ports, I wouldnt be able to do this either, unless router to router vpn's use diffrent ports.
0
 
xrokCommented:
Can You access Cable Modem to config.
Ask you cable ISP to look at modem configuration


0
 
pcavenueAuthor Commented:
Well, there was nothing blocking in the router, and I could not connect on my laptop that connects every where else.  

Xrok - the modem is there, do you mean login tinto the modem?  I hadnt thought about that.  do you think the ports are blocked at the modem? is that possible?

0
 
srikrishnakCommented:
Hmm....mostly the cable modems wont give the config options to the user..anyway check with your ISP n you may find something...
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 4
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now