devon-lad
asked on
Is the ISP blocking traffic?
We provide an offsite backup service for our customers who are on support contracts.
All has been working fine, until last week when I noticed that one of the customer servers had not backed up for a number of days.
On further investigation I found that traffic between the customer server and the backup server was being blocked.
I can telnet both ways between servers using ports I know are open like smtp. However, as soon as the backup client connects to the backup server on port 2774 and starts transferring data, ALL traffic between the two servers is blocked. Cannot telnet either way.
If I wait 5 or 10 mins, the block is lifted - but again, as soon as the backup client connects to the server and starts transferring data, all traffic is blocked.
At the time of the block, I am able to reach both the customer server and backup server from other addresses. And am also able to connect from these servers to external addresses. Just can't connect between the two.
This particular customer's server had to transfer quite a large amount of data recently (around 10GB) - so I can only assume that the ISP (in this case BT) has noticed this and decided it looks a bit suspicious and blocked it. I have called BT and tried to find out if a restriction has been placed on the line but if you've ever phoned BT support before you'll know I didn't get very far.
Have tried changing the MAC address of the customer router and changing the port number to 2775 - but that didn't work.
Tried changing the port number to one for a known service i.e. 1723 for PPTP. This didn't work either.
There is a second server on the same ADSL line with a different static IP - this also uses the backup service but doesn't have any problems.
The only solution therefore seems to be to change the IP of the problem server.
What I'd like to know is - could this type of behaviour be caused by something other than an ISP block?
All has been working fine, until last week when I noticed that one of the customer servers had not backed up for a number of days.
On further investigation I found that traffic between the customer server and the backup server was being blocked.
I can telnet both ways between servers using ports I know are open like smtp. However, as soon as the backup client connects to the backup server on port 2774 and starts transferring data, ALL traffic between the two servers is blocked. Cannot telnet either way.
If I wait 5 or 10 mins, the block is lifted - but again, as soon as the backup client connects to the server and starts transferring data, all traffic is blocked.
At the time of the block, I am able to reach both the customer server and backup server from other addresses. And am also able to connect from these servers to external addresses. Just can't connect between the two.
This particular customer's server had to transfer quite a large amount of data recently (around 10GB) - so I can only assume that the ISP (in this case BT) has noticed this and decided it looks a bit suspicious and blocked it. I have called BT and tried to find out if a restriction has been placed on the line but if you've ever phoned BT support before you'll know I didn't get very far.
Have tried changing the MAC address of the customer router and changing the port number to 2775 - but that didn't work.
Tried changing the port number to one for a known service i.e. 1723 for PPTP. This didn't work either.
There is a second server on the same ADSL line with a different static IP - this also uses the backup service but doesn't have any problems.
The only solution therefore seems to be to change the IP of the problem server.
What I'd like to know is - could this type of behaviour be caused by something other than an ISP block?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Upgrading the firmware has given an additional option to choose whether to block known sources of attacks.
If I choose not to block, all works ok.
I can live with this as there is another firewall between this unit and the DSL line which does block known sources of attacks - but it seems it's a bit better at spotting the valid communication from the backup server.
If I choose not to block, all works ok.
I can live with this as there is another firewall between this unit and the DSL line which does block known sources of attacks - but it seems it's a bit better at spotting the valid communication from the backup server.
ASKER
TCP RESET scan attack detected from [backup server IP]
Firewall hasn't changed and backup system software hasn't changed - so a bit odd why this problem has started.
Going to try updating the firewall firmware.