Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 406
  • Last Modified:

Is the ISP blocking traffic?

We provide an offsite backup service for our customers who are on support contracts.

All has been working fine, until last week when I noticed that one of the customer servers had not backed up for a number of days.

On further investigation I found that traffic between the customer server and the backup server was being blocked.

I can telnet both ways between servers using ports I know are open like smtp.  However, as soon as the backup client connects to the backup server on port 2774 and starts transferring data, ALL traffic between the two servers is blocked.  Cannot telnet either way.

If I wait 5 or 10 mins, the block is lifted - but again, as soon as the backup client connects to the server and starts transferring data, all traffic is blocked.

At the time of the block, I am able to reach both the customer server and backup server from other addresses.  And am also able to connect from these servers to external addresses.  Just can't connect between the two.

This particular customer's server had to transfer quite a large amount of data recently (around 10GB) - so I can only assume that the ISP (in this case BT) has noticed this and decided it looks a bit suspicious and blocked it.  I have called BT and tried to find out if a restriction has been placed on the line but if you've ever phoned BT support before you'll know I didn't get very far.

Have tried changing the MAC address of the customer router and changing the port number to 2775 - but that didn't work.

Tried changing the port number to one for a known service i.e. 1723 for PPTP.  This didn't work either.

There is a second server on the same ADSL line with a different static IP - this also uses the backup service but doesn't have any problems.

The only solution therefore seems to be to change the IP of the problem server.

What I'd like to know is - could this type of behaviour be caused by something other than an ISP block?
  • 2
1 Solution
You can check the fire-wall settings on both sites yours and your cutomer's.
Make sure there isn't any kind of protection against communication flooding attacks.
You can also define QOS rules on both fire-walls.
If all of the above doesn't work, it must be your ISP that blocks your transactions
devon-ladAuthor Commented:
It was the firewall on the customer side - don't know why I didn't spot the entries in the log before.

TCP RESET scan attack detected from [backup server IP]

Firewall hasn't changed and backup system software hasn't changed - so a bit odd why this problem has started.

Going to try updating the firewall firmware.
devon-ladAuthor Commented:
Upgrading the firmware has given an additional option to choose whether to block known sources of attacks.

If I choose not to block, all works ok.

I can live with this as there is another firewall between this unit and the DSL line which does block known sources of attacks - but it seems it's a bit better at spotting the valid communication from the backup server.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now