We help IT Professionals succeed at work.

Is the ISP blocking traffic?

526 Views
Last Modified: 2013-12-14
We provide an offsite backup service for our customers who are on support contracts.

All has been working fine, until last week when I noticed that one of the customer servers had not backed up for a number of days.

On further investigation I found that traffic between the customer server and the backup server was being blocked.

I can telnet both ways between servers using ports I know are open like smtp.  However, as soon as the backup client connects to the backup server on port 2774 and starts transferring data, ALL traffic between the two servers is blocked.  Cannot telnet either way.

If I wait 5 or 10 mins, the block is lifted - but again, as soon as the backup client connects to the server and starts transferring data, all traffic is blocked.

At the time of the block, I am able to reach both the customer server and backup server from other addresses.  And am also able to connect from these servers to external addresses.  Just can't connect between the two.

This particular customer's server had to transfer quite a large amount of data recently (around 10GB) - so I can only assume that the ISP (in this case BT) has noticed this and decided it looks a bit suspicious and blocked it.  I have called BT and tried to find out if a restriction has been placed on the line but if you've ever phoned BT support before you'll know I didn't get very far.

Have tried changing the MAC address of the customer router and changing the port number to 2775 - but that didn't work.

Tried changing the port number to one for a known service i.e. 1723 for PPTP.  This didn't work either.

There is a second server on the same ADSL line with a different static IP - this also uses the backup service but doesn't have any problems.

The only solution therefore seems to be to change the IP of the problem server.

What I'd like to know is - could this type of behaviour be caused by something other than an ISP block?
Comment
Watch Question

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
It was the firewall on the customer side - don't know why I didn't spot the entries in the log before.

TCP RESET scan attack detected from [backup server IP]

Firewall hasn't changed and backup system software hasn't changed - so a bit odd why this problem has started.

Going to try updating the firewall firmware.

Author

Commented:
Upgrading the firmware has given an additional option to choose whether to block known sources of attacks.

If I choose not to block, all works ok.

I can live with this as there is another firewall between this unit and the DSL line which does block known sources of attacks - but it seems it's a bit better at spotting the valid communication from the backup server.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.