Is the ISP blocking traffic?

Posted on 2007-10-01
Last Modified: 2013-12-14
We provide an offsite backup service for our customers who are on support contracts.

All has been working fine, until last week when I noticed that one of the customer servers had not backed up for a number of days.

On further investigation I found that traffic between the customer server and the backup server was being blocked.

I can telnet both ways between servers using ports I know are open like smtp.  However, as soon as the backup client connects to the backup server on port 2774 and starts transferring data, ALL traffic between the two servers is blocked.  Cannot telnet either way.

If I wait 5 or 10 mins, the block is lifted - but again, as soon as the backup client connects to the server and starts transferring data, all traffic is blocked.

At the time of the block, I am able to reach both the customer server and backup server from other addresses.  And am also able to connect from these servers to external addresses.  Just can't connect between the two.

This particular customer's server had to transfer quite a large amount of data recently (around 10GB) - so I can only assume that the ISP (in this case BT) has noticed this and decided it looks a bit suspicious and blocked it.  I have called BT and tried to find out if a restriction has been placed on the line but if you've ever phoned BT support before you'll know I didn't get very far.

Have tried changing the MAC address of the customer router and changing the port number to 2775 - but that didn't work.

Tried changing the port number to one for a known service i.e. 1723 for PPTP.  This didn't work either.

There is a second server on the same ADSL line with a different static IP - this also uses the backup service but doesn't have any problems.

The only solution therefore seems to be to change the IP of the problem server.

What I'd like to know is - could this type of behaviour be caused by something other than an ISP block?
Question by:devon-lad
    LVL 7

    Accepted Solution

    You can check the fire-wall settings on both sites yours and your cutomer's.
    Make sure there isn't any kind of protection against communication flooding attacks.
    You can also define QOS rules on both fire-walls.
    If all of the above doesn't work, it must be your ISP that blocks your transactions
    LVL 1

    Author Comment

    It was the firewall on the customer side - don't know why I didn't spot the entries in the log before.

    TCP RESET scan attack detected from [backup server IP]

    Firewall hasn't changed and backup system software hasn't changed - so a bit odd why this problem has started.

    Going to try updating the firewall firmware.
    LVL 1

    Author Comment

    Upgrading the firmware has given an additional option to choose whether to block known sources of attacks.

    If I choose not to block, all works ok.

    I can live with this as there is another firewall between this unit and the DSL line which does block known sources of attacks - but it seems it's a bit better at spotting the valid communication from the backup server.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

        Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
    Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now