SagoNet warning / FYI

Drew Van Zandt drew.vanzandt at gmail.com
Mon Sep 5 16:10:01 EDT 2005


their reply to my complaint:
The ports that we block are known to be used for proxy traffic,
virus/worm traffic, and other known Internet vulnerabilities. Our list
changes very often when we find new exploits and such so any list we
give you today, could change tomorrow. This is done for the protection
of our network as well as our customers. We apologize for the
inconvenience this may have caused you, however please understand the
overall benefit. If you have any questions, please let us know. Thank
you for your understanding. Have a great day.

---
IP Engineering
Sago Networks

On 9/5/05, Christopher Schmidt <crschmidt at crschmidt.net> wrote:
> On Mon, Sep 05, 2005 at 03:23:56PM -0400, Drew Van Zandt wrote:
> > Hi all,
> 
> > >Hello,
> > >
> > >Our abuse department has found historically this port among many
> > others has been used for illicit traffic.  At this time we are unable
> > to complete your request as such you will need to reconfigure your
> > application to use an alternate port.
> > >
> > >Let us know if you need anything else,
> > >Chris Davis
> > >Sago Tech Support
> > >
> >
> > Note that they DO NOT MENTION THIS in their documentation that I was
> > able to find; I don't know what other ports they may have randomly
> > decided are verboten, and I'm not too keen on finding out the hard
> > way.
> 
> Agreed. I ran into this same problem recently (LiveJournal's latest
> updates are provided as a stream from port 8081): it was most certainly
> *not* the case approximately 2-3 weeks ago: it is a recent change.
> 
> I'm not really sure what I can do about this from my point of view: Up
> until now, I'd been pretty happy with them other than a minor incident
> due to a badly placed server leading to consistent overheating and
> restarts over a two day period. However, they helped me resolve that one
> relatively quickly: this one is something I can't change, and is all in
> all a pretty dumb way of doing things.
> 
> For the record, the way I found out about this being deliberate was via
> a tcpdump: If you try to connect, a couple seconds after the disconnect
> (when attempting to connect via telnet, for example) there is an ICMP
> reply:
> 
> 15:42:54.901147 IP fa10-24.as12.tpa.sagonet.net > athena.crschmidt.net:
> icmp 36: host 216.239.57.99 unreachable - admin prohibited filter
> 
> I'm still pretty upset about this: this server is what I use for almost
> all my work and I had to switch to a different machine for something I'm
> working on simply because of this restriction.
> 
> --
> Christopher Schmidt
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
> 
> iD4DBQFDHKAdqjCpmKHia1gRAm9GAJ9hPTj/7bqxioPvTk1XyfHJuxiTKgCY5/xL
> NbR0R//4aac/+QL1QPwkeg==
> =flIs
> -----END PGP SIGNATURE-----
> 
> 
> 


-- 
Drew Van Zandt



More information about the gnhlug-discuss mailing list