03-12-2017 11:03 AM
I think something is blocking port 80 from
Source 107.77.xxx.xxx (my mobile phone on AT&T)
Destination 76.88.xxx.xxx (my web server at home on TWC)
The result I get on the phone is there is no response and eventual timeout.
The website is up and I can access it just fine from a browser on a PC from anywhere else I try.
When troubleshooting, I run tcpdump on port 80 on my server and no traffic is detected.
Some testing info...
However, from the *same* phone...
The problem seems pretty isolated to my phone service and my web server and port 80.
I have not tried forcing my cable modem to get a new IP address. It was last changed March 2016.
How can I find what is blocking access?
03-12-2017 04:48 PM
Don't use port 80, it's garbage to doi so and is a huge security risk as all hackers go after it first.
Next, You're running a server on TWC residential service?
Probably a violation of the contract, lol.
03-12-2017 05:19 PM - edited 03-12-2017 05:24 PM
Nobody with any internet experience would leave port 80 open and unfiltered. It's the most popular target for malware delivery to folks who don't turn on their router firewalls. Common substitute ports which have to be specifically opened for use are 1080, 2080, 8080, and 10080.
Also, since AT&T and TWC share some fiber transport hops, it's possible that port 80 is blocked at the IXP crossover points.
03-29-2017 07:51 PM - edited 03-29-2017 07:51 PM
I was able to gather more data.
First, I tried shutting off my cable modem for a day in an attempt to get a new IP address, but I got the same one again.
Second I was able to run tracepath on port 80 from my phone (see below). The packets are clearly making it into the TWC network. I know you can't always know which machine is the problem because not all servers will pass thru tracepath, but at least I can see that nothing prior to TWC is blocking or dropping my traffic.
But I'm not sure where to go from here. Is there any chance at all that TWC will have an explanation, even if by a miracle I can get to talk to the right person?
1: 10.155.215.210 0.458ms pmtu 1410
1: 172.21.82.86 53.753ms asymm 2
1: 172.21.82.54 78.753ms asymm 2
2: 172.21.64.194 63.861ms
3: 22.214.171.124 52.279ms
4: 126.96.36.199 78.965ms
5: 188.8.131.52 53.306ms
6: 184.108.40.206 62.616ms
7: 220.127.116.11 77.677ms asymm 9
8: ggr2.la2ca.ip.att.net 58.019ms
9: 18.104.22.168.ptr.us.xo.net 96.675ms
10: 22.214.171.124.ptr.us.xo.net 60.140ms asymm 13
11: 126.96.36.199.ptr.us.xo.net 54.384ms
12: 188.8.131.52 65.483ms
13: agg1.lsancarc01r.socal.rr.com 163.890ms
14: agg1.sndhcaax01r.socal.rr.com 49.454ms asymm 16
15: no reply
16: agg1.sndhcaam01m.socal.rr.com 110.785ms
17: no reply
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
Too many hops: pmtu 1410
Resume: pmtu 1410
03-30-2017 09:06 AM
Shutting off your modem won't get you a new IP address when it restarts. You would need a different modem with a different MAC to get a different public IP address.
As we said before, nobody with any recent internet security experience expects port 80 to be useable. Most corporate users block it at their gateway firewalls and proxy servers by default because of hackers propagating malware to uneducated internet users. That doesn't stop tracepath from reporting the data packet flow along the route, just keeps the payload from inflicting harm at the final destination.
Set up a translation from port 80 to an alternate port and see what happens. But do not expect anyone at TWC to authorize a systemwide unblock of port 80 on their network just for your rogue application.
03-30-2017 10:33 AM - edited 03-30-2017 10:34 AM
There is nothing “systemwide” about this issue, so I wouldn’t expect a systemwide unblock. As I noted, anyone else can reach this this server and I can reach any other website from my phone, so it seems like a very targeted block. But how do I find the right person who knows why it’s there or how to remove it? Maybe it’s impossible.
I am trying not to make this a discussion about security, but I really do not understand your point about port 80. I’m not running an “application”. It’s a web page and pretty much every web page in the known universe is on the standard http port, which is 80. There’s nothing “rogue” about it. And there’s nothing in the TWC Acceptable Use Policy that disallows it. If you’re really concerned about hackers, rest assured the server is running in a DMZ and the inner routers are locked up tight.
Thanks for your input.
03-30-2017 09:06 PM
Change to a different MFG of router.. That will usually get you a different public IP.
That is provided that you have a modem only or a combo in bridged mode doing the coax to ethernet connection.