The Latest Move in Cox's Arms Race
Thu Jul 3rd 2003, 12:44pm
The 5 years that I've used Cox as my ISP have been a constant arms race to outsmart their
increasingly annoying and restrictive network filters. They routinely put filters in
place to limit what home users can do from their machines, e.g. turning their PC into a
spamming powerstation, or setting up illicit web sites, etc. And for most cable modem
users these filters aren't a problem, and may even add some degree of protection, for
example from Code Red which targets IIS running on their Windows machines (possibly
without their knowledge).
But for me it's just annoying because I want to run a very modest web page (you're reading
it) and mail server from my network at home. Is that so wrong? :-) Well where there's a
will, there's a way.... :-) And thus my continuing crusade to find hacks and workarounds
to keep my machine alive and accessible from the net. Cox has tried to:
- Change my IP address via DHCP so frequently as to be unusable as a service machine.
Solved by delegating my kehlet.cx domain to dyndns.org
($30 for life) and running some scripts to notice and update my DNS records anytime my IP
changes. The time-to-live on my records is 1 minute so stale records go away very
quickly.
- Block incoming web requests (port 80) to prevent me from running a web server. I got
around this with some DNS trickery and a service that dyndns.org offers: www.kehlet.cx
actually resolves to a dyndns.org machine, which redirects people to the web server I have
running at www81.kehlet.cx (my real IP) on port 81. Did I mention dyndns.org was a good
deal?
- Block incoming SMTP requests (port 25) to prevent me from running a mail server. This
one was probably the most challenging of all, since SMTP and DNS don't have a way (no
standard way, at least) to specify or redirect traffic to an alternate port. I was able
to work around this by having a non-Cox friend (Matt) accept my mail from the net (i.e. my
MX records point to him) and then have him relay it to my mail server running on port 26.
Required hacking his sendmail config a tiny bit, and ends up being a little bit of
maintenance for him, but overall a pretty slick solution. And actually, this filter
routinely goes up and down--Cox can't seem to make up their mind if they want to actually
do this or not.
- Block outgoing SMTP requests (just added last week). Now this is annoying. At least
the workaround is easy enough: I set up my machine to stop attempting to deliver mail
directly; now it just hands all outgoing mail to the Cox mail relay for delivery. This
will work as long as they never start insisting that my From address ends in @cox.net.
And if they do, I'll just get Matt to accept mail from me on port 26 (or something) :-).
Some of you might say I should dump Cox, and switch to DSL, or get some co-lo space or
something. I would, except I actually get great download rates with Cox, far better than
I'd get for the same price with DSL, and I like having my scripts here at home where
they're easy to edit (and I don't have to depend on someone else's PHP or PostgreSQL
installation). Plus, DSL wasn't available to my house last time I checked, and at the
moment my employer is paying for this connection.
So bring it on, Cox!!!
On Wed Feb 25th 2004, 2:48pm, Steve Kehlet posted:
Solved by delegating my kehlet.cx domain to dyndns.org ($30 for
life)
Sadly, it's no longer $30 for life. It looks to be $25/year now, which
still seems like a reasonable deal. There may be better deals out there, I
haven't looked. See the
pricing table at
dyndns.org. They haven't ever billed me so I assume I'm grandfathered in.
On Thu Mar 1st 2007, 11:15am, Visitor posted:
I have the same battle. For SMTP to work, I use Cox's server for my
outgoing mail, and I use fetchmail to retrieve my mail from my cox pop3
account. My domains mail get to cox by having my registar forward my mail
to the cox pop3 server.
As far as the IP, I acutally have been using the same IP for years now.
Since thier network doesn't use pppoe and stanadard DHCP, there isn't a way
for cox to force dhcp.
I simply analyzed all the brodcasted traffic (arp requests and replies) and
put together a list of possible unused IP's and whoila.
On Thu Oct 22nd 2009, 10:45pm, Visitor posted:
Hi!
I am a Cox customer in the same boat...
When you say:
==============================
I got around this with some DNS trickery and a service that dyndns.org
offers: www.kehlet.cx actually resolves to a dyndns.org machine, which
redirects people to the web server I have running at www81.kehlet.cx (my
real IP) on port 81
============================
Does ability to specify a port requires to be a paid member?
I am only testing at this point and set up like you my.domain.org then
my81.domain.org but I don't see where to specify the redirect on
my.domain.org nor where to specify the use of port 81 on
my81.domain.org?
Could you provide more detail on the trickery?
Thanks a lot, Deve
On Thu Oct 22nd 2009, 10:46pm, Visitor posted:
Hi!
I am a Cox customer in the same boat...
When you say:
==============================
I got around this with some DNS trickery and a service that dyndns.org
offers: www.kehlet.cx actually resolves to a dyndns.org machine, which
redirects people to the web server I have running at www81.kehlet.cx (my
real IP) on port 81
============================
Does ability to specify a port requires to be a paid member?
I am only testing at this point and set up like you my.domain.org then
my81.domain.org but I don't see where to specify the redirect on
my.domain.org nor where to specify the use of port 81 on
my81.domain.org?
Could you provide more detail on the trickery?
Thanks a lot, Deve
On Thu Oct 22nd 2009, 10:46pm, Visitor posted:
Hi!
I am a Cox customer in the same boat...
When you say:
==============================
I got around this with some DNS trickery and a service that dyndns.org
offers: www.kehlet.cx actually resolves to a dyndns.org machine, which
redirects people to the web server I have running at www81.kehlet.cx (my
real IP) on port 81
============================
Does ability to specify a port requires to be a paid member?
I am only testing at this point and set up like you my.domain.org then
my81.domain.org but I don't see where to specify the redirect on
my.domain.org nor where to specify the use of port 81 on
my81.domain.org?
Could you provide more detail on the trickery?
Thanks a lot, Deve
On Thu Oct 28th 2010, 6:10am, Visitor posted:
dyndns.org appears to be a hell of a deal.SSL for 99$ a year!You can't beat
that.
