The Latest Move in Cox's Arms Race
Thu Jul 3rd 2003, 12:44pm
The 5 years that I've used Cox as my ISP have been a constant arms race to outsmart their increasingly annoying and restrictive network filters. They routinely put filters in place to limit what home users can do from their machines, e.g. turning their PC into a spamming powerstation, or setting up illicit web sites, etc. And for most cable modem users these filters aren't a problem, and may even add some degree of protection, for example from Code Red which targets IIS running on their Windows machines (possibly without their knowledge).

But for me it's just annoying because I want to run a very modest web page (you're reading it) and mail server from my network at home. Is that so wrong? :-) Well where there's a will, there's a way.... :-) And thus my continuing crusade to find hacks and workarounds to keep my machine alive and accessible from the net. Cox has tried to:
  • Change my IP address via DHCP so frequently as to be unusable as a service machine. Solved by delegating my kehlet.cx domain to dyndns.org ($30 for life) and running some scripts to notice and update my DNS records anytime my IP changes. The time-to-live on my records is 1 minute so stale records go away very quickly.
  • Block incoming web requests (port 80) to prevent me from running a web server. I got around this with some DNS trickery and a service that dyndns.org offers: www.kehlet.cx actually resolves to a dyndns.org machine, which redirects people to the web server I have running at www81.kehlet.cx (my real IP) on port 81. Did I mention dyndns.org was a good deal?
  • Block incoming SMTP requests (port 25) to prevent me from running a mail server. This one was probably the most challenging of all, since SMTP and DNS don't have a way (no standard way, at least) to specify or redirect traffic to an alternate port. I was able to work around this by having a non-Cox friend (Matt) accept my mail from the net (i.e. my MX records point to him) and then have him relay it to my mail server running on port 26. Required hacking his sendmail config a tiny bit, and ends up being a little bit of maintenance for him, but overall a pretty slick solution. And actually, this filter routinely goes up and down--Cox can't seem to make up their mind if they want to actually do this or not.
  • Block outgoing SMTP requests (just added last week). Now this is annoying. At least the workaround is easy enough: I set up my machine to stop attempting to deliver mail directly; now it just hands all outgoing mail to the Cox mail relay for delivery. This will work as long as they never start insisting that my From address ends in @cox.net. And if they do, I'll just get Matt to accept mail from me on port 26 (or something) :-).
Some of you might say I should dump Cox, and switch to DSL, or get some co-lo space or something. I would, except I actually get great download rates with Cox, far better than I'd get for the same price with DSL, and I like having my scripts here at home where they're easy to edit (and I don't have to depend on someone else's PHP or PostgreSQL installation). Plus, DSL wasn't available to my house last time I checked, and at the moment my employer is paying for this connection.

So bring it on, Cox!!!



Visitor comments
On Wed Feb 25th 2004, 2:48pm, Steve Kehlet posted:
Solved by delegating my kehlet.cx domain to dyndns.org ($30 for life)

Sadly, it's no longer $30 for life. It looks to be $25/year now, which still seems like a reasonable deal. There may be better deals out there, I haven't looked. See the pricing table at dyndns.org. They haven't ever billed me so I assume I'm grandfathered in.


On Thu Mar 1st 2007, 11:15am, Visitor posted:
I have the same battle. For SMTP to work, I use Cox's server for my outgoing mail, and I use fetchmail to retrieve my mail from my cox pop3 account. My domains mail get to cox by having my registar forward my mail to the cox pop3 server.

As far as the IP, I acutally have been using the same IP for years now. Since thier network doesn't use pppoe and stanadard DHCP, there isn't a way for cox to force dhcp.
I simply analyzed all the brodcasted traffic (arp requests and replies) and put together a list of possible unused IP's and whoila.


On Thu Oct 22nd 2009, 10:45pm, Visitor posted:
Hi!
I am a Cox customer in the same boat...

When you say:
==============================
I got around this with some DNS trickery and a service that dyndns.org offers: www.kehlet.cx actually resolves to a dyndns.org machine, which redirects people to the web server I have running at www81.kehlet.cx (my real IP) on port 81
============================
Does ability to specify a port requires to be a paid member?
I am only testing at this point and set up like you my.domain.org then my81.domain.org but I don't see where to specify the redirect on my.domain.org nor where to specify the use of port 81 on my81.domain.org?
Could you provide more detail on the trickery?
Thanks a lot, Deve


On Thu Oct 22nd 2009, 10:46pm, Visitor posted:
Hi!
I am a Cox customer in the same boat...

When you say:
==============================
I got around this with some DNS trickery and a service that dyndns.org offers: www.kehlet.cx actually resolves to a dyndns.org machine, which redirects people to the web server I have running at www81.kehlet.cx (my real IP) on port 81
============================
Does ability to specify a port requires to be a paid member?
I am only testing at this point and set up like you my.domain.org then my81.domain.org but I don't see where to specify the redirect on my.domain.org nor where to specify the use of port 81 on my81.domain.org?
Could you provide more detail on the trickery?
Thanks a lot, Deve


On Thu Oct 22nd 2009, 10:46pm, Visitor posted:
Hi!
I am a Cox customer in the same boat...

When you say:
==============================
I got around this with some DNS trickery and a service that dyndns.org offers: www.kehlet.cx actually resolves to a dyndns.org machine, which redirects people to the web server I have running at www81.kehlet.cx (my real IP) on port 81
============================
Does ability to specify a port requires to be a paid member?
I am only testing at this point and set up like you my.domain.org then my81.domain.org but I don't see where to specify the redirect on my.domain.org nor where to specify the use of port 81 on my81.domain.org?
Could you provide more detail on the trickery?
Thanks a lot, Deve


On Thu Oct 28th 2010, 6:10am, Visitor posted:
dyndns.org appears to be a hell of a deal.SSL for 99$ a year!You can't beat that.