Just fishing for some opinions on this subject.

I recently installed a webserver on my box without realising that my dsl ISP has a policy of blocking incoming attempts to access port 80. So I did what a lot of people do and worked around it by using a different port for apache to bind to. It works even if my DNS is a little more messy.

I don't feel too good about it since I probably signed a contract with the ISP agreeing not to do it, but I have a couple of questions before I look into getting a static IP.

1. Is there any reason for an ISP to block port access other than to try to force the consumer to upgrade their connection?

2. Is it legally sound for an ISP to ask for this in the contract? - ie are there good grounds for fighting a legal case to try to stop an ISP from blocking access to certain ports, something along the lines of 'hey, I bought the bandwidth and I'll do with it what I like, so long as there's no harm to anyone else'?

Cheers

In answer to question 1: One reason is that a lot of people run a web server without any understanding of how to secure it or even how to monitor it. ISPs blocking port 80 can stop some of the worms that look for vulnerable web servers from spreading to their customers.

I'm no lawyer so I can't answer question 2. My ISP gives me the option (at no charge) of blocking or allowing ports like 80 & 25. Since I choose to unblock them, it's my responsibility what happens to my PC.

If you are blocking port 80 as your contract requires you
to do then I see no reason why you should worry about
this. Your contract doesn't require not to listen for
incoming connections on other ports so I don't see any
reason for you to be concerned (ethically or legally).

The breach of contract is nothing to do with port 80 really, other than the fact that that's the port that's usually associated with http.
Some ISP's (my own included) have a clause in their contract forbidding the customer to use their connection for the purpose of web servers, file servers etc. I think the port used is irrelevant in this case.

I don't understand the worms argument too well. Sure it would be nice to have fewer worms on the internet, but what is the percentage of overall damage insecure home webservers incur to the internet community at large compared, say, to the damage caused by the many people who run insecure connections generally, without any routers and with crappy (or no) firewalls? Perhaps we should advocate disconnecting these people's services on the grounds of improved general security (I wouldn't be totally against this btw).

And in any case, a $100 static IP connection with webserver can be much less secure than a $30 dynamic connection with webserver, if the $100 connection has a poor network adminstrator as its weak link.
I think that the main motive for ISP's attempts to block webserver traffic on less expensive broadband services is probably financial.

Aren't we talking about the same thing here? At least the same result but with different motivations?

The cost of web servers infected by worms is part of the overall damage that insecure web servers incur to the community at large. Doesn't disconnecting these people have no more benefit than if they couldn't run the service in the first place because the port was blocked?

I'm sure that ISPs are happy that they get a financial benefit out of charging more for allowing access to blocked ports. But it does have a deterrent value - a lot of people aren't able (can't afford) to run a web server (or more accurately, a malware farm) and I'm very happy about that.

1) There is a number of reasons why ISP's block this port. One is as mentioned in a previous thread, to make their network less vulnerable to worms. Another is to prevent any impacts on their service offered to their customer base. Ie it wouldn't be fair that an insecure web server caused problems with my connection for example.

2) I am no lawyer but the reason they can and do block this port is to protect the service they offer (maybe sometimes to make you upgrade). If your contract makes no mention of running this service on another port then it may be safe to do this but personally, I would upgrade or go with an ISP who allows port 80.

Well those are my thoughts

From my ToS contract:

Taking the statement literally, presumably this would also mean that technically I shouldn't run programs such as emule and skype or anthing else which serves files or content? This begs the question - why do I have 768 kb/s of generally unusable upload bandwidth?


Anyway, we're not short of ISP's around here, I'll check out my options.

Cheers

Well the upload bandwidth you had would be good for Web Cams, and speaking via a mic over the internet. It would also be good for playing online games.

Still I think it does suck a little that you can't run a webserver or even server for that matter.

Definately time to switch to a different provider.