ISP's Protecting you From Yourself at the cost of basic functionality?

With the volume of troublesome traffic bouncing around the web, many ISP's have taken the steel barrier approach to securing their networks and those of their customers. Some argue that measures such as blocking ICMP or in/outbound port 25 TCP traffic eliminates much needed functionality. -

In the hopes of blocking spam, more and more ISP's are turning toward blocking either inbound or outbound port 25/tcp traffic, which is utilized by the SMTP protocol for sending mail. Comcast, Cox, Earthlink and many other major providers now block outgoing port 25 traffic (though sometimes on a region by region basis). By forcing residential customers to only send mail via ISP mail-servers, companies can keep a lid on the volume of mass-mailing originating from their residential customers (either intentionally or due to infection).

Other ISP's take that tactic a bit further, blocking inbound port 25 traffic. Some claim this less common tactic is usually done to prevent users from running a mail server; forcing them to upgrade to a more substantive business account for the privilege. The ISP's themselves suggest that's often the general consensus, but blocking inbound port 25 traffic really helps them keep inadvertent open relays to a minimum, and therefore off of blacklists.

Aside from the port 25 debate, some ISP's have turned to blocking various flavors of ICMP (Internet Control Message Protocol) traffic - another ongoing debate that has been reheated thanks to recent activity by MyDoom and its variants. The practice became particularly more common after the Nachia/Welchia outbreak.

ICMP, a sister of the UDP and TCP protocols, is an error reporting and management protocol. As an integral part of IP and the internet itself, the protocol is utilized to exchange error, diagnostic, and control information among cooperating networked systems.

Each ICMP message has a "type" which indicates its purpose, and - for instance - the familiar "ping" utility sends an ECHO_REQUEST packet and looks for the ECHO_REPLY response from the other end. By measuring the time difference between the two, it knows your round-trip time.

Depending on which ICMP message types an ISP blocks, users can find various basic monitoring functionality impaired. The tactic is often employed by ISP's to reduce the bandwidth impact of worms or hackers utilizing ICMP "Smurfs", pings of death, ICMP flood or Nuke attacks. Cable and shared networks are particularly susceptible, since such messages are transferred to every member of the network. By blocking ICMP echo request/reply traffic, the bandwidth load and impact of so-called "ARP storms" are minimized.

The decision to block ICMP traffic is often un-noticed by less experienced users, but is a growing topic of debate among those who utilize the protocol for various reasons. RCN users discovered their provider was doing it last month, with technicians not exactly quick to admit it. It was likewise a hot topic of debate among Optimum On-line users last fall.

Another round of debate over the practice has broken out among Adelphia users, who've been waiting for ICMP functionality to be restored for quite some time. Users have found alternatives to direct pings, but there are ongoing complaints that the filtering of such traffic eliminates basic internet functionality. One user gripes "After 4+ years I'm tired of the endless struggle and being told everything I want to do is unreasonable for one reason or another."