Has anyone ever actually seen an ISP network that filters local traffic to other ISP endpoints? I'm not even sure why they would do that. DDOS almost always targets big things in the cloud so it would not help there.
Here (SoCal) traceroute to a host in the same local neighborhood is three hops.
Its only purpose is to force businesses up to business class. You might see it enforced if you ran a public for profit site from a consumer connection.
In any case the encrypted p2p protocols run by dapps (decentralized apps) are opaque, and these don't really qualify as servers because architecturally they are not client-server at all.
This. I am an ISP owner and we block popular ports used to run services by default. 99% doesn't care and their computer gets hacked or they get virus/malware and those malware starts running services and spamming the world and our IPs gets blacklisted (which is a huge headache) and now cloudflare's broken shit ip checker will automatically start blocking ips, and customers will start blaming us for it. Occasionally, 1 or 2 customers will ask to have email server port or web server port to be opened, we usually ask them to sign up for a business contract, which clearly states that you can run this kind of services and you are fully responsible for any negative consequences.
This is not about money. This is just good housekeeping. When I was in NY, I believe they TimeWarner and Verizon (or was it AT&T?) also used to do the same thing.
Thanks for responding with the ISP's point of view. My frustration came from just wanting to run a small Ghost blog on an odroid with, at most, hundreds of visitors per month, and hearing that this required a business contract. Of course, whether I want to do this for business or pleasure doesn't really matter if you're dealing with malware and being blacklisted.
At one time ISP's gave you a bit of space on a shared host for free as a courtesy, it would be nice if these days you could get the equivalent of a t2.micro. I know a few people (teenagers I'm related to mostly) who would like to mess around with programming and building web sites but for whom even a tiny cost is a barrier. As it is I throw a few bucks at nearlyfreespeech for them and it's good for a year, but I imagine plenty don't have that option.
I think there is a miss communication between consumers and internet providers. I think if the consumers were aware of how things are run in an ISP they will be more understanding and reasonable when facing a problem like not being able to host services yourself. From my part, I try to write about my struggles in running our ISP business <1>.
Another thing to consider why we can't easily allow our user to run services if we wanted to because most home users IPs are not static, and often your IP is shared by many users. IPv4 is running out, giving our user the ability to run service will also mean giving him a unique IP, which they will have to pay for it and because of the scarcity of unique IPv4s only business users are allowed to have them and business accounts cost money. We haven't moved to ipv6 yet, it will require some investment and overhauling some of our networks. Depending on your local law, you may actually have to have a business under your name, meaning you have to show business license papers, to get a business connectivity.
I know what you mean by having to run your own blog or services. I have done it myself and I have learned what I know today mostly due to me tinkering and optimizing apache and WordPress on the fly when it was on the homepage of Digg. It was such a rush and I have come a long way since those days, thanks to being able to host my blog on a time warner DSL line. This was in the early or mid-2000. But it was a different time, and things have changed a lot since then.
One of the reasons ISPs back then used to give you free email address and shared hosting, because they wanted to tie you down to their services. Specifically, if you used their email for a long time it would be difficult for you to leave it behind. But the landscape has changed since then, consumers are smarter and webmails are much better and free blog hosting are dime a dozen.
My advice to people who want to learn hosting services by doing it themselves on their own computer that, even though it can be a thrilling experience, hosting it remotely and configure/securing server from scratch can be an even better learning experience. And VPS hosting services like digital ocean can be very affordable.
There is a popular misconception that ISPs are a profitable business and they try to shaft the consumers at every opportunity they get. Maybe for the big players like Comcast, it is true, but the rest of us small and medium sized ISP its far from the truth. The complexity in running reliable services can be staggering, the equipment and licensing can be an astronomical investment (at least for us it's a large amount) and running the last mile and upkeep for it with 24/7 support are very expensive for us. BWs are not expensive, but equipment is. When we saturate our 10gbps port, moving to 40gbps or even 100gbps network (switches and routers) can be a mind-numbing expense. On top of it, we are taxed and need high license fees for all kinds of services. We really don't make a lot of money and you constantly have to spend on your infrastructure as you grow (fighting to get customers by lowering your cost, and hence your revenue and profit). You have to keep growing to stay relevant and reach that point you can connect more users with minimum costs without having to invest in growing your network. Reaching that point can take anywhere for 5 to 10 years, if not more.
Sorry for the rant, I just needed to get it out of my system. :)
I can attest to that, my previous ISP had explicitly stated that running web or other file server was not allowed - I'm not exactly sure if TOS was in violation of my consumer rights but the fact is that they could cut me off if I were going to set up a server... I mean even for personal use (it didn't say anything about running a server business)
> DDOS almost always targets big things in the cloud
That isn't true. Those are the ones that you'll hear about in the media but there are plenty of DDOS attacks on smaller sites both for extortion purposes and to force them offline.
There is a highlight point that many internet services are indeed asymmetrical. My Comcast service is 180/20 Mbps, down/up respectively. Even if you get Comcast's new gigabit service, you get 940 down, and 40 up. And many home ISPs prohibit you from serving a website at home, according to their terms of service.
It's pretty common to have outbound traffic to port 25 blocked as an anti-spambot measure. Sometimes you can call them and get them to remove the block, other times it's non-negotiable.
Most cloud servers do this too. Spam has basically destroyed smtp as an open federated protocol anyway. Network reachability is the least of the issues you'll face trying to run your own mail.
Lesson: any distributed or federated protocol that is not robust against abuse is doomed.
I blacklist 25 out except from our mail server. That's just basic common sense given some of the spyware. Users who need to send mail will use encrypted 465 or 587 anyway.
Has anyone ever actually seen an ISP network that filters local traffic to other ISP endpoints? I'm not even sure why they would do that. DDOS almost always targets big things in the cloud so it would not help there.
Here (SoCal) traceroute to a host in the same local neighborhood is three hops.