

RCN blocking inbound SSH after allowing it for many years - jik
http://blog.kamens.us/2014/10/21/dear-rcn-please-stop-blocking-ports-and-lying-to-customers-about-it/

======
nextw33k
From the linked page the list of blocked items was:

Cablemodem Side - blocked Port 80 inbound (unless customer has Static IP) WWW
/ HTTP Service Prevents customers from running a WWW server Port 25 outbound
(unless destination is smtp.rcn.com) SMTP Mail Service Prevents customers from
using outbound e-mail servers other than smtp.rcn.com Static IP subscribers
are not effected by this restriction and may use any SMTP server they wish.
Port 135 RPC DCE endpoint resolution Prevent attacks via this port. Port 137
NETBIOS Name Service Prevents attacks via this port. Port 138 NETBIOS Datagram
Service Prevent attacks via this port. Port 139 NETBIOS Session Service
Prevent attacks via this port. Port 445 Server Message Block (SMB) over TCP/IP
for file sharing Port is a security risk to customers if it is open. Port 1900
uPNP port used mostly in LAN situations Port may be a security risk to
customers if it is open. Port 21 FTP Permits customers to use FTP Port 22 SSH
Permits customers to use SSH Port 23 Telnet Permits customers to use Telnet
Cablemodem Side - not blocked Service on this port Customer impact Port 135
RPC DCE endpoint resolution This port is a security risk to customers if it is
open. Port 445 Server Message Block (SMB) over TCP/IP for file sharing This
port is a security risk to customers if it is open. Port 4444 Kerberos 5 to 4
ticket xlator | NV Video default This port is a security risk to customers if
it is open.

I see no reason for these other than for their own commercial interest: FTP,
SSH and HTTP.

The rest, even port 25 I would accept. Email needs to be tied down, nobody
should be dealing with the hassle of running their own email server at home.

