[bitcoin-dev] AT&T has effectively banned Bitcoin nodes via utilizing private subnets.

[hurricanewarn1 at aol.com]

 I was about to buy a VPS for Bitcoin, but I really do need Bitcoin Core for business reasons so I didn't give up. I once again thoroughly went through my computer and made sure there was nothing blocking 8333, a couple useful tools are CurrPorts and TCPView. I went through the router to make sure there was no block of port 8333. I researched everything thoroughly and was sure these were the right settings, but Bitcoin was still getting throttled every second and stuck in sys_sent, and python kept saying the target was rejecting the connection.

I finally stumbled upon subnet settings, and saw that I had a private subnet, one of the few IPs that are private on earth ( https://www.arin.net/knowledge/address_filters.html ). Uverse put all their customers on a private subnet by default. This made my computer not only hidden but unroutable for any computer on the Bitcoin network. That alone is enough to totally stop Bitcoin connections on any port, but they made it even crazier by generating a dynamic IP that changes all the time, so public IP was meaningless for my computer. 

I switched over to a public subnet, and right there was a checkbox to allow incoming connections. My static IP showed for a minute then became dynamic/hidden again without me even touching anything. The final roadblock was AT&T charges $15-30/month for a public static IP, which is obviously insane and actually one could argue that violates their own terms of service. So the router was still ignoring my public IP settings simply because I wasn't paying for a public IP, and intentionally changing the settings back. I asked for a free public IP and there was no response for awhile.

I found this article on cryptocoinnews while working out: https://www.cryptocoinsnews.com/isps-intentionally-blocking-bitcoin/ It's based on the first email I sent, and was displayed prominently on their front page. I posted a tweet publicly about it which referenced AT&T ( https://twitter.com/turtlehurricane/status/638930065980551168 ) and believe it or not I had a static public IP and port 8333 was open about 1 minute later. I don't know if it was a coincidence cause I already messaged them to please do that an hour before, or if that article and tweet spurred them to action. The timing was so ridiculous I think it's the latter. Without twitter I probably wouldn't have succeeded, the technicians on twitter actually answered all my questions 24/7 unlike phone technicians which were clueless and trying to sell me a subscription for connection services help. And shout out to cryptocoinnews for making this public. 

So to clarify, it appears AT&T has not blocked port 8333 itself, but rather effectively blocked all ports via the private subnet, which makes the computer hidden and unroutable for incoming peers. Although this severely limits functionality and cripples the ability to run a full node and many other programs it is understandable, since it just about 100% prevents hackers from getting in, since they can't even see your computer. What isn't understandable is that AT&T technicians did not inform me about this until I changed the settings myself, despite the fact it is a very obvious cause of ports being blocked. It's probably just ignorance since AT&T has so many complex network settings it's hard to keep track of, although I have a suspicion that someone in their command chain is withholding information in an attempt to make them buy a $15/month connection service, and once they buy that another $15-30/month is needed to get the static IP.

As far as I know there is no easy to find info on the internet about private subnets crippling the ability to use Bitcoin. I believe this needs to be explicitly said in instructions for running a full node, maybe it wasn't a problem in 2009 but now it is a major issue. On default settings Bitcoin is 100% blocked, and most people do not have the time or motivation to fix this. I talked to at least 10 AT&T technicians and worked on it 2-3 days straight, did not receive the right answer until I found it myself, although they certainly gave me some useful clues about how the network works.

I am very happy that AT&T fixed it, since other ISPs like Comcast appeared even worse. I openly talked with them about Bitcoin and they showed no prejudice, might've actually made them more willing to help me cause otherwise they would think I'm a hacker.

tl;dr The good news is anyone with AT&T can be a full node by getting a public static IP, the bad news is almost no one will figure this out unless we as a community make it well known. I guarantee node numbers will improve if this information is spread to everyone. Database size and computing expenditures is simply not the reason people don't run full nodes, it's because their ISP has made it just about impossible without shelling out nearly 100% more money per month. If you don't pay the fee AT&T would never tell you about the private subnet, at least based on my experience.


-----Original Message-----
From: odinn <odinn.cyberguerrilla at riseup.net>
To: hurricanewarn1 <hurricanewarn1 at aol.com>; bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
Sent: Tue, Sep 1, 2015 3:16 am
Subject: Re: [bitcoin-dev] AT&T has effectively banned Bitcoin nodes by closing port 8333 via a hidden firewall in the cable box


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Another note on this subject
to add to the stuff people have already
mentioned...

If you have the AT&T
landline but don't use AT&T's standard internet /
tv (what they call Uverse)
offering - that is, if you prefer to use
some local internet provider - you are
probably better off (in terms
of avoiding not only this sort of
blockage/censorship but as well,
potentially getting a better privacy policy
that isn't going to be
like AT&T's long-term data retention).  You can check
directly with
the various local small ISPs to see what their policies
are
specifically on ports and whatnot.

Ideally your ISP should let
you:

port forward to SOMEPORTNUMBER for tcp and udp

(above may or may not
be helpful for some if you are using
decentralized markets)

have port 8333
open

(above is for bitcoin of course)

Supposing you have FTTN because you
are paying a local ISP for
internet service, and that local ISP has contracted
with AT&T to be
able to provide service in an area where old-style DSL has been
phased
out, thus your local ISP is essentially providing you AT&T FTTN.
(FTTN
is Fiber to the Node, FTTN-BP is FTTN Bonded Pair).  Even if a
local ISP has
its own privacy policy posted which is different from
AT&T, everything is
subject to AT&T data retention because the FTTN.
So get yourself a VPN (or set
up your own) for your connection. Tor
will run through the VPN.

General
observations - TWC stores your IP and other stuffs for 6
months or longer. 
Same for Comcast.  Verizon retains your stuffs for
18 month minimum, probably
longer though. Qwest/Century, 1 year.
Cox, 6 months.  AT&T retains for longer
than a year.  This is just
what they are telling you, the reality is it's
probably longer due to
stuff like
this:
https://www.lawfareblog.com/odni-and-doj-release-last-section-215-collec
tion-order









Zach
G via bitcoin-dev:
> I have been struggling to get port 8333 open all year, I
gave up
> and was using blockchain for months despite a strong desire to
stay
> on Bitcoin Core, but now the issue has reached critical mass since
>
I'm using the python Bitcoin server module. I have literally spent
> my entire
day trying to open 8333, I thoroughly made sure it was
> open on the router and
computer and it's still closed. Strangely
> enough I got it open for 30 seconds
once today but something closed
> it immediately.
> 
> After hours of phone
calls and messaging AT&T finally told me the
> truth of what was going on, and
only because I noticed it myself
> and demanded an answer. The internet is
being routed through a
> DVR/cable box, and they confirmed the DVR also has a
firewall. To
> make this even more absurd they refused to turn the firewall
off
> because it is their equipment. So effectively they can firewall any
>
port they want even if the customer asks them not to, in the
> unlikely event
the customer figures it out.
> 
> Perhaps this is the driving force behind the
inexplicable and
> massive decline in Bitcoin nodes. Bitcoin is being censored
by the
> ISPs themselves, and they won't even tell you that. I had to get in
>
touch with headquarters and threaten to rip it out of the wall to
> get a
proper answer.
> 
> 
> 
> _______________________________________________
bitcoin-dev mailing
> list bitcoin-dev at lists.linuxfoundation.org 
>
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 

- --

http://abis.io ~
"a protocol concept to enable decentralization
and
expansion of a giving economy, and a new social
good"
https://keybase.io/odinn
-----BEGIN PGP
SIGNATURE-----

iQEcBAEBCgAGBQJV5VDeAAoJEGxwq/inSG8CvkIH/jy4Vo+My3xeBdvFQmxkJWyQ
U5mv2zWEvBYw71Xy1EDzQY1AhEBmatUU1eu2AbOqXdUR4511FxCNzFmTxy6roEiz
EehBkvXNbBCbEzLRisjxuQw34OKM+xfieCqE1mzJok2uSdLMMQLcbWL1/k3/OmS5
9O9z/wMXqU1Jc19MTK+vF1Lz5ilnRn3hEbTaCN3ivYnYFa0DpBH9r0Y07UcoJ6Wr
ui/x0sSSuupAGzOkZ75HQ8yeQXckeAu6TB3/jE8QEqNUmAJkmR8eK4ofXZWFrIjy
mOKeQL4c+jRQnTR8pt+y89g2QIpzFoHaV5T+WvQuC1t8xNOrxLgYFXWgl0dhoYE=
=UCLC
-----END
PGP SIGNATURE-----

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150902/4ec5e5ed/attachment-0001.html>