Log in

View Full Version : Three Mobile Broadband - What is blocked, and what is not



Hands0n
1st January 2011, 06:04 PM
This short article has been put together to dispel all rumour and supposition about what particular ports and protocols the Three UK mobile broadband network carries and those which it blocks.

The information given below is derived directly from Three and I have validated several of the statements for myself. It is easy enough to do, so if you are uncertain please try for yourself and report your findings back here.

The below does not discuss Content Blocking that appears to be set by default by Three. If you want the Content Block removed then you have to contact their Customer Services to have this done.

VPN - Virtual Private Network
Some people seem to have problems getting their personal or company VPN to work across the Three mobile broadband network. Three have the following to say.


We do not block VPN. However one reason they may not work is that the 'maximum packet size' (MTU) on 3G network is lower than the Internet and the VPN client may not be configured by default to take this difference in to account. VPN clients add their own headers to each data packet and so it can happen that the combination of the VPN network protocol headers plus the 3G data connection protocol headers causing the Internet data packets to be too large. If you have problems, try reducing the MTU size setting in your VPN client (e.g. try 1300 or even a bit lower).

Not all VPN clients allow you to make such a change - if your's is a corporate VPN then you may need to enlist the assistance of your company's IT department. Smart(er) VPN clients may automatically adjust the MTU on the fly, based upon any transmission errors they encounter.

So what do Three actually block intentionally?
Inevitably there are some protocol ports, and have this to say about the matter.

We block
Port 25. This is used by email client applications to send email via a protocol called SMTP. We block this as unauthenticated email sent via Port 25 is a common source of Spam email. Customers using an email client (such as Outlook Express) therefore need to configure their client settings to send email via another port. The usual alternative port is Port 587. Most email providers accept SMTP-Auth on this port. The 'Auth' means authenticated i.e. that the email providers usually only accept the email being sent once the user's email account and password have been submitted. Details on the required configuration are in our online help section (search for “email port” under Help & Support on three.co.uk).

This is an entirely sensible precaution given the amount of Spam email out there. It is unlikely that the above is going to cause anyone a particular problem. But it is worth knowing because of the very great use of email.

Continuing with the remaining blocked ports Three have this to say;


Ports 135, 136, 137, 138, 139 and port 445 on Mobile Broadband. These are also blocked by many other ISPs too, as they are a known vulnerability in PCs for malware attacks. These ports are reserved ports in the Internet standards (IETF) for use in Local Area Networks (LANs) e.g. for PCs to discover local printers, fileservers, etc on their networks. 3G networks are Wide Area Network (WAN) and so these ports have no legitimate use in our network. If you have a WiFi router (e.g. MiFi), you can still use these Ports within your own WiFi network between your local devices but not across the 3G internet connection.

So there you have it. possibly the most definitive statement on Three's blocking of ports on their mobile broadband network. If you find anything different, or have trouble getting something to work across their 3G network please do feedback on here.

Ben
1st January 2011, 10:33 PM
Just a little note to say that OS X Snow Leopard client to OS X Snow Leopard server VPN works fine over Three mobile broadband.

Fantastic to have this level of transparency.

Hands0n
2nd January 2011, 01:14 PM
Fantastic to have this level of transparency.

Yes, I completely agree. All kudos to Three UK for offering this information so readily. All I had to do was ask their Twitter team (@ThreeUK) and they went out of their way to obtain the full and correct information to me, very quickly too I should add. I am also very impressed and appreciative at the advice contained therein, which goes above and beyond what I asked for.

I think that this kind of information is of the most essential kind and should be made available from all network providers (mobile and fixed line). In providing this quality of information Three have, again, set the bar for its competition to meet.