Slashdot Mirror
Panama Decrees Block To Kill VoIP Service
An anonymous reader writes "In an apparent attempt to stem telephone company revenue losses due to Internet telephony, the government of Panama has decreed that 46 UDP ports be blocked by all Internet service providers. The ports include ones that are commonly used for voice over IP as well as some that are used for other purposes, apparently with the idea that these, too, could be used to circumvent the POTS (plain old telephone system, a term of art) in making telephone calls."
In an apparent attempt to stem telephone company revenue losses due to Internet telephony, the government of Panama has decreed that 46 UDP ports be blocked by all Internet service providers.
The ports include ones that are commonly used for voice over IP as well as some that are used for other purposes, apparently with the idea that these, too, could be used to circumvent the POTS (plain old telephone system, a term of art) in making telephone calls.
In the decree, the Panamanian government requires "that within 5 days of publication, all ISPs will block the 46 UDP ports used for VoIP and any other that could be used in the future (which could end up being all UDP ports)," according to a reporter and computer consultant there, and that "the ISPs will block in their firewall or main router and in all their Border routers that connect with other autonomous systems."
This "unequivocally decrees that all routers, including those not carrying traffic from Panama, but that might be traversing Panama, have the 46 UDP ports blocked."
The significance of the government action affects areas far beyond that nation. Due to its geographical location, numerous undersea cables connect in the country, making it a substantial hub for international IP traffic.
Among the services that are to be disrupted are NetMeeting, Dialpad, and Net2phone, which labels itself "communication without borders," a claim which apparently will no longer be true if one of those borders is Panamanian or communication is between two countries whose IP traffic passes through Panama.
The decree is apparently rooted in complaints by Cable & Wireless Panama (Motto: "If you're worried about your data, voice, or Internet service provider, we're here to help"), which says it is losing money due to users employing the Internet to make otherwise expensive internetional telephone calls -- calls that would otherwise be listed on Cable & Wireless bills.
The UDP ports involved include: 1034, 1035, 2090, 2091, 5000, 6801, 6802, 6803, 9900, 9901, 12080, 12120, 12122, 22555, 26133, 30582, 35061, 38000, 38100, 38200, 47563, 48310, 51200, and 51201.
The decree was published October 25.
Among the services that employ some of those ports are "nlockmgr," the NFS lock manager responsible for rpc.statd and rpc.lockd, which in turn are responsible for crash recovery functions for locked files and for processing file locking requests, respectively; telnet; and numerous VoIP services.
In addition to those who wish to save on their phone bills, the government order blocks the perfectly lawful use of those ports by businesses that have legitimate VoIP applications allowed in the country.
There were reports late Sunday that Panamanian ISPs were planning a demonstration aimed at exhibiting their displeasure with the government action.
corkscrew allready provides a tunnel over port 80, all you need to do is configure gnomeeting to use port 80, then you have secure VOIP over the mostly web port.
The only way for them to stop VOIP, is to shut down EVERY PORT!
--Benjamin McFree is one cool dude
Actually, you're wrong. If you have enough cash and can prove it (by posting a bond for example), in many states you can avoid purchasing insurance. Essentially, you are self-insuring yourself. Whether that is a smart thing to do is another question entirely.
-- Error: Cannot find file REALITY.SYS - Universe halted, please reboot!
People have been saying for years we need transparent encryption of internet connections (OK mabee I've been saying it) Once 'important' countries like Panama start playing routing games like this it becomes even more important.
Such heavy handed actions might be just what projects like FreeSwan need to get more universal acceptance. That all being said does anyone honestly belive that panama will be able to block *all* UDP traffic, while they are at it is might be a good idea to block ICMP and TCP - both of which could potentially carry voice data as well.
...the more they stay the same. The third-world telco monopolies have been fighting a similar battle against long distance "callback" companies for over five years now, and for the most part they've been losing badly. They've known for a while that VoIP services were the next big threat, but it doesn't look like they have any better idea how to deal with them.
One detail that usually gets left out of these articles, though: the "local third world telco monopoly" is not in any way a homegrown Panamanian entity. No, the citizens of Panama, like most of their neighbors in the carribean, are getting royally screwed by our dear friends at Cable and Wireless.
News for Nerds. Stuff that Matters? Like hell.
Tools like stunnel are readily available over the net. If crypto is illegal down there, it would be pretty easy to make a steganographic wrapper that would make the connection appear to a casual observer to be an ftp session, say. More sophisticated methods could be used to make it hard to detect the fact that there is a connection at all.
The only real solution thus is to drop LD prices and/or raise internet access prices. Or to sharply limit uploading speed/latency to a level where VoIP would be unacceptably bad.
Just because the data has a TCP header doesn't mean that the stack on either end has to handle it as TCP.
UDP Packet
[-- IP Header --|-- UDP Header --|-- Data --]
Now I don't have a protocol chart handy, but the IP header would stay the same, and you would have to insert a valid TCP header.
[-- IP Header --|-- Fake TCP Header --|-- UDP Header --|-- Data --]
Of course the servers at either end would have to know to strip out the fake TCP header, but that wouldn't be too hard. You would have to use raw sockets to make sure the OS didn't try and handle the TCP session, but it's do-able.
The other option is to use an ICMP packet, but that would look a little fake. Or pick a diferent protocol (ie not TCP or UDP). I can't remember you large that feild is, but its at least 6 bit (0-63). Most routers don't have ACLs limiting them to ICMP/TCP/UDP.
In short, there are hundreds of things people could do to get around this, but these measures are going to make things hard for the non-nerd to use his VOIP.
Democracy isn't about no one telling you what to do. It's about everyone telling you what to do.
Actually, Panama is not afraid of progress (believe me,I lived there and have family there)...
Their problem is a monopolistic phone company....
Cable & Wireless Panama privatized "INTEL", which was the only telco there since the stone age, and has bought many laws to place itself in control of the whole
comms market.
In fact, the father of one of my sister's friends is a lawyer that works for a Dominican telco that's trying to set up shop in Panama, and C&WPA has sued the crap out of his company. In fact, most of those suits are not "valid" (don't ask me, IANAL) suits, but are intended to tie the dominican telco's hands so that as long as the suits are not dismissed or won, the telco won't be able to do shit...
My panamanian family is really pissed at C&WPA's service and abusive pricing too, andt hey're even more pissed at not being able to download the photo album hosted on my own machine because C&WPA apparently blocks a lot of sites.....
No, seriously, I just come here for the articles.
The internet detects cencorship as a network failure and automatically routes around it. --Vint Cerf
The panamainan government obviously doesnt understand this. Besides the only reason their doing this is because the phone company is owned by El Presidantes, cousin or somthing.
Official GOD FAQ.
--side issue here. You CAN do an indemnity personal bond for car insurance, just most people don't and it's little known about. It's also expensive, goes by state minimum liabilites, and you'd of course want more than those minimums any more with the cost of cars and people in the hospital, etc, but if you got it you can do it and keep your wealth unless it's needed by your proven negligence.
Got a neighbor periodically goes to panama for his oil business stuff, he sez the government there is roughly equivalent to say chicago in corruption levels, ie, total top to bottom. I imagine them mucking with the internet only applies to peons, that if you are at least a semi connected fatcat and pay the correct bribes you can do whatever you want, but at that level you could afford long distance so the point is moot. Most (not al, generally speaking here of course) civil laws in regards to anything but fraud in it's various forms more or less exist to protect the already wealthy's status quo. No different here than in panama, not really.
I'll give you an example I am running into locally here where I live. I'm in the market for a small piece of property to have a home on. My income level for this would be in the uber cheap range. Anywho, this county a few years ago decided on a minimun acreage size for new homes, 1.5 acres. Well, ok, fine and dandy..... trouble is, for the decades preceding this, they "allowed" smaller than that to be deeded up as lots and now exist in undeveloped abundance by the hundreds or thousands really, like 1.1 acre, etc. These lots are now useless except for growing weeds and trees, people are stuck with them now, no one wants to buy them, you can't do anything with them, but they are still taxed. This benefits the more recent richer arrivals who took the county over(lotta cash under the table money gets spread into country government is the popular notion) and don't want it to be farming/light manufacturing, they want it to be yet another yuppie retirement/second home vacation place.
Poorer people are untermenschen here, you can WORK here, but they would rather you to live over real far away some other place and commute, please go home at quitting time, no riff raff. It sucks but that's another example of a civil statute enforced by their bureaucrats and hired badged mercenaries to benefit the more wealthy.
It's not perfect - Compressed RTP does a CSLIP-like elimination of most of the IP, UDP, and rTP overhead, but doesn't work over IPSEC or most other tunneling protocols.) That means bandwidth is pretty tight over 28.8-upstream dialup modems (especially if you don't always get full speed), but I'm not aware of any better tunneling solutions.
It'd be nice to have some tradeoffs like putting more than one voice sample per IP packet, which is not so hot for quality but cuts the packet overhead in half, and the protocols *ought* to have encryption as a standard feature, so you don't need tunneling for the general case, but it's a good start.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Just a little plug for the GPL'd Free internet phone, Speak-Freely.
.deb is rather old.
It uses UDP ports 2074 - 2076. From the article these are not blocked.
Works quite well (I've had better trans-pacific quality with it versus the expensive telephone connection [talking both connections to same party at the same time]). Loads of features, including VOX and PGP encryption. Very good help section.
There's both a basic UNIX cli version (use the xspeakfree tcl/tk frontend in CONTRIB or sflaunch) & a fully developed windows version.
http://speakfreely.org/
(I'm just Happy User)
It's in Debian as speak-freely, but the
~.~
I'm a peripheral visionary.
You are incorrect. There is no port number in an IP header. TCP and UDP both have their source and destination ports as the first 4 bytes after the IP header, but ICMP, for example, does not have ports at all. Thus, the concept of a port is defined by the upper layer protocol and has no meaning at the IP level.
Ah, so you are saying that the IP stack completely ignores bits 72-29, specified as "Protocol" and identifying the content that follows as any of TCP, UDP, icmp, sip, rfc1700, etc.
While port 80 may be handling http traffic in either tcp or udp, you may have completely different applications using those same two ports. Apache may be using port 80 at the same time as tftp is using that port. As noted in another reply to you, IP itself does not care one bit about what port is going to get the data. It cares that there is a protocol stack that understands what IP hands it.
Likewise filtering on firewalls and in access lists on routers specifies the protocol as well as the port being handled.
If whomever you learned networking from told you that the protocol field of the IP header was unimportant and that all traffic to a port had to be of whatever type the application which opened that port to the IP stack expected, I would recomend you ask for your money back.
-Rusty
You never know...
RFC 1035
The Internet supports name server access using TCP [RFC-793] on server port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP port 53 (decimal).
-dk
Sure there's dozens of ways to get around their port blocking, but I have a feeling it will have the effect they desire. Only a handful of people will have the knowledge and resources to circumvent their port blocking. In fact, the number is probably small enough that the government won't have to put in any more effort.
Sad... but probably true.
Panama is, unfortunately, not the only country to try this. Pakistan, for example, has one telco company handling all outgoing internet traffic (telco monopoly until dec 31 2002). They blocked various VoIP sites *and* MSN voice chat last month.
This was done unilaterally, with support from the supposedly independent telco regulation authority.
People complained, ISPs took out ads in papers and made press releases about it, and it's now looking like the sites will be unblocked by the end of the week. Hopefully.
Look, I live in Panama and I wish I had some insightful way to rationalize what these guys are doing, but unfortunately, it's as stupid as it sounds. Even those who marginally benefit from this are scratching their heads (Except for Cable & Wireless which holds the legal telecom monopoly until 1/1/2003)
For once I wish this article was confusing the country of Panama with Panama, FL., but it isn't...
There are two kinds of people in the world: Those with good memory.
Did you read this bit of the article?
"The significance of the government action affects areas far beyond that nation. Due to its geographical location, numerous undersea cables connect in the country, making it a substantial hub for international IP traffic."
Rob
"THIRD WORLD -- the economically underdeveloped countries of Asia, Africa, Oceania, and Latin America, considered as an entity with common characteristics, such as poverty, high birthrates, and economic dependence on the advanced countries. The French demographer Alfred Sauvy coined the expression ("tiers monde" in French) in 1952 by analogy with the "third estate," the commoners of France before and during the French Revolution-as opposed to priests and nobles, comprising the first and second estates respectively. Like the third estate, wrote Sauvy, the third world is nothing, and it "wants to be something." The term therefore implies that the third world is exploited, much as the third estate was exploited, and that, like the third estate its destiny is a revolutionary one. It conveys as well a second idea, also discussed by Sauvy, that of non-alignment, for the third world belongs neither to the industrialized capitalist world nor to the industrialized Communist bloc. The expression third world was used at the 1955 conference of Afro-Asian countries held in Bandung, Indonesia. In 1956 a group of social scientists associated with Sauvy's National Institute of Demographic Studies, in Paris, published a book called Le Tiers-Monde. Three years later, the French economist Francois Perroux launched a new journal, on problems of underdevelopment, with the same title. By the end of the 1950's the term was frequently employed in the French media to refer to the underdeveloped countries of Asia, Africa, Oceania, and Latin America."
r ld_def.html
t ml
Source: http://www.thirdworldtraveler.com/General/ThirdWo
See also:
http://www.infoplease.com/askeds/11-27-01askeds.h
http://pages.prodigy.net/aesir/oncwg.htm (slightly different take on the term)
--- What
This type of behaviour is common with Cable and Wireless. I currently live in the Cayman Islands and the Terms and Conditions of the internet service offered by C&W explicitly states that VOIP is prohibited:
7.2 The Service is offered subject to the availability of the necessary facilities. The Customer may not resell the Service to any third party or permit any third party to use the Service or Service Agreement Software. The Customer shall not allow the Service to be used, modified or adapted to transmit voice on the public telecommunications system of either C&W or any foreign telecommunications provider, and the Customer shall not connect to the PSTN at either the local or the distant end
If you want internet access you must accept this agreement since C&W is the only ISP in Cayman.
A couple years ago Net2Phone was sued by Cable and Wireless in the Caymans for offering long distance service within the Cayman Islands. C&W won the case since it violated the government mandated monopoly given to C&W for telephone services in the country. More recently, C&W has blocked access to BestNetCall.com.
A phone call to North America costs US$1.46 per minute through C&W. A call through BestNetCall was being offered at US$0.26 per minute. You can see why they are aggressively attacking any service that undermines the cash cow they have in Panama and the Caymans.
Just on a side note, they are also gouging the consumer for internet service as well. The cheapest DSL service they offer costs US$90 per month and its throttled to 128 down, 64 up! If you want 1544 down, 256 up you have to pay US$432 a month. Dialup costs US$44 for 30 hours per month plus $2.32 for each additional hour. You can get unlimited dialup hours for $96 per month, but you also have to pay $0.03 per minute local phone charges on this plan.