Networking Forums

FTTC Migration

DrTeeth — Fri, 24 May 2013 22:10:33 GMT

DrTeeth wrote:

> Does an FTTC migration need an engineer's visit?

Well, they _make_ you have one whether or not it's needed ...

Max number of iptable rules?

Sandman — Fri, 24 May 2013 19:45:39 GMT

The man page doesn't seem to say. I saw something that suggested that
it may have maxed out at about 5000 rules, could that be true?

I'm adding them as I find them in the log files, and there are
thousands of hosts...

--
Sandman[.net]

Unstable Windows Network

fmw — Fri, 24 May 2013 15:13:04 GMT

I have a wired ethernet with an old 3Com switch and an old Cisco switch, each connecting separate floors. My problems began when I replaced my 3G wireless internet access with Hughes Gen4 satellite internet. The Hughes modem is connected to the 3Com switch along with two computer, a NAS and a printer. The Cisco switch downstairs has two computers and a printer.

I cannot get more than three computers to connect with the internet. Whenever I add one, another one loses internet connectivity. The one that loses connectivity is random.

When a workstation loses connectivity, it connects to all the nodes on the network except the NAS but will not connect to the internet.

IP's are generated by the Hughes modem using NAT and DHCP.

There are no computer name conflicts and no IP conflicts.

Hughes says they have no limitations on the number of nodes that can access it.

In my shoes, where would you look next for a solution?

Blocking client based on HTTP request

Sandman — Fri, 24 May 2013 13:07:35 GMT

So, as my other thread may suggest, I have problems with users flooding
my server with requests for /wpad.dat

Is there an easy way to use iptables to trigger on those requests and
then add the IP to a blacklist?

--
Sandman[.net]

wpad.dat attack on Linux Apache server

Sandman — Fri, 24 May 2013 09:22:15 GMT

In comp.os.linux.networking Sandman <(E-Mail Removed)> wrote:
> So, where would I start at for finding out who has done a /wpad.dat
> request and then add them to a firewall IP block list? Maybe that's
> the best route to go?

It should be in your webserver log. Here's an example from mine:

192.168.130.16 - - [24/May/2013:23:40:02 +0100] "GET /proxy.pac HTTP/1.1" 200 1485 "-" "-"

and here's the log definition line for this vHost:

CustomLog "|/usr/bin/cronolog /home/www/wpad/logs/%Y/%m/%d/public-access.log" combined

If you're going to block by firewall rule I'd suggest you take a close
look at fail2ban, which dos this kind of process very well indeed.

For comparison, I've had over 4000 hits in my access log today. And this
is from a fairly lightly loaded network with just a few PCs and
servers. Windows 7 appears to be *very* noisy indeed (I think I might
need to investigate the document expiry time to see if I can persuade
W7 to cache the answer a little more often).

Chris

Poor upload speed on BT Infinity

Dave — Wed, 22 May 2013 20:57:11 GMT

"Davey" <(E-Mail Removed)> wrote in message
news:knji77$2g5$(E-Mail Removed)...
> On Wed, 22 May 2013 21:57:11 +0100
> Dave <(E-Mail Removed)> wrote:
>
>> A friend is on the 'original' (40/10) BT Infinity and has a download
>> speed of 37 Mbps, upload of 1.5 Mbps.
>>
>> Two questions - is it true that BT actually upgrade people free of
>> charge to 'Infinity 2' (80/20) if they ask? And secondly, is there
>> any 'usual' or well-known reason for the poor upload speed of 1.5
>> Mbps? I'd have thought that with a download of 37, then the upload
>> would have been about 6 to 7 Mbps?
>>

You are not on the top deal, so whilst your download speed is OK, your
upload speed is slugged - recheck their web site.

>>
>
> BT doing something for free? Surely you jest!

They did boost my speed from 2Mbps to 8Mbps a few years ago on the proviso I
agreed to another 12 months - no actual charge.

> --
> Davey.

How can a toll-free number fail on landlines & VOIP but not oncellphones?

Eddie Powalski — Wed, 22 May 2013 18:57:25 GMT

On Thu, 23 May 2013 05:56:26 -0700, Robert Macy wrote:

> my landline is blocked

Hi Robert,

I'm confused though.
Your landline is blocked, as is mine.

Yet, when we call 1-877-817-1759, we both get the initial prompt:
"Press 1 for English"

After that, I'm confused what happened for you.

If my landline is blocked, the *next* prompt is (heavy British accent):
The number you have dialed cannot be found; please check the number
or call Airtel for assistance.

However, if I dialed *82 prior to dialing 1-877-817-1759, I get:
Please select the product type; for inquiries on basic phones, please
press 1, for inquiries on smart phones, please press 2, etc.

Which of those two options did you get from your blocked landline
for the *second* prompt?

Removing firmware on modem router

andy stone — Wed, 22 May 2013 13:24:28 GMT

On 22/05/2013 14:24, andy stone wrote:
> Someone has terminated their internet connection with Be (because they have
> sold up to sky) and Be say they do not need to return the modem router to
> them. Zen internet provider said they can use the modem with their service
> provided its not locked down.
>
> When ringing Be technical support they say it has their firmware on it, but
> it can be removed.
>
> Is this a difficult thing for a novice to do, removing firmware?

Is it a Thomson/Technicolor and if so what model number? If it's a
585v7/v8 or 582n then we'll have firmware for it which should work with
Zen (albeit Plusnet branded).

--
|Bob Pullen Broadband Solutions for
|Support Home & Business @
|Plusnet Plc. www.plus.net
+--------------- twitter.com/plusnet ----------------

Oh!!! Plusnet has a newsserver!

postmaster @ stejonda — Wed, 22 May 2013 11:38:07 GMT

On 22/05/2013 13:23, Plusnet Support Team wrote:
> On 22/05/2013 12:38, postmaster @ stejonda wrote:
>>
>> I hadn't realised, and then when I did I assumed it would only carry
>> plusnet.* but it appears to carry plenty more. That's rather a nice
>> surprise.
>>
>> :-)
>>
>> (A trouble-free install & downspeed of 73.21Mbps will also do very
>> nicely!)
>
> Outsourced to Giganews. It carries everything but the binary hierarchies.
>
> Welcome aboard by the way :)
>
to see if I've set this up right

Is there a practical way to find an open port?

root — Tue, 21 May 2013 14:24:26 GMT

root <(E-Mail Removed)> wrote:
> Nevertheless, I am trying to assess how difficult it would
> be for an intruder who does not know the open port.

Trivial. See below

> For example, if I had created an open port 22363 on the remote machine,
> I know that I can use telnet to verify the port is open:
> telnet remote-host 22263

> I want to know how an intruder can:
> 1. select a particular remote-host for attention
> 2. given that host, find one or more of the 65,000 ports
> that may give access.

> I have tried nmap which seems only to scan the first 1024
> ports.

That's the default setting. You can specify a port range like this:
nmap -p 0-65535 remotehost

Chris

Wired or wireless

amdx — Mon, 20 May 2013 19:02:08 GMT

On 5/22/2013 10:46 AM, Jeff Liebermann wrote:
> On Wed, 22 May 2013 07:54:47 -0700, Jeff Liebermann <(E-Mail Removed)>
> wrote:
>
>> Here's my home desktop:
>>
>
> Oops. That was something I threw together to test a video card for a
> customer. Here's my home computah:
>
> and office computah:
>
> Neither would be very good for gaming.
>
> Incidentally, the winner of the fastest machine running 3dMark06 was:
>
> using a $430 video card. Note the other prices.
>
> Gaming is NOT cheap.
>

Neither is college, when I responded to his request about a new
computer, I listed dollar amounts for rent, food, pocket money, tuition,
etc. that I'm paying, I stopped at $18,400. I thought that was enough to
get the point through to him. 5 year program, only 4 more to go. :-)
Mikek

FTTC - there is no cabinet!!!

postmaster @ stejonda — Mon, 20 May 2013 08:10:57 GMT

Mark <(E-Mail Removed)> considered Fri, 24 May 2013
10:41:13 +0100 the perfect time to write:

>On Mon, 20 May 2013 17:51:28 +0100, Peter Boulding
><(E-Mail Removed)> wrote:
>
>>On Mon, 20 May 2013 09:10:57 +0100, "postmaster @ stejonda"
>><(E-Mail Removed)> wrote in :
>>
>>>I'm having FTTC installed in a couple of days but it occurs to me. All
>>>the BT telephone cables around here come in from the top of a pole not a
>>>cabinet so where is the C that the F arrives at?
>>
>>I may be misunderstanding you here, but what you describe sounds normal.
>>
>>Take a look at the pole that supplies the overhead phone lines to your--and
>>other--homes: there must be a thick cable (much thicker than the others)
>>bringing the various lines from the exchange *to* that pole; commonly that
>>cable is underground as far as the pole... it climbs the side of the pole to
>>a box near the top that separates the various lines into smaller cables,
>>each of which stretches from the pole to one home.
>>
>>The other end of that underground cable (along with others from nearby
>>poles) normally comes up inside a *reasonably* nearby cabinet. The coming of
>>FTTC means that this cabinet will be replaced with a new one to which a new
>>underground optical fibre connection with the exchange has been attached,
>>and which contains the necessary digital-to-analogue conversion equipment.
>
>My phone line comes in at the back of my house from a pole in a
>different road, it then gets routed through a junction box out the
>*front* of my house, then through another junction box around the
>corner in a another street. Finally it emerges in a FTTC cabinet in
>yet another street.
>
>It's not surprising I 'only' get 40Mbps ;-)

What is even more surprising is that it's /your/ 40Mbps, not somebody
else's :-)

Wireless (Internet) Wiki (FAQ)

John Navas — Sat, 18 May 2013 14:49:06 GMT

NEW HOME OF WIRELESS WIKI IS HTTP://WIRELESS.NAVAS.US

A comprehensive resource on wireless access to the Internet,
including answers to Frequently Asked Questions (FAQ),
and Fast Fixes for common problems.

Search Wireless Wiki w/Google:

Main article:

Direct links to specific articles/sections:

* Wi-Fi

* Fast Fixes to Wi-Fi Problems

* Wi-Fi How To

* Wi-Fi on a Boat

* WiMAX

* Fixed Terrestrial Wireless

* Cellular

* Satellite

These are Wikis that _anyone_ can edit!
Comments, corrections, and contributions welcome!

ALERT: WPA-TKIP isn't secure - use WPA2 instead

John Navas — Sat, 18 May 2013 14:49:05 GMT

SUMMARY:

WPA-PSK is vulnerable to offline attack.
WPA-TKIP has been cracked.

TO AVOID THESE PROBLEMS:

1. USE WPA-AES or WPA2 instead of WPA-TKIP (or WEP)

2. USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
BAD: "vintage wine"
GOOD: "floor hiking dirt ocean"
(pick your own words, even longer is better)
FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.

BACKGROUND:

Weakness in Passphrase Choice in WPA Interface

Practical attacks against WEP and WPA

A Practical Message Falsication Attack on WPA

New attack cracks common Wi-Fi encryption in a minute

Passphrase Flaw Exposed in WPA Wireless Security

Cracking Wi-Fi Protected Access (WPA)

Cracking WEP and WPA Wireless Networks

Heads up: DynDNS

Graham. — Fri, 17 May 2013 20:31:09 GMT

On 23/05/13 01:13, Graham. wrote:
> On Wed, 22 May 2013 22:18:18 +0100, The Natural Philosopher
> <(E-Mail Removed)> wrote:
>
>> On 22/05/13 21:32, alexd wrote:
>>> The Natural Philosopher (for it is he) wrote:
>>>
>>>> However at this level it seems to me that your question is 'how can I
>>>> tell what my current home IP address is'
>>> Read his post again. That's not his question.
>>>
>> Maybe not, but why else would one use dyndns?
> I suppose if I had a static IP or two I *might* remember the four
> dotted decimal numbers for them, but I am more likely to remember
> something like http://name.dyndns.org the same argument goes for URLs
> in general.

you don't need to remember it. you put it in a file called a hosts file.
Or on a dns server somewhere. That doesn't have to be a DYNAMIC server,
that's the difference.

In the limit register a domain for £3 a year and use that...
> Also, what about when we eventually all have V6 addresses...
>
Ditto.

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.