A bad idea? Daisy-chaining modem and router with the same ip numbers

[Steve G.]

I have a practical situation that might use some advice. I am not near the
equipment, so I can't manually change IP addresses on the machines, and the
server does not have a GUI, so my wife can't fix it either.

The question:

if I take a modem that runs the LAN as 192.168.1.1, and plug into one of
its ports a wireless router ALSO running as 192.168.1.1, would I bring down
the Internet or cause other types of horrible harm?

The background:

I had a home network with a modem and a wireless router. The router plugged
into one of the 4 open ports in the modem, and several computers, including
a server and two desktops were connected into the router. No computer was
connected to the modem.

The wireless router network was 192.168.1.x. - the server and linux box had
fixed addresses, outside the DHCP range. I don't remember the IP of the
modem, but it was (I think) using the 10. range for the local network. I
used the interface of the router to relay ports 80, 23 (or 22, the one for
ssh), and some other to the server or desktop. I don't have access to do
the same through the modem.

Long story short, the modem needed replacing and the new modem is running
on the 192.168.1.1... network. The desktops are now connected to the modem
directly. The router has been reset and switched to 192.168.2.1

The fixed IP desktop is fine, because the new and old networks are the
same. The wireless devices are fine, because they run on the new network
and get the IP automatically assigned. But the server is out of each, as
its address is 192.168.1.190 and it is connected to a router with the
network 192.168.2.x

So I am thinking what might happen if I change the router's network back to
192.168.1.x - would it work?

Thanks in advance.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: A bad idea? Daisy-chaining modem and router with the same ip numbers

[Geoff Shang]

On Sat, 26 Jan 2013, Steve G. wrote:


if I take a modem that runs the LAN as 192.168.1.1, and plug into one of
its ports a wireless router ALSO running as 192.168.1.1, would I bring down
the Internet or cause other types of horrible harm?


The Internet at large wouldn't be affected, but you'd cause yourself 
problems.   Packets from machines connected to the router which 
are destined for the modem would probably never get there.



The fixed IP desktop is fine, because the new and old networks are the
same. The wireless devices are fine, because they run on the new network
and get the IP automatically assigned. But the server is out of each, as
its address is 192.168.1.190 and it is connected to a router with the
network 192.168.2.x

So I am thinking what might happen if I change the router's network back to
192.168.1.x - would it work?


You could change the router back to 192.168.1.x but the router itself 
cannot be set to an address that any other device has.  You need to avoid 
address collisions.


I guess you could also leave your router address as it is but set its 
netmask to 255.255.252.0 which would then include the 192.168.1.x network 
as well.  This might needlessly complicate things though.


If you can avoid address collisions, setting everything to the same 
network would work fine.


If the modem can do DHCP, you could disable DHCP on the router and let the 
modem take care of handing out addresses.  Then you could just give the 
router an address that won't collide (e.g. 192.168.1.254) and just get it 
to pass IP traffic back and forth.  This is what I did here when I ran out 
of ethernet ports on the modem/router.


HTH,
Geoff.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

[OT somewhat] DDOS attacks, where to report?

[Jonathan Ben Avraham]

Dear Linux-IL colleagues,
An associate of mine who runs a hosting service has been the victim of 
persistent DDOS attack, apparently from botnets that are mainly located 
on other countries.


His Israeli service providers have responded to these attacks by cutting 
off his service.


Is there someone in ISOC-IL or the police who will take a complaint 
seriously? I suggested that he file a complaint with the police, then with 
the copy of the complaint in-hand ask his attorney to call the service 
providers to demand restoration of service.


Any ideas?

 - yba


--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open Systems
=}ooO--U--Ooo{=
 - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[shimi]

On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote:

 Dear Linux-IL colleagues,
 An associate of mine who runs a hosting service has been the victim of
 persistent DDOS attack, apparently from botnets that are mainly located on
 other countries.

 His Israeli service providers have responded to these attacks by cutting
 off his service.

 Is there someone in ISOC-IL


Don't know (even if they would, what power do they have? besides being the
.il domain registration expensive monopoly)


 or the police who will take a complaint seriously?


They most probably won't. Not to mention that even if they would, you can't
police foreign countries. You need Interpol. Do you think that's gonna
happen?


 I suggested that he file a complaint with the police, then with the copy
 of the complaint in-hand ask his attorney to call the service providers to
 demand restoration of service.


Did he read his contract? Did he notice if the customer becomes a
detriment to the network... clause?

Does his ISP need to suffer because of his business? Bandwidth cost their
money. Denial of service can cause issues to other customers, and ISP might
be hurt financially via lawsuits from said customers. Will he compensate
ISP for that?

What needs to be the threshold? Does the ISP needs to continue giving him
service if the whole ISP gets down for 4 hours, like happened last Tuesday
to 012?

-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Jonathan Ben Avraham]

Hi Shimi,
You are suggesting that there is no recourse to DDOS attacks, that 
Israelis are fair game for foreign attacks and it is no one's business 
except for the victim.


The ISP does need to suffer in this case, in that the ISP has allowed an 
act of war to be committed through his service. I see little difference 
between this and the cab drivers who transport illegal workers from the 
Palestinian territories to jobs in Israel. We require the drivers to take 
some responsibility for whom they transport.


I am suggesting that ISP's be charged with some level responsibility for 
investigating and reporting these attacks. That's in the national 
interest. I suspect that in the cases of large institutions, even 
non-governmental institutions such as banks, that  there is in fact some 
national response, but that this protection is not currently extended to 
smaller players. If a rocket hit's your home you get some protection at 
the national level. If a DDOS attack from a hostile government attacks 
your business, it's not in the national interest to provide 
some level of protection?


 - yba


On Sat, 26 Jan 2013, shimi wrote:


Date: Sat, 26 Jan 2013 20:20:30 +0200
From: shimi linux...@shimi.net
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?


On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.il wrote:
  Dear Linux-IL colleagues,
  An associate of mine who runs a hosting service has been the victim of 
persistent DDOS attack, apparently from botnets that are mainly located on 
other countries.

  His Israeli service providers have responded to these attacks by cutting 
off his service.

  Is there someone in ISOC-IL


Don't know (even if they would, what power do they have? besides being the .il 
domain registration expensive monopoly)
 
  or the police who will take a complaint seriously?


They most probably won't. Not to mention that even if they would, you can't 
police foreign countries. You need Interpol. Do you think that's gonna happen?
 
  I suggested that he file a complaint with the police, then with the copy 
of the complaint in-hand ask his attorney to call the service providers to 
demand restoration of service.


Did he read his contract? Did he notice if the customer becomes a detriment to the 
network... clause?

Does his ISP need to suffer because of his business? Bandwidth cost their 
money. Denial of service can cause issues to other customers, and ISP might be 
hurt financially via lawsuits from said customers. Will he compensate ISP for 
that?

What needs to be the threshold? Does the ISP needs to continue giving him 
service if the whole ISP gets down for 4 hours, like happened last Tuesday to 
012?
 
-- Shimi




--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open Systems
=}ooO--U--Ooo{=
 - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Geoffrey S. Mendelson]

shimi wrote:



What needs to be the threshold? Does the ISP needs to continue giving 
him service if the whole ISP gets down for 4 hours, like happened last 
Tuesday to 012?
 


Interesting. I never noticed it, however for one night last week, which 
I have forgotten which, we had to switch from Netvision to 012 to access 
anything.


I have lines to both and switch between them as I need performance. 
Usually I don't have to switch my DNS servers but this time I did.


Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM/KBUH7245/KBUW5379
Gung Hay Fat Choy! (May the new year be prosperous).





___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[E.S. Rosenberg]

The customer/the ISP can purchase specialized firewalls to defend against
DOS/DDOS attacks.

The subject of the attack can try to approach the local police and in some
cases they will work on taking down the botnet, see for instance Dutch
police, FBI and other European forces spending time on these cases.

But unless your friend shows that he is taking serious steps to prevent
this type of thing in the future no ISP has to allow him onto their
network, there are ISPs that specialize in hosting sites that are prone to
being attacked but the price is obviously accordingly.

Regards,
Eliyahu - אליהו


2013/1/26 Jonathan Ben Avraham y...@tkos.co.il

 Hi Shimi,
 You are suggesting that there is no recourse to DDOS attacks, that
 Israelis are fair game for foreign attacks and it is no one's business
 except for the victim.

 The ISP does need to suffer in this case, in that the ISP has allowed an
 act of war to be committed through his service. I see little difference
 between this and the cab drivers who transport illegal workers from the
 Palestinian territories to jobs in Israel. We require the drivers to take
 some responsibility for whom they transport.

 I am suggesting that ISP's be charged with some level responsibility for
 investigating and reporting these attacks. That's in the national interest.
 I suspect that in the cases of large institutions, even non-governmental
 institutions such as banks, that  there is in fact some national response,
 but that this protection is not currently extended to smaller players. If a
 rocket hit's your home you get some protection at the national level. If a
 DDOS attack from a hostile government attacks your business, it's not in
 the national interest to provide some level of protection?

  - yba


 On Sat, 26 Jan 2013, shimi wrote:

  Date: Sat, 26 Jan 2013 20:20:30 +0200
 From: shimi linux...@shimi.net
 To: Jonathan Ben Avraham y...@tkos.co.il
 Cc: ILUG linux-il@cs.huji.ac.il
 Subject: Re: [OT somewhat] DDOS attacks, where to report?



 On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.il
 wrote:
   Dear Linux-IL colleagues,
   An associate of mine who runs a hosting service has been the victim
 of persistent DDOS attack, apparently from botnets that are mainly located
 on other countries.

   His Israeli service providers have responded to these attacks by
 cutting off his service.

   Is there someone in ISOC-IL


 Don't know (even if they would, what power do they have? besides being
 the .il domain registration expensive monopoly)

   or the police who will take a complaint seriously?


 They most probably won't. Not to mention that even if they would, you
 can't police foreign countries. You need Interpol. Do you think that's
 gonna happen?

   I suggested that he file a complaint with the police, then with the
 copy of the complaint in-hand ask his attorney to call the service
 providers to demand restoration of service.


 Did he read his contract? Did he notice if the customer becomes a
 detriment to the network... clause?

 Does his ISP need to suffer because of his business? Bandwidth cost their
 money. Denial of service can cause issues to other customers, and ISP might
 be hurt financially via lawsuits from said customers. Will he compensate
 ISP for that?

 What needs to be the threshold? Does the ISP needs to continue giving him
 service if the whole ISP gets down for 4 hours, like happened last Tuesday
 to 012?

 -- Shimi



 --
  EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open
 Systems
 =}**ooO--U--**
 Ooo{=
  - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Jonathan Ben Avraham]

On Sat, 26 Jan 2013, E.S. Rosenberg wrote:


Date: Sat, 26 Jan 2013 21:32:34 +0200
From: E.S. Rosenberg esr+linux...@g.jct.ac.il
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?

The customer/the ISP can purchase specialized firewalls to defend against 
DOS/DDOS attacks.


Hi Eliyahu,
Which Israeli ISP's offer such services? Do any of them?


The subject of the attack can try to approach the local police and in some 
cases they will work on taking down the botnet, see for instance Dutch police, 
FBI and other European forces spending time on these cases.


Do the Israeli police actually investigate DDOS incidents originating in 
foreign countries?



But unless your friend shows that he is taking serious steps to prevent this 
type of thing in the future no ISP has to allow him onto their network, there 
are ISPs that specialize in hosting sites that are prone to being attacked but 
the price is
obviously accordingly.


For example?

 - yba



Regards,
Eliyahu - אליהו


2013/1/26 Jonathan Ben Avraham y...@tkos.co.il
  Hi Shimi,
  You are suggesting that there is no recourse to DDOS attacks, that 
Israelis are fair game for foreign attacks and it is no one's business except 
for the victim.

  The ISP does need to suffer in this case, in that the ISP has allowed 
an act of war to be committed through his service. I see little difference between this 
and the cab drivers who transport illegal workers from the Palestinian
  territories to jobs in Israel. We require the drivers to take some 
responsibility for whom they transport.

  I am suggesting that ISP's be charged with some level responsibility for 
investigating and reporting these attacks. That's in the national interest. I 
suspect that in the cases of large institutions, even non-governmental 
institutions
  such as banks, that  there is in fact some national response, but that 
this protection is not currently extended to smaller players. If a rocket hit's 
your home you get some protection at the national level. If a DDOS attack from a
  hostile government attacks your business, it's not in the national 
interest to provide some level of protection?

   - yba


  On Sat, 26 Jan 2013, shimi wrote:

Date: Sat, 26 Jan 2013 20:20:30 +0200
From: shimi linux...@shimi.net
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?


On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham 
y...@tkos.co.il wrote:
      Dear Linux-IL colleagues,
      An associate of mine who runs a hosting service has been the 
victim of persistent DDOS attack, apparently from botnets that are mainly 
located on other countries.

      His Israeli service providers have responded to these attacks 
by cutting off his service.

      Is there someone in ISOC-IL


Don't know (even if they would, what power do they have? besides 
being the .il domain registration expensive monopoly)
 
      or the police who will take a complaint seriously?


They most probably won't. Not to mention that even if they would, 
you can't police foreign countries. You need Interpol. Do you think that's 
gonna happen?
 
      I suggested that he file a complaint with the police, then 
with the copy of the complaint in-hand ask his attorney to call the service 
providers to demand restoration of service.


Did he read his contract? Did he notice if the customer becomes a 
detriment to the network... clause?

Does his ISP need to suffer because of his business? Bandwidth cost 
their money. Denial of service can cause issues to other customers, and ISP 
might be hurt financially via lawsuits from said customers. Will he compensate
ISP for that?

What needs to be the threshold? Does the ISP needs to continue 
giving him service if the whole ISP gets down for 4 hours, like happened last 
Tuesday to 012?
 
-- Shimi



--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA    ~. .~   Tk Open Systems
=}ooO--U--Ooo{=
     - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il






--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open Systems
=}ooO--U--Ooo{=
 - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___
Linux-il mailing list
Linux-il@cs.huji.ac.il

Re: [OT somewhat] DDOS attacks, where to report?

[shimi]

On Sat, Jan 26, 2013 at 8:52 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote:

 Hi Shimi,
 You are suggesting that there is no recourse to DDOS attacks, that
 Israelis are fair game for foreign attacks and it is no one's business
 except for the victim.


Hi Jonathan,

Yes, I believe that's the situation. Don't confuse my response with 'what
should be', rather than 'what will happen'.

I'll give you some story - and while this is merely _one_ example, and
while one may not conclude from a single occasion to any other event in
life - I have yet to have heard in the media for an opposite case[*] - so I
*suspect* that is the norm.

Here's the story.

As part of both my professional (for pay) and hobby (free) work, I run
servers on the Internet, just like your friend.

Many years ago (almost a decade), someone defaced a site I did the IT for.
He didn't get in by cracking through the OS / webserver stack. It was a
'shelf-product' that ran the site, and that product had bugs. Pretty much
written by a lousy programmer, and there wasn't much to do about that -
code reviewing everything didn't make sense, given the size of this and the
resources we had as a free website (part of the reason the platform was
dumped eventually).

Now, since only the specific application was sabotaged, there weren't
issues of privilege escalations etc, so we had server logs. We found the
relevant entries that caused the crack, learned what the attacker did,
found the relevant Perl code bug, closed it, and then restored a backup.

Funny thing, the IP address of the attacker was one from Netvision's static
pool. To save future headache (assuming the guy will find more bugs), an
iptables (or was it ipchains back then? I don't remember) rule was added to
block this IP. Then, after a 'view' command for iptables - it did the
natural thing and showed the reverse DNS of that IP. Apparently, Netvision
on many occasions set reverse DNS for fixed IPs to the name of the
customer. So I knew who was the customer. It had been a competitor of the
cracked website.

A copy of all the logs, with an explanation what was done, how it was then,
when, from where, THE IDENTITY OF THE ATTACKER, were all compiled to a long
complaint which was filed with our Israeli Police.

A couple of weeks later, the police sent the site owner a letter, telling
him that the case is closed, due to the lack of interest by the public.

This is for something that happened completely in Israel, where they had
the suspect handed to them on a plate of silver, and they did nothing.

This is why I wouldn't hold my breath...

[*] Exceptions I have seen were PR could be generated.

Such as the Trojan Horse story:
http://www.ynet.co.il/home/0,7340,L-3439,00.html

...or when the DoS is directed at the Government or one of its
sub-organizations...

Does your friend's case constitute one of the above?



 The ISP does need to suffer in this case, in that the ISP has allowed an
 act of war to be committed through his service. I see little difference
 between this and the cab drivers who transport illegal workers from the
 Palestinian territories to jobs in Israel. We require the drivers to take
 some responsibility for whom they transport.


Going to take someone from a forbidden territory is not the same like being
a transparent transit for something. They're not willingly doing that!
Believe me, if there would be a block DDoS command on every route out
there, EVERYONE would enable it. But this requires effort. Sometimes a lot
of it. Sometimes beyond the capability of the ISP, simply because the vast
amounts of traffic crossing their links, due to that customer. Even if you
drop the traffic at your border, you still wasted International bandwidth
for it, a scarce resource as it is...


I am suggesting that ISP's be charged with some level responsibility for
 investigating and reporting these attacks. That's in the national interest.
 I suspect that in the cases of large institutions, even non-governmental
 institutions such as banks, that  there is in fact some national response,
 but that this protection is not currently extended to smaller players. If a
 rocket hit's your home you get some protection at the national level. If a
 DDOS attack from a hostile government attacks your business, it's not in
 the national interest to provide some level of protection?



Do you know a law that tells them they should do so at a discretion of the
customer? If not, there's nothing much you can do. ISPs live on very low
margins in the hosting business (for the best of my knowledge...) - what
interest do they have to spend their dollars on a customer that just causes
them trouble? (Seems most websites don't get DDoSed... there are reasons
why people get DDoSed...)

Of course, he can go for a court order (maybe through police). Let's say he
has the IPs in China, Arab countries etc etc of the attackers. What's next?
How will you stop the DDoS? Mind you, the DDoS comes from infected
computers, and you'll 

Re: [OT somewhat] DDOS attacks, where to report?

[shimi]

On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote:



 But unless your friend shows that he is taking serious steps to prevent
 this type of thing in the future no ISP has to allow him onto their
 network, there are ISPs that specialize in hosting sites that are prone to
 being attacked but the price is
 obviously accordingly.


 For example?



http://www.prolexic.com/services-dos-and-ddos-mitigation.html

Not a recommendation in any way, just an example.

-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Jonathan Ben Avraham]

Hi Shimi,

Thanks.

What I am trying to find out is if there are any Israeli ISP's that 
actually offer protection against DDOS attacks and if there is any 
stated public policy on such attacks. For example, is there a legal 
requirement for individuals or ISP's to report such crimes as there is 
with other crimes? Does the government view the liability for damages 
resulting from such attacks as a private responsibility like burglary or 
fire insurance even when the attack is committed by an enemy of the state? 
Is this written anywhere and is there any applicable case law? How big 
or persistent does a cyber attack have to be for it to be considered a 
public issue? Or has no one in government ever considered the question?


 - yba



On Sat, 26 Jan 2013, shimi wrote:


Date: Sat, 26 Jan 2013 22:11:24 +0200
From: shimi linux...@shimi.net
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: E.S. Rosenberg esr+linux...@g.jct.ac.il, ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?

On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.il wrote:


But unless your friend shows that he is taking serious steps to 
prevent this type of thing in the future no ISP has to allow him onto their 
network, there are ISPs that specialize in hosting sites that are prone to being
attacked but the price is
obviously accordingly.


For example?



http://www.prolexic.com/services-dos-and-ddos-mitigation.html

Not a recommendation in any way, just an example.

-- Shimi





--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open Systems
=}ooO--U--Ooo{=
 - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[E.S. Rosenberg]

Why should the ISP have that responsibility?

They are as far as most of us are concerned not even supposed to do DPI
(deep packet inspection) and without DPI they have almost no way of telling
the difference between a site that is under attack and a site that just
posted something that is so popular that everyone is going there also
effectively DDOS'ing...

The responsibility to go to the authorities lies squarly with the victim,
elthough you might expect some good citizenship from the ISP if they signal
illegal activities they still have a very hard time telling the legit from
the illegitimate traffic.

Also ISPs in Israel don't even bother to put virus affected customers in
quarantine where they are blocked from accessing the internet until they
clean their computer(s), something which is fairly easy for them to
implement and very much in the ISPs interest so why would they do more
complicated things like dissecting attacks?
(I know some of the better ISPs outside of Israel do this)

As far as an example of equipment goes, tweakers.net did a review on an
anti DDOS firewall appliance in 2010:
http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html

Such an appliance would iirc not be usefull at the ISP level since it
utilizes traffic patterns

Regards,
Eliyahu - אליהו


2013/1/26 Jonathan Ben Avraham y...@tkos.co.il

 Hi Shimi,

 Thanks.

 What I am trying to find out is if there are any Israeli ISP's that
 actually offer protection against DDOS attacks and if there is any stated
 public policy on such attacks. For example, is there a legal requirement
 for individuals or ISP's to report such crimes as there is with other
 crimes? Does the government view the liability for damages resulting from
 such attacks as a private responsibility like burglary or fire insurance
 even when the attack is committed by an enemy of the state? Is this written
 anywhere and is there any applicable case law? How big or persistent does a
 cyber attack have to be for it to be considered a public issue? Or has no
 one in government ever considered the question?


  - yba



 On Sat, 26 Jan 2013, shimi wrote:

  Date: Sat, 26 Jan 2013 22:11:24 +0200

 From: shimi linux...@shimi.net
 To: Jonathan Ben Avraham y...@tkos.co.il
 Cc: E.S. Rosenberg esr+linux...@g.jct.ac.il, ILUG 
 linux-il@cs.huji.ac.il

 Subject: Re: [OT somewhat] DDOS attacks, where to report?

 On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.il
 wrote:


 But unless your friend shows that he is taking serious steps
 to prevent this type of thing in the future no ISP has to allow him onto
 their network, there are ISPs that specialize in hosting sites that are
 prone to being
 attacked but the price is
 obviously accordingly.


 For example?



 http://www.prolexic.com/**services-dos-and-ddos-**mitigation.htmlhttp://www.prolexic.com/services-dos-and-ddos-mitigation.html

 Not a recommendation in any way, just an example.

 -- Shimi




 --
  EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open
 Systems
 =}**ooO--U--**
 Ooo{=
  - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

 __**_
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-ilhttp://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Jonathan Ben Avraham]

Hi Eliyahu,
See inlines below.

On Sat, 26 Jan 2013, E.S. Rosenberg wrote:


Date: Sat, 26 Jan 2013 23:22:18 +0200
From: E.S. Rosenberg esr+linux...@g.jct.ac.il
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?

Why should the ISP have that responsibility?

They are as far as most of us are concerned not even supposed to do DPI (deep 
packet inspection) and without DPI they have almost no way of telling the 
difference between a site that is under attack and a site that just posted 
something that is so
popular that everyone is going there also effectively DDOS'ing...



Once the user reports the crime to the ISP, does the ISP then have any 
responsibility to report the crime, like other crimes?




The responsibility to go to the authorities lies squarly with the victim, 
elthough you might expect some good citizenship from the ISP if they signal 
illegal activities they still have a very hard time telling the legit from the 
illegitimate
traffic.



This is not true in general under Israeli law, as I have found out myself 
from unfortunate personal experience. See 
http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2




Also ISPs in Israel don't even bother to put virus affected customers in 
quarantine where they are blocked from accessing the internet until they clean 
their computer(s), something which is fairly easy for them to implement and 
very much in the
ISPs interest so why would they do more complicated things like dissecting 
attacks?



Not necessarily analyzing attacks, just reporting them.



(I know some of the better ISPs outside of Israel do this)

As far as an example of equipment goes, tweakers.net did a review on an anti 
DDOS firewall appliance in 2010:
http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html

Such an appliance would iirc not be usefull at the ISP level since it utilizes 
traffic patterns


Thanks,

 - yba



Regards,
Eliyahu - אליהו


2013/1/26 Jonathan Ben Avraham y...@tkos.co.il
  Hi Shimi,

  Thanks.

  What I am trying to find out is if there are any Israeli ISP's that 
actually offer protection against DDOS attacks and if there is any stated 
public policy on such attacks. For example, is there a legal requirement for 
individuals or
  ISP's to report such crimes as there is with other crimes? Does the 
government view the liability for damages resulting from such attacks as a 
private responsibility like burglary or fire insurance even when the attack is 
committed by
  an enemy of the state? Is this written anywhere and is there any 
applicable case law? How big or persistent does a cyber attack have to be for 
it to be considered a public issue? Or has no one in government ever considered 
the question?

   - yba



  On Sat, 26 Jan 2013, shimi wrote:

  Date: Sat, 26 Jan 2013 22:11:24 +0200
  From: shimi linux...@shimi.net
  To: Jonathan Ben Avraham y...@tkos.co.il
Cc: E.S. Rosenberg esr+linux...@g.jct.ac.il, ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?

On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.il wrote:


            But unless your friend shows that he is taking serious steps to 
prevent this type of thing in the future no ISP has to allow him onto their 
network, there are ISPs that specialize in hosting sites that are prone to being
            attacked but the price is
            obviously accordingly.


For example?



http://www.prolexic.com/services-dos-and-ddos-mitigation.html

Not a recommendation in any way, just an example.

-- Shimi




--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA    ~. .~   Tk Open Systems
=}ooO--U--Ooo{=
     - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il






--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open Systems
=}ooO--U--Ooo{=
 - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[shimi]

On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote:


 This is not true in general under Israeli law, as I have found out myself
 from unfortunate personal experience. See http://he.wikipedia.org/wiki/%**
 D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2


This law is about telling the authorities about a CRIME THAT IS GOING TO
HAPPEN, that you know about, so that the authorities can stop the criminal
PRIOR to the act of crime.

Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to
the customer (they can't possibly know. like I've already said - chances of
catching the source behind a DDoS are almost nil) - I personally find it
difficult to understand why you think this law is relevant on our case...

Also, not even sure that this is called a crime that happens within the
borders of Israel. After all, the attacker, and his 'associate' computers,
are all (for the lack of better knowledge) outside the borders of Israel
when this happens. Again, the Israeli police (or Government) has no
jurisdiction over the whole Internet...

I think it is time for me to quote from the Serenity Prayer:

God, grant me the serenity to accept the things I cannot change, The
courage to change the things I can, And wisdom to know the difference.

Of course, I wish your friend luck if he opts to pursue this anyways, with
the hope for: a) any sort of success, and b) that he won't waste so much
time/money on his attempts...

Good luck!

-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Amos Shapira]

Trying to get any useful action from the Israeli police is futile.
Get over it - you have to find other venues to address the issues.

(I speak from experience of multiple personal encounters were I needed
their help and didn't get it).


On 27 January 2013 09:30, shimi linux...@shimi.net wrote:

 On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote:


 This is not true in general under Israeli law, as I have found out myself
 from unfortunate personal experience. See http://he.wikipedia.org/wiki/%*
 *D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2


 This law is about telling the authorities about a CRIME THAT IS GOING TO
 HAPPEN, that you know about, so that the authorities can stop the criminal
 PRIOR to the act of crime.

 Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to
 the customer (they can't possibly know. like I've already said - chances of
 catching the source behind a DDoS are almost nil) - I personally find it
 difficult to understand why you think this law is relevant on our case...

 Also, not even sure that this is called a crime that happens within the
 borders of Israel. After all, the attacker, and his 'associate' computers,
 are all (for the lack of better knowledge) outside the borders of Israel
 when this happens. Again, the Israeli police (or Government) has no
 jurisdiction over the whole Internet...

 I think it is time for me to quote from the Serenity Prayer:

 God, grant me the serenity to accept the things I cannot change, The
 courage to change the things I can, And wisdom to know the difference.

 Of course, I wish your friend luck if he opts to pursue this anyways, with
 the hope for: a) any sort of success, and b) that he won't waste so much
 time/money on his attempts...

 Good luck!

 -- Shimi

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Jonathan Ben Avraham]

On Sun, 27 Jan 2013, shimi wrote:


Date: Sun, 27 Jan 2013 00:30:02 +0200
From: shimi linux...@shimi.net
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?

On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.il wrote:

This is not true in general under Israeli law, as I have found out myself from 
unfortunate personal experience. See 
http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2


This law is about telling the authorities about a CRIME THAT IS GOING TO 
HAPPEN, that you know about, so that the authorities can stop the criminal 
PRIOR to the act of crime.

Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the 
customer (they can't possibly know. like I've already said - chances of 
catching the source behind a DDoS are almost nil) - I personally find it 
difficult to understand
why you think this law is relevant on our case...



Hi Shimi,
This law is in fact applied to ongoing crime as well as futire crime. It's 
not enough that you know someone has been trafficking Ukrainain girls for 
two years already to exempt you from reporting it if you find out about 
it.




Also, not even sure that this is called a crime that happens within the borders 
of Israel. After all, the attacker, and his 'associate' computers, are all (for 
the lack of better knowledge) outside the borders of Israel when this happens. 
Again,
the Israeli police (or Government) has no jurisdiction over the whole 
Internet...



It's is enough for the victim to be affected in Israel for it to be a 
crime in Israel.




I think it is time for me to quote from the Serenity Prayer:

God, grant me the serenity to accept the things I cannot change, The courage to 
change the things I can, And wisdom to know the difference.

Of course, I wish your friend luck if he opts to pursue this anyways, with the 
hope for: a) any sort of success, and b) that he won't waste so much time/money 
on his attempts...



I'm wondering if there isn't a public policy initiative that we should be 
pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's 
necessary, but sometimes concrete action is required. The problem here is 
that some small players are getting soaked disproportionately for the 
county's wars.


 - yba




Good luck!

-- Shimi




--
 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA~. .~   Tk Open Systems
=}ooO--U--Ooo{=
 - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[shimi]

On Sun, Jan 27, 2013 at 1:54 AM, Jonathan Ben Avraham y...@tkos.co.ilwrote:

 On Sun, 27 Jan 2013, shimi wrote:

  Date: Sun, 27 Jan 2013 00:30:02 +0200

 From: shimi linux...@shimi.net
 To: Jonathan Ben Avraham y...@tkos.co.il
 Cc: ILUG linux-il@cs.huji.ac.il
 Subject: Re: [OT somewhat] DDOS attacks, where to report?

 On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.il
 wrote:

 This is not true in general under Israeli law, as I have found out myself
 from unfortunate personal experience. See http://he.wikipedia.org/wiki/%*
 *D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2


 This law is about telling the authorities about a CRIME THAT IS GOING TO
 HAPPEN, that you know about, so that the authorities can stop the criminal
 PRIOR to the act of crime.

 Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to
 the customer (they can't possibly know. like I've already said - chances of
 catching the source behind a DDoS are almost nil) - I personally find it
 difficult to understand
 why you think this law is relevant on our case...



 Hi Shimi,
 This law is in fact applied to ongoing crime as well as futire crime. It's
 not enough that you know someone has been trafficking Ukrainain girls for
 two years already to exempt you from reporting it if you find out about it.


This is not an ongoing crime. Your friend server is offline, the attacker
noticed and stopped bombarding. ISP is happy. That's the reason they
disconnected your friend at the first place - they knew their
infrastructure will no longer be attacked when they do. This is the reason
why people DDoS in the first place! Because it works...




  Also, not even sure that this is called a crime that happens within the
 borders of Israel. After all, the attacker, and his 'associate' computers,
 are all (for the lack of better knowledge) outside the borders of Israel
 when this happens. Again,
 the Israeli police (or Government) has no jurisdiction over the whole
 Internet...



 It's is enough for the victim to be affected in Israel for it to be a
 crime in Israel.


This may be true (I don't know our law. it was more of a quandary). Still,
jurisdiction over the entire Internet, not located in Israel? That's not
simple!



  I think it is time for me to quote from the Serenity Prayer:

 God, grant me the serenity to accept the things I cannot change, The
 courage to change the things I can, And wisdom to know the difference.

 Of course, I wish your friend luck if he opts to pursue this anyways,
 with the hope for: a) any sort of success, and b) that he won't waste so
 much time/money on his attempts...



 I'm wondering if there isn't a public policy initiative that we should be
 pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's
 necessary, but sometimes concrete action is required. The problem here is
 that some small players are getting soaked disproportionately for the
 county's wars.


I already asked and couldn't see your answer, so I will ask again: What
actions do you want your government to do against the computers in China,
North Korea, or Arab countries? Please elaborate. Don't just say that
'someone needs to do something' - tell us what can they do that they don't,
that would help in situations like this... also tell us what should they do
after they somehow made 20,000 computers clean, just to realize that in a
keystroke, the attacker infected 20,000 other computers, and all what they,
basically had no influence whatsoever.

b.t.w. why are you so sure that those are country's wars ? Running an
innocent IRC server is very likely to get you DDoS'd too. A decade ago,
DALnet, the biggest IRC network users-wise (AFAIK), had been on netsplit
more time than not, because someone DDoS'd them. For months. The network
lost servers because ISPs that donated them didn't want the headache -
their legitimate business got hurt. The network never recovered. At the top
they had  100k users online globally. This second the number is 12,727
users. Israel was not a side...

Your friend got DDoS'd because he got DDoS'd. The country he lives at had
nothing to do with it. Unless of course he hosted specific websites that
made people angry. If that was the case, it was his war, not the country's.
Sof Ma'ase, Be-Machashava Techila...

-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT somewhat] DDOS attacks, where to report?

[Jonathan Ben Avraham]

Hi Shimi,
The policy that I would expect is:

1. Possibly requiring licensed ISP's to offer extended anti-cyber-attack 
protection, for an extra price.


2. Requiring licensed ISP's to provide a specific basic level of cyber 
security as part of every offering.


3. Requiring reporting of cyber attacks that pass some level of damage 
or persistence or that can be identified as originating with a particular 
organization to a national information center.


4. Requiring on-line financial services and other specified services to 
implement specific security policies.



It's clear that the country is under concerted attack. I also know that 
*something* is being done or at least discussed at the national level. 
What appears to be lacking is protection for the smaller organizations and 
service providers.


 - yba



On Sun, 27 Jan 2013, shimi wrote:


Date: Sun, 27 Jan 2013 08:33:50 +0200
From: shimi linux...@shimi.net
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?



On Sun, Jan 27, 2013 at 1:54 AM, Jonathan Ben Avraham y...@tkos.co.il wrote:
  On Sun, 27 Jan 2013, shimi wrote:

Date: Sun, 27 Jan 2013 00:30:02 +0200
From: shimi linux...@shimi.net
To: Jonathan Ben Avraham y...@tkos.co.il
Cc: ILUG linux-il@cs.huji.ac.il
Subject: Re: [OT somewhat] DDOS attacks, where to report?

On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.il wrote:

This is not true in general under Israeli law, as I have found out myself from 
unfortunate personal experience. See 
http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2


This law is about telling the authorities about a CRIME THAT IS GOING TO 
HAPPEN, that you know about, so that the authorities can stop the criminal 
PRIOR to the act of crime.

Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the 
customer (they can't possibly know. like I've already said - chances of 
catching the source behind a DDoS are almost nil) - I personally find it 
difficult to
understand
why you think this law is relevant on our case...



Hi Shimi,
This law is in fact applied to ongoing crime as well as futire crime. It's not 
enough that you know someone has been trafficking Ukrainain girls for two years 
already to exempt you from reporting it if you find out about it.


This is not an ongoing crime. Your friend server is offline, the attacker 
noticed and stopped bombarding. ISP is happy. That's the reason they 
disconnected your friend at the first place - they knew their infrastructure 
will no longer be attacked
when they do. This is the reason why people DDoS in the first place! Because it 
works...
 


Also, not even sure that this is called a crime that happens within 
the borders of Israel. After all, the attacker, and his 'associate' computers, 
are all (for the lack of better knowledge) outside the borders of Israel when
this happens. Again,
the Israeli police (or Government) has no jurisdiction over the 
whole Internet...



It's is enough for the victim to be affected in Israel for it to be a crime in 
Israel.


This may be true (I don't know our law. it was more of a quandary). Still, 
jurisdiction over the entire Internet, not located in Israel? That's not simple!
 

I think it is time for me to quote from the Serenity Prayer:

God, grant me the serenity to accept the things I cannot change, The 
courage to change the things I can, And wisdom to know the difference.

Of course, I wish your friend luck if he opts to pursue this 
anyways, with the hope for: a) any sort of success, and b) that he won't waste 
so much time/money on his attempts...



I'm wondering if there isn't a public policy initiative that we should be 
pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's necessary, 
but sometimes concrete action is required. The problem here is that some small 
players
are getting soaked disproportionately for the county's wars.


I already asked and couldn't see your answer, so I will ask again: What actions 
do you want your government to do against the computers in China, North Korea, 
or Arab countries? Please elaborate. Don't just say that 'someone needs to do 
something'
- tell us what can they do that they don't, that would help in situations like 
this... also tell us what should they do after they somehow made 20,000 
computers clean, just to realize that in a keystroke, the attacker infected 
20,000 other
computers, and all what they, basically had no influence whatsoever.

b.t.w. why are you so sure that those are country's wars ? Running an 
innocent IRC server is very likely to get you DDoS'd too. A decade ago, DALnet, the 
biggest IRC network users-wise (AFAIK), had been on netsplit more time than not, because
someone DDoS'd them. For months. The network lost servers 

[OT] Troubleshooting Bezeq Int'l problems

[David Suna]

  
  
This is not directly related to Linux but the problem is also
occurring on my Linux machines. Since people here seem to be very
knowledgeable about how to diagnose and document problems with ISPs
I am turning to your collective wisdom for some help.

We have been using Bezeq Int'l as our ISP for years (ever since
Actcom was bought out). For the most part we have been satisfied
even if the Linux support in the early years was not the best. We
are now connected with a 20Mb DSL connection. Recently I have
noticed a problem with downloading certain zip file that the zip
files end up truncated. I.e. rather than downloading a zip file of
1.2 MB the download completes "successfully" but the zip file will
only be 800 KB and is obviously not usable. This does not happen on
all zip files and it does not seem to be connected to a particular
size of zip file (i.e. larger zip files will work sometimes). I
have not been able to pin point a particular characteristic of the
zip file that causes it to fail. Windows XP, Windows 7 and Ubuntu
all encounter the same problem. However, if I connect my laptop via
my phone's 3G network I am able to download the zip file without a
problem.

A second symptom that has come up recently is that when I have
clicked on some links, instead of going to the requested site I am
shown an error page from Bezeq Int'l saying that this site is
dangerous and I cannot go there. If I hit the back button and try
again I am able to get to the site without a problem.

Putting these two items together I have come to the theory that
Bezeq Int'l has updated their firewalls / anti virus software which
is somehow causing both of these issues. 

Has anyone else using Bezeq Int'l encountered similar problems?
Other than just calling and complaining are there any tools that I
can use to further trouble shoot the problem? If the support people
say it is not their problem I would like to have as much support as
possible to force them to deal with the issue.

Thanks,
-- 
David Suna
da...@davidsconsultants.com
  


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Troubleshooting Bezeq Int'l problems

[shimi]

On Sun, Jan 27, 2013 at 8:59 AM, David Suna da...@davidsconsultants.comwrote:

  This is not directly related to Linux but the problem is also occurring
 on my Linux machines.  Since people here seem to be very knowledgeable
 about how to diagnose and document problems with ISPs I am turning to your
 collective wisdom for some help.

 We have been using Bezeq Int'l as our ISP for years (ever since Actcom was
 bought out).  For the most part we have been satisfied even if the Linux
 support in the early years was not the best.  We are now connected with a
 20Mb DSL connection.  Recently I have noticed a problem with downloading
 certain zip file that the zip files end up truncated.  I.e. rather than
 downloading a zip file of 1.2 MB the download completes successfully but
 the zip file will only be 800 KB and is obviously not usable.  This does
 not happen on all zip files and it does not seem to be connected to a
 particular size of zip file (i.e. larger zip files will work sometimes).  I
 have not been able to pin point a particular characteristic of the zip file
 that causes it to fail.  Windows XP, Windows 7 and Ubuntu all encounter the
 same problem.  However, if I connect my laptop via my phone's 3G network I
 am able to download the zip file without a problem.

 A second symptom that has come up recently is that when I have clicked on
 some links, instead of going to the requested site I am shown an error page
 from Bezeq Int'l saying that this site is dangerous and I cannot go there.
 If I hit the back button and try again I am able to get to the site without
 a problem.

 Putting these two items together I have come to the theory that Bezeq
 Int'l has updated their firewalls / anti virus software which is somehow
 causing both of these issues.

 Has anyone else using Bezeq Int'l encountered similar problems?  Other
 than just calling and complaining are there any tools that I can use to
 further trouble shoot the problem?  If the support people say it is not
 their problem I would like to have as much support as possible to force
 them to deal with the issue.


 Do you use Bezeq Int's DNS services?

If so, try switching to 8.8.8.8 and 8.8.4.4, see if it helps.

-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Parts of the internet keep on disappearing on me

[shimi]

On Thu, Jan 24, 2013 at 2:53 PM, Shachar Shemesh shac...@shemesh.bizwrote:

  On 01/24/2013 02:44 PM, E.S. Rosenberg wrote:



 When you enable timestamps they don't match so the packet is discarded, this 
 could be due to the ISP fiddling with the packets on the way.

  I know what timestamp is, and what it is used for. I have not, yet,
 rebooted to see whether this does not happen when the problem is dormant.
 What I told Shimi was that I want as much information as possible, and
 since he seems to know a bit about it, I would like to hear it all.


If you want to know it all, I never did manage to penetrate the first-line
representative (What's MTR? send me Windows traceroute so I can't see the
instability over time!). Arguing with customer service is like fighting
the Borg. Resistance is futile...

So I solved it the way I know best: If you can't change them, show them you
put your money where your mouth is. Just like I did to Orange. I am waiting
for the day that most people in Israel would be like that, but
unfortunately, that day does not seem close :( We only care about
substantially lower price to make a difference... like what was caused by
Golan T. Some people not even that (still pay  100NIS/mo. for even
sometimes a LIMITED cell line...)

Now I am connected through another ISP (which funnily enough, uses BezeqInt
for Intl' traffic, at least per traceroute, and is actually cheaper...),
and the problem is gone[*]. Now you know how I knew you were there...

-- Shimi

[*] Of course, that may have been sheer luck. It might happen to me again
one bright day in the future :) But for now, it probably simply doesn't
pass through their QoS engine, probably because the ISP has a fixed
bandwidth with them, and they don't really care _what_ passes on the link...
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il