[WISPA] contract for use or tower
I'm looking for a good contract to use for exclusive use of someone's tower. Anyone want to share what they have with us? Would save me tons of time. :-) TX Liam WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] contract for use or tower
If you're a WISPA member, I think the wiki has a number of sample contracts. Chuck Sent from my iPad On Aug 2, 2010, at 8:50 AM, Liam Cummings lcummi...@datacomspecialists.com wrote: I’m looking for a good contract to use for exclusive use of someone’s tower. Anyone want to share what they have with us? Would save me tons of time. J TX Liam WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] DOS attack
I noticed on Friday that everything I had seemed very slow. I went through checking the usual things and found no problem. After digging into everything I could put my hands on, I resorted to calling my upstream to see if they noticed any problems. They of course said no. At 430 that afternoon I got a call from one of their engineers stating that they had experienced a DOS attack that was affecting certain customers. They made some changes and it actually seemed to work better than before. Even my latency times had dropped. Today the problem seems to be creeping back to the same way it was Friday. My question is, is there a way to determine in the future that this is happening. Is there something specific that would lead me to the conclusion that in fact that is what is going on. -- Jeremie Chism TritonDataLink WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] XBOX live, NAT, and UPnP
So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
You need one of the 4.x releases of MT for XBox uPNP to work. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 9:07 AM, Kurt Fankhauser wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com http://www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
Well, if its not hitting YOU then its not to easy to tell. If its hitting your routers you should see it. But if your upstream is getting attacked that's a whole different story. We share a upstream router with a datacenter a few cities over. They got hit hard from china asia a year or two ago, Like busting to 1.2Gb/s if I recall correctly. At first we were getting crazy packet loss because the upstream router was getting hammered. After that they put in a few rules to drop the traffic and that made it stable, But latency was like +140ms going into it. Long story short, If you see latency climbing up, More so then normal for peak time, It could be an attack. Even dropping packets takes CPU time. And if you have that many, It can really slow things down. Nick Olsen Network Operations (321) 205-1100 x106 From: Jeremie Chism jchi...@gmail.com Sent: Monday, August 02, 2010 10:04 AM To: WISPA General List wireless@wispa.org Subject: [WISPA] DOS attack I noticed on Friday that everything I had seemed very slow. I went through checking the usual things and found no problem. After digging into everything I could put my hands on, I resorted to calling my upstream to see if they noticed any problems. They of course said no. At 430 that afternoon I got a call from one of their engineers stating that they had experienced a DOS attack that was affecting certain customers. They made some changes and it actually seemed to work better than before. Even my latency times had dropped. Today the problem seems to be creeping back to the same way it was Friday. My question is, is there a way to determine in the future that this is happening. Is there something specific that would lead me to the conclusion that in fact that is what is going on. -- Jeremie Chism TritonDataLink WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I've heard it a bit. Personally, I've never had a problem when my Xbox would list my NAT as strict. But I've heard people scream about it. You can either port forward to them, Or enable UPnP and it will do it for you. If your double NAT-ing then you will need to do it on both routers as UPnP will only cover the one closest to the Xbox. And if they have multiple xbox consoles you can only port forward to one, Or give them multiple statics. Just my experiences with it... Nick Olsen Network Operations (321) 205-1100 x106 From: Kurt Fankhauser k...@wavelinc.com Sent: Monday, August 02, 2010 10:11 AM To: WISPA General List wireless@wispa.org Subject: [WISPA] XBOX live, NAT, and UPnP So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
The easy answer is give the complainers a public. The problem you will run into is XBOX live tells them their nat status. In my experience you will have the people who are being told by Microsoft they need to have a simple nat or whatever the box tells them. You can make it work with UPnP, but you should have a router which fully supports it. Mikrotik has to be pretty much 4.5 or higher. Even then it has issues. Xbox live will work good with a moderate nat setting. This is normally a single NAT. What you will run into is gamers try to squeeze every last ³drop² out of their Internet. No matter what you tell them they won¹t rest until their settings/network/controls are ideal, at least according to them. Justin -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting Tower Climbing Network Support From: Kurt Fankhauser k...@wavelinc.com Reply-To: WISPA General List wireless@wispa.org Date: Mon, 2 Aug 2010 10:07:57 -0400 To: 'WISPA General List' wireless@wispa.org Subject: [WISPA] XBOX live, NAT, and UPnP So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP¹s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com http://www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
Jeremie
there are a few ways to investigate a suspect DOS attack.
First and foremost you want to take a peek at your incoming connections.
Do you see a large influx of incoming traffic?
If so - are you able to identify where it is coming from?
Chances are if you know where it is coming from you can simply ask your
provider to null route the traffic ahead of you.
Commands like netstat -na can be a great friend in these cases if you have the
ability to place something in between the connections.
I personally love PFSense for this reason. PFSense can operate as a
transparent firewall (and many other things... ) But for Free - it is an
excellent tool - loads on virtually any x86 system with 2 NIC cards.
Anyhow - Folks that do Dos or DDos (Distributed Denial of Service) generally
attack port 80 as well as mail ports.
Many WISPs will keep port 80 open to the general public so they can reach the
radio's configuration windows.
While it is not something I would suggest - for a variety of reasons - chances
are the port 80 of a customers radio is what is getting wacked.
Generally dDos come in as udp packets to other ports - simply because of how
UDP works - it does not cause them as much of an issue as it would you.
So - a few commands might help here.
netstat -lpn | grep :80 | awk '{print $5}'|cut -d: -f 1|sort|uniq -c|sort -nk 1
you can change the 80 above to any port you wish such as 25 for smtp, 53 for
dns/named , etc etc etc...
This should show you the # of connections from a specific IP.
If you have a small # of connections from very large numbers of IP addresses -
then chances are you might be under DDOS.
If there are a very large # of connections from just a few ip's than it should
be simple enough to ask the ISP to block or null route those IP addresses.
One last note -
You might want to check the IP's against nslookup or use the DNSStuff.com
toolset.
I have helped a few through these over the years and when they block the DNS
servers many folks use like 208.67.222.222 or 8.8.8.8 it really stinks for
folks... for sure.
So you want to make sure you are blocking the right thing of course.
Are you running anything like NTOP ? There are a few simple things to have in
place to watch incoming traffic when needed vs hoping that it goes away...
Kick back to me if your lost - and we can go off list for some help
Glenn
On Aug 2, 2010, at 9:56 AM, Jeremie Chism wrote:
I noticed on Friday that everything I had seemed very slow. I went through
checking the usual things and found no problem. After digging into
everything I could put my hands on, I resorted to calling my upstream to see
if they noticed any problems. They of course said no. At 430 that afternoon
I got a call from one of their engineers stating that they had experienced
a DOS attack that was affecting certain customers. They made some changes
and it actually seemed to work better than before. Even my latency times had
dropped. Today the problem seems to be creeping back to the same way it was
Friday. My question is, is there a way to determine in the future that this
is happening. Is there something specific that would lead me to the
conclusion that in fact that is what is going on.
--
Jeremie Chism
TritonDataLink
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
_
Glenn Kelley | Principle | HostMedic |www.HostMedic.com
Email: gl...@hostmedic.com
Pplease don't print this e-mail unless you really need to.
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
to 1.2Gb/s if I recall correctly. At first we were getting crazy packet loss because the upstream router was getting hammered. After that they put in a few rules to drop the traffic and that made it stable, But latency was like +140ms going into it. What rules can really help a DOS attack? I just see it as hard to block since usually its coming from thousands of different IP's. I imagine it could look like TCP, UDP or etc. How can a router tell whats legitimate and not? Matt WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
Well, I believe in this case it was all Asia IP space, Mostly from the same hand full of subnets. So they dropped the associated /24's Nick Olsen Network Operations (321) 205-1100 x106 From: Matt lm7...@gmail.com Sent: Monday, August 02, 2010 10:56 AM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] DOS attack to 1.2Gb/s if I recall correctly. At first we were getting crazy packet loss because the upstream router was getting hammered. After that they put in a few rules to drop the traffic and that made it stable, But latency was like +140ms going into it. What rules can really help a DOS attack? I just see it as hard to block since usually its coming from thousands of different IP's. I imagine it could look like TCP, UDP or etc. How can a router tell whats legitimate and not? Matt WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -- Sent from my mobile device WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
I see a lot of replies about what to do if *you* are the target of a DOS attack but not many about how to tell if your upstream is getting slammed. Really a DOS attack on a upstream should have symptoms of any other upstream capacity issue that you want to know about, just it will probably have a sudden onset. We use smokeping ( http://oss.oetiker.ch/smokeping/ ) to watch latency to our upstream and key points on the internet. If your provider gets congested you will see latency and packet loss go up. Depending on your monitoring point selection you can see which of your upstream's upstream links are congested, or all of them. It is also a good way to keep a eye on network performance if you are concerned about VoIP quality. On Mon, Aug 2, 2010 at 8:56 AM, Jeremie Chism jchi...@gmail.com wrote: I noticed on Friday that everything I had seemed very slow. I went through checking the usual things and found no problem. After digging into everything I could put my hands on, I resorted to calling my upstream to see if they noticed any problems. They of course said no. At 430 that afternoon I got a call from one of their engineers stating that they had experienced a DOS attack that was affecting certain customers. They made some changes and it actually seemed to work better than before. Even my latency times had dropped. Today the problem seems to be creeping back to the same way it was Friday. My question is, is there a way to determine in the future that this is happening. Is there something specific that would lead me to the conclusion that in fact that is what is going on. -- Jeremie Chism TritonDataLink WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
Thanks. I am looking into all of that now.
On Mon, Aug 2, 2010 at 9:44 AM, Glenn Kelley gl...@hostmedic.com wrote:
Jeremie
there are a few ways to investigate a suspect DOS attack.
First and foremost you want to take a peek at your incoming connections.
Do you see a large influx of incoming traffic?
If so - are you able to identify where it is coming from?
Chances are if you know where it is coming from you can simply ask your
provider to null route the traffic ahead of you.
Commands like netstat -na can be a great friend in these cases if you
have the ability to place something in between the connections.
I personally love PFSense for this reason. PFSense can operate as a
transparent firewall (and many other things... ) But for Free - it is an
excellent tool - loads on virtually any x86 system with 2 NIC cards.
Anyhow - Folks that do Dos or DDos (Distributed Denial of Service)
generally attack port 80 as well as mail ports.
Many WISPs will keep port 80 open to the general public so they can reach
the radio's configuration windows.
While it is not something I would suggest - for a variety of reasons -
chances are the port 80 of a customers radio is what is getting wacked.
Generally dDos come in as udp packets to other ports - simply because of
how UDP works - it does not cause them as much of an issue as it would you.
So - a few commands might help here.
netstat -lpn | grep :80 | awk '{print $5}'|cut -d: -f 1|sort|uniq -c|sort
-nk 1
you can change the 80 above to any port you wish such as 25 for smtp, 53
for dns/named , etc etc etc...
This should show you the # of connections from a specific IP.
If you have a small # of connections from very large numbers of IP
addresses - then chances are you might be under DDOS.
If there are a very large # of connections from just a few ip's than it
should be simple enough to ask the ISP to block or null route those IP
addresses.
One last note -
You might want to check the IP's against nslookup or use the
DNSStuff.comtoolset.
I have helped a few through these over the years and when they block the
DNS servers many folks use like 208.67.222.222 or 8.8.8.8 it really stinks
for folks... for sure.
So you want to make sure you are blocking the right thing of course.
Are you running anything like NTOP ? There are a few simple things to have
in place to watch incoming traffic when needed vs hoping that it goes
away...
Kick back to me if your lost - and we can go off list for some help
Glenn
On Aug 2, 2010, at 9:56 AM, Jeremie Chism wrote:
I noticed on Friday that everything I had seemed very slow. I went through
checking the usual things and found no problem. After digging into
everything I could put my hands on, I resorted to calling my upstream to see
if they noticed any problems. They of course said no. At 430 that
afternoon I got a call from one of their engineers stating that they had
experienced a DOS attack that was affecting certain customers. They made
some changes and it actually seemed to work better than before. Even my
latency times had dropped. Today the problem seems to be creeping back to
the same way it was Friday. My question is, is there a way to determine in
the future that this is happening. Is there something specific that would
lead me to the conclusion that in fact that is what is going on.
--
Jeremie Chism
TritonDataLink
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
_
*Glenn Kelley | Principle | HostMedic |www.HostMedic.com *
Email: gl...@hostmedic.com
Pplease don't print this e-mail unless you really need to.
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
Jeremie Chism
TritonDataLink
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
This could be a huge advantage to you. Walk with me a second... or two. If a client wishes a Dedicated IP address that works for services such as Gaming, VPN, etc. Then let them pay a little extra for it. I see this as a natural money maker myself. -- glenn On Aug 2, 2010, at 11:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -- Sent from my mobile device WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
http://staros.tog.net/wiki/List_of_APNIC_IP_Blocks
There is a more up to date list somewhere, but at a previous company I
worked for we ended up blocking lots of APNIC. Saw way too many
scans/hack-attempts/DOS from them. Occasionally had a customer (twice in
five years) complain about no access to their Russian/Asian bride sites
- in those cases we track down the server's IP or subnet and unblock.
Nick
On 8/2/2010 8:10 AM, Jeremie Chism wrote:
Thanks. I am looking into all of that now.
On Mon, Aug 2, 2010 at 9:44 AM, Glenn Kelley gl...@hostmedic.com
mailto:gl...@hostmedic.com wrote:
Jeremie
there are a few ways to investigate a suspect DOS attack.
First and foremost you want to take a peek at your incoming
connections.
Do you see a large influx of incoming traffic?
If so - are you able to identify where it is coming from?
Chances are if you know where it is coming from you can simply ask
your provider to null route the traffic ahead of you.
Commands like netstat -na can be a great friend in these cases if
you have the ability to place something in between the connections.
I personally love PFSense for this reason. PFSense can operate
as a transparent firewall (and many other things... ) But for
Free - it is an excellent tool - loads on virtually any x86
system with 2 NIC cards.
Anyhow - Folks that do Dos or DDos (Distributed Denial of
Service) generally attack port 80 as well as mail ports.
Many WISPs will keep port 80 open to the general public so they
can reach the radio's configuration windows.
While it is not something I would suggest - for a variety of
reasons - chances are the port 80 of a customers radio is what is
getting wacked.
Generally dDos come in as udp packets to other ports - simply
because of how UDP works - it does not cause them as much of an
issue as it would you.
So - a few commands might help here.
netstat -lpn | grep :80 | awk '{print $5}'|cut -d: -f 1|sort|uniq
-c|sort -nk 1
you can change the 80 above to any port you wish such as 25 for
smtp, 53 for dns/named , etc etc etc...
This should show you the # of connections from a specific IP.
If you have a small # of connections from very large numbers of IP
addresses - then chances are you might be under DDOS.
If there are a very large # of connections from just a few ip's
than it should be simple enough to ask the ISP to block or null
route those IP addresses.
One last note -
You might want to check the IP's against nslookup or use the
DNSStuff.com http://DNSStuff.com toolset.
I have helped a few through these over the years and when they
block the DNS servers many folks use like 208.67.222.222 or
8.8.8.8 it really stinks for folks... for sure.
So you want to make sure you are blocking the right thing of course.
Are you running anything like NTOP ? There are a few simple
things to have in place to watch incoming traffic when needed vs
hoping that it goes away...
Kick back to me if your lost - and we can go off list for some help
Glenn
On Aug 2, 2010, at 9:56 AM, Jeremie Chism wrote:
I noticed on Friday that everything I had seemed very slow. I
went through checking the usual things and found no problem.
After digging into everything I could put my hands on, I
resorted to calling my upstream to see if they noticed any
problems. They of course said no. At 430 that afternoon I got a
call from one of their engineers stating that they had
experienced a DOS attack that was affecting certain customers.
They made some changes and it actually seemed to work better
than before. Even my latency times had dropped. Today the
problem seems to be creeping back to the same way it was Friday.
My question is, is there a way to determine in the future that
this is happening. Is there something specific that would lead
me to the conclusion that in fact that is what is going on.
--
Jeremie Chism
TritonDataLink
WISPA Wants You! Join today!
http://signup.wispa.org/
WISPA Wireless List: wireless@wispa.org mailto:wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
_
*Glenn Kelley | Principle | HostMedic |www.HostMedic.com
http://www.HostMedic.com *
Email: gl...@hostmedic.com mailto:gl...@hostmedic.com
Pplease don't print this e-mail unless you really need to.
Re: [WISPA] XBOX live, NAT, and UPnP
Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
One good example I can bring up is a customer that has an Xbox plugged in to a WGT624v4 (nat 1), into our MT CPE (nat 2), goes through backhauls - Redline, Mikrotik, into our core router (nat 3). He has never once complained about any Xbox issues. His #1 concern when signing up was that the Xbox would work. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:55 AM, Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/
Re: [WISPA] XBOX live, NAT, and UPnP
or do 1 to 1 nat On Aug 2, 2010, at 11:31 AM, Adam Kennedy wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
FRIENDS DONT LET FRIENDS BRIDGE NETWORKS - what happens when they place something in a loop on their network - unless you are STP ready - you will have fun tracking it down. On Aug 2, 2010, at 11:55 AM, Kurt Fankhauser wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives:
Re: [WISPA] XBOX live, NAT, and UPnP
Call it a gaming package and it will sell like hotcakes. -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting Tower Climbing Network Support From: Kurt Fankhauser k...@wavelinc.com Reply-To: WISPA General List wireless@wispa.org Date: Mon, 2 Aug 2010 11:55:24 -0400 To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] XBOX live, NAT, and UPnP Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org
[WISPA] Looking for a voice consultant
I am looking for someone who can assist with deploying a voice solution for us. Billing, provisioning, SIP, and SS7 required. Please contact me offlist. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
At 8/2/2010 12:07 PM, Glenn Kelley wrote: FRIENDS DONT LET FRIENDS BRIDGE NETWORKS - what happens when they place something in a loop on their network - unless you are STP ready - you will have fun tracking it down. Have the vendors in this space caught up to Carrier Ethernet yet? LAN bridging, based on MAC addresses, is a really bad idea, outside of a small LAN of course. But in the fiber optic world, the big thing nowadays is Carrier Ethernet. This is not bridging, but is a newer layer 2 network based on Ethernet framing. It uses VLAN tags for everything, assigning QoS (CIR, EIR) to each VLAN, and using RSTP (sort of the low common denominator) or something smarter to build the paths. I sometimes call it Ethernet framed Frame Relay. RouterOS seems to know about 802.1q VLANs in the old sense but not much more. Anybody out there using CE for anything wireless? On Aug 2, 2010, at 11:55 AM, Kurt Fankhauser wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman mailto:j...@imaginenetworksllc.comj...@imaginenetworksllc.com To: WISPA General List mailto:wireless@wispa.orgwireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP -- Fred Goldsteink1io fgoldstein at ionary.com ionary Consulting http://www.ionary.com/ +1 617 795 2701 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
uPNP on the only router between public and private will play friendly with multiple XBoxes. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 9:32 AM, Nick Olsen wrote: I've heard it a bit. Personally, I've never had a problem when my Xbox would list my NAT as strict. But I've heard people scream about it. You can either port forward to them, Or enable UPnP and it will do it for you. If your double NAT-ing then you will need to do it on both routers as UPnP will only cover the one closest to the Xbox. And if they have multiple xbox consoles you can only port forward to one, Or give them multiple statics. Just my experiences with it... Nick Olsen Network Operations (321) 205-1100 x106 *From*: Kurt Fankhauser k...@wavelinc.com *Sent*: Monday, August 02, 2010 10:11 AM *To*: WISPA General List wireless@wispa.org *Subject*: [WISPA] XBOX live, NAT, and UPnP So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com http://www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
Correction: A DDoS comes from thousands of IPs, a DOS from a few or singular. (Distributed being the difference.) - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 9:56 AM, Matt wrote: to 1.2Gb/s if I recall correctly. At first we were getting crazy packet loss because the upstream router was getting hammered. After that they put in a few rules to drop the traffic and that made it stable, But latency was like +140ms going into it. What rules can really help a DOS attack? I just see it as hard to block since usually its coming from thousands of different IP's. I imagine it could look like TCP, UDP or etc. How can a router tell whats legitimate and not? Matt WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I plan to IPv6 in the next year or so. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 10:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
We have a network of 7 routers that is running dual stack. Actually have some customers receiving IPV6 addresses. Justin -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting Tower Climbing Network Support From: Mike Hammett wispawirel...@ics-il.net Reply-To: WISPA General List wireless@wispa.org Date: Mon, 02 Aug 2010 12:00:42 -0500 To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] XBOX live, NAT, and UPnP I plan to IPv6 in the next year or so. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 10:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] ITElite
What company would the quality of ITElite antennas best compare to? I'm interested in their dual polarity 5 GHz CPE and APs, both with integrated radio enclosures. -- - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
we do. RickG wrote: So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: "Josh Luthman" j...@imaginenetworksllc.com To: "WISPA General List" wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. >From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Default for everything I'm aware of is off. Unless someone has a different experience? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 3:41 PM, Blair Davis the...@wmwisp.net wrote: we do. RickG wrote: So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA
Re: [WISPA] XBOX live, NAT, and UPnP
I do and only do manual port forwarding. Greg On Aug 2, 2010, at 1:51 PM, RickG wrote: So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Five bucks? TW and ATT charges fifteen bucks or more for a static around here. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 7:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today!
Re: [WISPA] XBOX live, NAT, and UPnP
Ditto! From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, August 02, 2010 7:30 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
On Mon, Aug 02, 2010 at 09:56:01AM -0500, Matt wrote: to 1.2Gb/s if I recall correctly. At first we were getting crazy packet loss because the upstream router was getting hammered. After that they put in a few rules to drop the traffic and that made it stable, But latency was like +140ms going into it. What rules can really help a DOS attack? I just see it as hard to block since usually its coming from thousands of different IP's. I imagine it could look like TCP, UDP or etc. How can a router tell whats legitimate and not? You get your upstream to block the traffic. If they overwhelm your upstream, your upstream gets their neighbor(s) to block the traffic. Lather, Rinse, Repeat. If you are speaking BGP to your upstream, they may have communities you can use to automagically direct them to blackhole the target IP, or the source IPs if the source is that limited. The IP they are attacking is probably going down from the Internet's perspective either way. The difference is if the rest of your space is able to remain online. Announce the community; then call your provider(s) to see if there are better mitigation methods. Luckily, we haven't had that problem here for a long time. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] DOS attack
On Mon, Aug 02, 2010 at 10:09:04AM -0500, Jon Auer wrote: I see a lot of replies about what to do if *you* are the target of a DOS attack but not many about how to tell if your upstream is getting slammed. Really a DOS attack on a upstream should have symptoms of any other upstream capacity issue that you want to know about, just it will probably have a sudden onset. While you are having issues, you can run MTR to various places. If you show latency jumps at a particular hop, you pretty much know who is having the problem and can start calling folks in that direction. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] ATT fiber
A new fiber demarc was installed in the same building as we are.Anyone have contact info for Michigan rep? Thanks! Jason WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) On Aug 2, 2010, at 7:30 PM, Josh Luthman wrote: Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
BellSouth (ATT) charges $10. On Mon, Aug 2, 2010 at 7:27 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives:
Re: [WISPA] XBOX live, NAT, and UPnP
Or dreaming. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Monday, August 02, 2010 8:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) On Aug 2, 2010, at 7:30 PM, Josh Luthman wrote: Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
For residential we charge 10 per month too, Business is included in the monthly billing... Chuck Profito 209-988-7388 CV-Access, Inc. www.cv-access.com / cprofito'at'cv-access.com Providing Broadband Internet Access to California's Rural Central Valley -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Monday, August 02, 2010 5:59 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP BellSouth (ATT) charges $10. On Mon, Aug 2, 2010 at 7:27 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/
Re: [WISPA] XBOX live, NAT, and UPnP
Fired. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Mike Sent: Monday, August 02, 2010 9:46 PM To: 'WISPA General List' Subject: Re: [WISPA] XBOX live, NAT, and UPnP Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe:
Re: [WISPA] XBOX live, NAT, and UPnP
On 2 August 2010 20:26, Glenn Kelley gl...@hostmedic.com wrote: Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) For a *static* or just for a public IP address? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Yup! -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Robert West Sent: Monday, August 02, 2010 8:57 PM To: 'WISPA General List' Subject: Re: [WISPA] XBOX live, NAT, and UPnP Fired. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
With me, a static and public is one in the same. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jeremy Parr Sent: Monday, August 02, 2010 9:57 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP On 2 August 2010 20:26, Glenn Kelley gl...@hostmedic.com wrote: Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) For a *static* or just for a public IP address? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] FW: About to switch
Oh, I just have to share my Time Warner drama. Moved the office, gave them over 30 days’ notice to move our copper and fiber but still hasn’t happened. Imagine crawling under your neighbors deck at 7 AM , dragging coax, just to connect into their coax drop with no permission to do so just to get your phones and office internet to work. The joy of being in business. At least I didn’t get shot. Our salesman is “Quite Angry”. Right. Read below. Who Else- From: Morris, John [mailto:john.morr...@twcable.com] Sent: Monday, August 02, 2010 9:37 PM To: 'robert.w...@just-micro.com' Subject: Re: About to switch I don't know how you keep your since of humor after all this. I am quite angry that this happened to one of my customers, especially a good customer such as yourself. Try and have a good evening as well. -- Sent using BlackBerry _ From: Robert West robert.w...@just-micro.com To: Morris, John Sent: Mon Aug 02 21:20:55 2010 Subject: RE: About to switch Yes but over a month just to get an installer to show up for no more than half an hour is crazy. We went live today and if I hadn’t of taken care of it myself we would have been dead in the water. With the economy the way it is, we can ‘t take the risk of even one day with no one answering the phones. Think about it. Moving a business from a location where people are used to seeing you for over 7 years (We’ve been in business for 11 years) and then no answer on the phone? Makes it look like we closed for good and THAT’S the unacceptable thing. A sense of urgency and continuity. I really don’t see that with our vendors, not just you. I’m already stressed. When we moved to our old location 7 years ago it went smooth. This could have been a mess for the average business owner and a sure ending of their business. We’re just lucky that we’ll risk breaking the law to make sure all systems are functional. We shouldn’t have to dig out used coax and connectors, crawl under a neighbors deck and connect into their TW drop without asking at seven in the morning.. It’s not a personal thing, it’s about survival. That’s what has made us winners and I’ll continue being outside that box regardless of the cost. Certainly there is a process over at TW that gets the install done and over. Just push that panic button and it’s all good. To be contacted to “schedule” an install after 30 days is insulting. We just aren’t that important. That’s the way it looks. I really shouldn’t have to deal with it any more than I had to deal with moving the electric service. Done and done. I’ll be looking for boy tomorrow. If he doesn’t show I’ll take the angle grinder to the lock on the TW box on the pole. If arrested at least it will make good publicity! (I’ll do it without a shirt, it makes for better TV) HA! Trust me, I’m crazy enough to call the cops myself so it makes a scene. They are aware and in awe of my “I Don’t give a Shitness”. Principal wins. Still laughing. Too tired to do otherwise. Have a good night. Bob- From: Morris, John [mailto:john.morr...@twcable.com] Sent: Monday, August 02, 2010 8:14 PM To: 'robert.w...@just-micro.com' Subject: Re: About to switch Honestly Robert I'm doing everything I can that's why they finally contacted you today. I'm trying to get them out their first thing tomorrow. Again I apologize. Don't give up on me yet! -- Sent using BlackBerry _ From: Robert West robert.w...@just-micro.com To: Morris, John Sent: Mon Aug 02 19:17:50 2010 Subject: About to switch John, If the Time Warner installer boy doesn’t show up tomorrow I’m having the phones switched back to ATT. I just can’t deal with this crap. In a business, the phones are number one but TW seems to have no sense of urgency even though we pay way more for phones than residential. There is a price difference for a reason. I have enough to deal with. Sorry. Robert West Just Micro Digital Services Inc. _ This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. WISPA Wants You! Join today!
Re: [WISPA] FW: About to switch
At least you still have your since of humor. I think you should be proud of yourself for knowing how to make it work instead of just sitting there staring at it until someone else fixes it. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:20 PM, Robert West robert.w...@just-micro.com wrote: Oh, I just have to share my Time Warner drama. Moved the office, gave them over 30 days’ notice to move our copper and fiber but still hasn’t happened. Imagine crawling under your neighbors deck at 7 AM , dragging coax, just to connect into their coax drop with no permission to do so just to get your phones and office internet to work. The joy of being in business. At least I didn’t get shot. Our salesman is “Quite Angry”. Right. Read below. Who Else- From: Morris, John [mailto:john.morr...@twcable.com] Sent: Monday, August 02, 2010 9:37 PM To: 'robert.w...@just-micro.com' Subject: Re: About to switch I don't know how you keep your since of humor after all this. I am quite angry that this happened to one of my customers, especially a good customer such as yourself. Try and have a good evening as well. -- Sent using BlackBerry From: Robert West robert.w...@just-micro.com To: Morris, John Sent: Mon Aug 02 21:20:55 2010 Subject: RE: About to switch Yes but over a month just to get an installer to show up for no more than half an hour is crazy. We went live today and if I hadn’t of taken care of it myself we would have been dead in the water. With the economy the way it is, we can ‘t take the risk of even one day with no one answering the phones. Think about it. Moving a business from a location where people are used to seeing you for over 7 years (We’ve been in business for 11 years) and then no answer on the phone? Makes it look like we closed for good and THAT’S the unacceptable thing. A sense of urgency and continuity. I really don’t see that with our vendors, not just you. I’m already stressed. When we moved to our old location 7 years ago it went smooth. This could have been a mess for the average business owner and a sure ending of their business. We’re just lucky that we’ll risk breaking the law to make sure all systems are functional. We shouldn’t have to dig out used coax and connectors, crawl under a neighbors deck and connect into their TW drop without asking at seven in the morning.. It’s not a personal thing, it’s about survival. That’s what has made us winners and I’ll continue being outside that box regardless of the cost. Certainly there is a process over at TW that gets the install done and over. Just push that panic button and it’s all good. To be contacted to “schedule” an install after 30 days is insulting. We just aren’t that important. That’s the way it looks. I really shouldn’t have to deal with it any more than I had to deal with moving the electric service. Done and done. I’ll be looking for boy tomorrow. If he doesn’t show I’ll take the angle grinder to the lock on the TW box on the pole. If arrested at least it will make good publicity! (I’ll do it without a shirt, it makes for better TV) HA! Trust me, I’m crazy enough to call the cops myself so it makes a scene. They are aware and in awe of my “I Don’t give a Shitness”. Principal wins. Still laughing. Too tired to do otherwise. Have a good night. Bob- From: Morris, John [mailto:john.morr...@twcable.com] Sent: Monday, August 02, 2010 8:14 PM To: 'robert.w...@just-micro.com' Subject: Re: About to switch Honestly Robert I'm doing everything I can that's why they finally contacted you today. I'm trying to get them out their first thing tomorrow. Again I apologize. Don't give up on me yet! -- Sent using BlackBerry From: Robert West robert.w...@just-micro.com To: Morris, John Sent: Mon Aug 02 19:17:50 2010 Subject: About to switch John, If the Time Warner installer boy doesn’t show up tomorrow I’m having the phones switched back to ATT. I just can’t deal with this crap. In a business, the phones are number one but TW seems to have no sense of urgency even though we pay way more for phones than residential. There is a price difference for a reason. I have enough to deal with. Sorry. Robert West Just Micro Digital Services Inc. This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination,
Re: [WISPA] XBOX live, NAT, and UPnP
I see 15/month for static public all the time here. I guess it depends on your market. But I also have comcast doing 50/5 here to. Sent from my iPhone On Aug 2, 2010, at 6:27 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List:
Re: [WISPA] XBOX live, NAT, and UPnP
True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives:
Re: [WISPA] XBOX live, NAT, and UPnP
Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com - --- WISPA Wants You! Join today! http://signup.wispa.org/
Re: [WISPA] XBOX live, NAT, and UPnP
Are you always that quick to jump to conclusions? I guess I am just spoiled living in CA and NV as all the ISPs I have ever known of assign IP addresses either free or $5 per month. Jeremie Chism jchi...@gmail.com wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/
Re: [WISPA] XBOX live, NAT, and UPnP
Robert, what upstream is charging $15 per month? If that is true, I have a portable /19 I am going to start renting.. John Robert West robert.w...@just-micro.com wrote: Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com
Re: [WISPA] [WISPA Members] Health Insurance
yeah, cash pay works, until you get a stroke, heart attack, cancer, etc Even when you have good insurance, it can mean still having to come up with a few hundred thousand out of pocket. Often cash pay translates to... if you have a serious illness, you cant afford to chose to live. I dont mean to be bleak, but that is the reality of it. Sure, I understand that some for financial reasons must choose to fore go insurance. But I'd surely prefer to find more affordable insurance, than fore go insurance. Affording Healthcare is surely a big issue today. I actually find it somewhat ironic that some countries have made broadband a human right. I'd argue that healthcare (aka affordable insurance) far more deserves to be made a human right. Tom DeReggi RapidDSL Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: Cameron Crum To: WISPA General List Sent: Saturday, July 31, 2010 5:56 PM Subject: Re: [WISPA] [WISPA Members] Health Insurance Negotiate directly with your doctor or the hospital. I've been cash pay for years. About a year and a half ago, my then 2 year old got outside un-noticed and fell into our pool. He was at the bottom when we found him and my wife, being a trained lifegaurd, was able to perform cpr and get his pulse and breath back. That combined with the cold temperature of the water (early december), and the grace of God left him with no brain damage or permanent problems. Our trip to the ermergency room plus overnight stay in the hospital was more than $12,000. I negotiated with the hospital, the doctors, and the ambulance company (all different bills) to get my bill down to less than $5000. It took about 1 hour of my time. Had I had insurance, I would have had to pay the full $5000 or $1 deductable. So in this case it worked out for me. My family is extrememly healthy. Our kids go to the doctor maybe once a year and I can't remember the last time I saw a doctor. My wife just had arthoscopic surgurery on knee in the spring and agian, paying cash, I walked away with about a 50% dicount. As we get older, I'll probably consider getting insurance as age typically means more trips to the doc. and on average it will become cheaper to pay the insurance bills than to fund it in cash. I don't know what age that will be, but I'll keep you guys posted... Cameron On Sat, Jul 31, 2010 at 10:02 AM, RickG rgunder...@gmail.com wrote: How do you negotiate that? I've tried and they same we pay their standard rate. After moving back to health insurance, we always see a discount, especially on in network doctors. On Sat, Jul 31, 2010 at 12:34 AM, Blake Bowers bbow...@mozarks.com wrote: We are cash pay. Regular DR visits are half of what the quoted rate is. Hospital is pretty much the same way. Don't take your organs to heaven, heaven knows we need them down here! Be an organ donor, sign your donor card today. - Original Message - From: Faisal Imtiaz fai...@snappydsl.net To: wireless@wispa.org Sent: Friday, July 30, 2010 10:19 PM Subject: Re: [WISPA] [WISPA Members] Health Insurance That is very interesting... it is the first time I am hearing as such... Our experience has been on the contrary... Without the insurance company's pre-netogitated discounts, it is impossible to get a reasonable bill.. more like.. They stick to you as a cash paying customer.. Faisal Imtiaz Snappy Internet Telecom On 7/30/2010 9:20 PM, Roger Howard wrote: I had a friend who had a triple heart bypass. They gave him the bill for loadsa money, assuming he would pay it over a long period of time. When he said he was paying cash outright, it cost a tiny fraction of the amount the bill was for. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/
Re: [WISPA] MIMO 5.8 GHz panel antennas?
Fred, The Arc Wireless dual pol panel is a great value with embedded genII enclosure. You have to use the enclosure for the mount to screw on to the antenna. You can still use cables to an external radios, its just that your cables are inside the enclosure, and pass thru the case holes. That actually can be a benefit because it adds waterproof protection. The good thing about teh Arc system is that even with teh enclosure it is very affordable compared to other antennas of similar spec. The ARC has almost 40db of isolation between ports, which makes it best of class performance for MIMO. You are looking at about $150, but performance will be very good. Tom DeReggi RapidDSL Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: Fred Goldstein fgoldst...@ionary.com To: WISPA General List wireless@wispa.org Sent: Friday, July 30, 2010 12:14 PM Subject: Re: [WISPA] MIMO 5.8 GHz panel antennas? The trouble with the Powerbridge is that it has the radio built in, and is thus an Ethernet hop away from the switch (probably a Routerboard), and one more active device to manage. Also, since a Ubiquiti card drives the radio, it can only run in Airmax or 802.11 mode, not however the Routerboard might be able to drive it (for exmmple, MT's new nv2 mode). What I want is the Powerbridge's antenna by itself! That would be exactly what I'm looking for. ARC Wireless makes a panel antenna for IES, but again that presumes a Routerboard-class radio built in. Would it work with just, uh, cable jumpers to an outboard radio? BTW I'm using RadioMobile to calculate paths, and while the one in question works, it is not a perfect one; it shows some Fresnel zone interference along the way, since it's hilly terrain. I may have to raise or lower the antenna a foot or two to avoid nulls. At 7/30/2010 11:59 AM, you wrote: Yea, it's wrong. Try something besides MCS14 or MCS15 on their calculator, or a better link calculator. I've got NB22's with +25 deployed at 10 miles. Regards Michael Baird http://www.ubnt.com/linkcalculator/ Says that this would be a marginal signal at 10 miles. (16090 meters) for the PowerBridge M5 link margin 14.4 Steve Barnes RC-WiFi Wireless Internet Service -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Michael Baird Sent: Friday, July 30, 2010 11:28 AM To: WISPA General List Subject: Re: [WISPA] MIMO 5.8 GHz panel antennas? They have a Powerbridge M5 that includes a 25 db MIMO panel. Regards Michael Baird I wonder if any of you have experience with 5.8 GHz MIMO antennas. I'm trying to design a point-to-point link, about 10 miles, that will carry a high percentage of a whole network's backhaul. So I'd like it to go at about 80 Mbps, MCS 12 in 20 MHz. The UBNT SR71-15 card can plug into a Routerboard and thus feed two antennas, or a dual-polarized antenna. I'd rather have one antenna than two. I can find dual-feed 2' dishes, but they're on the large side, with wind load and visibility issues. And I see a lot of single-feed panels, which can handle 11a-type traffic. I can run Ethernet into an external radio that comes in a panel, but that adds a hop and more complexity, and frankly most of the specs don't match the SR71-15's. There will be at least three antennas at each end, possibly four (backhaul plus local access). MiniPCI radios in, say, an RB600 seem easier to deal with. But who makes a standalone 5.8 GHz dual-polarized panel, something the 22-25 dB range (13-16)? UBNT makes MIMO sector antennas, and makes panels with built-in radios, but it doesn't seem to have a PTP panel antenna to mate with the SR71-15. ARC has one that works with its built-in enclosure system; do I just leave the enclosure empty and route the cables through it? (Seems hokey.) RADwin has one designed for its own system; I don't know how well it would work otherwise and it's way expensive. Suggestions? Thanks! -- Fred Goldsteink1io fgoldstein at ionary.com ionary Consulting http://www.ionary.com/ +1 617 795 2701 -- -- WISPA Wants You! Join today! http://signup.wispa.org/ -- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] DOS attack
Lately I have had some Pfishers get passwords to users E-mail and start sending out from their Webmail accounts. I have taken to blocking the entire /8 . about 16 million addresses each. Really cuts down on the incoming spam also. No complaints yet. Well, I believe in this case it was all Asia IP space, Mostly from the same hand full of subnets. So they dropped the associated /24's WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
