Recent Posts

Pages: [1] 2 3 ... 10
1
News for Broadbandnuts & DSLnuts / Just a educational thought. From P.O.d Neighbors
« Last post by dannjr on October 03, 2017, 12:18:09 pm »
Just a thought.. Since allot of politicians have no Clue. and tons of Waste is going on. ESP. in Chicago.
Most of whats here is Fact and by other Neighbors here in our Area.. Our opinion aint always important but this effects everyone that Pissed off in Cook County which is 90% of our Neighbors

Lets Pay a Penny and Ounce... Yeah that will fix the sugar problem esp in Diet sugar Free drinks they claim has Sugar and Charging for that to.
Lets Keep needless computers in Grade Schools. That will Teach for the Teachers and Parents

OR

Why not express the fix. By fixing it with Physical Education.. OH That right.... Most Counties and Large City's did away with Phys Ed.
Just like they did away with Music in a lot of School districts.
Or lets get rid of the basics of English and Hand Writing.. OH that right.. They cant sign there names.

The Silicon Valley School system did away with Computers.. That made sense. Now Kids know how to use a Pen and Paper. Now they're learning to interact by having to Talk again..

Parents work allot of Hours so I understand them being Tired.. But spend a little time with your Kids with Homework
Maybe they'll know how to read script one day. When they cant Read a Simple Address on a building. thier might be a problem. YES we ran into that problem.

Yup Lets charge a penny an Ounce for Sugar. That will stop the parents and Kids from becoming un-healthy.
Thats a Great Fix.. The only fix its making in Chicago and Cook County is to Chase more people to stores outside the county. Eventually none of the neighborhoods will have a Grocery store in Chicago.. Case and Point. 70% of all small neighborhood stores are leaving and the store fronts are empty.. WHY because of Nickle's Dimes and pennies that Cook County and Chicago is taking out of the mouths of Families and Businesses...

So lets just keep it up.. Illinois and Cook county wont be happy till they loose more people to other States with Fair practice.

This is just thoughts on what BS that Governments have done esp. here in our home state.

Please Help Educate your politicians.. OR enough is Enough.

Im just happy my Kids can go shopping outside of our town and County to buy what we need.

NOTE: For Thanks Giving our Groceries Will be Purchased outside of Illinois in Southeastern Wisconsin. It will save us 50% off feeding the Family.. AND we will Give Thanks...

This in no way is an endorsement for Pop We barley drink it.. But we do Drink Juice and they charge for that too.
Elderly people are having to pay a added penny a ounce for Cranberry Juice. And its healthy.
Don't bother buying Sugar Free bottle Tea.. Yup You got it its also hit for the Tax.

Here is the Best part. If your on WICK.. There is No Tax

Thanks fro Reading the Rambling.
3
JPS Product Discussion / Re: JPS to Reopen as JPS
« Last post by chpalmer on April 15, 2016, 01:24:46 am »
4
JPS Product Discussion / JPS to Reopen as JPS
« Last post by chpalmer on April 15, 2016, 01:21:47 am »
JPS Interoperability Solutions to launch April 15 with assets of former JPS Communications

JPS Interoperability Solutions—a new company established with the acquired assets of the former JPS Communications—plans to open its doors for business on April 15, according to JPS Interoperability Solutions President Don Scott, one of the three founders of JPS Communications.

JPS Interoperability Solutions—a new company established with the acquired assets of the former JPS Communications—plans to open its doors for business on Friday, according to JPS Interoperability Solutions President Don Scott, one of the three founders of JPS Communications.

“It’s a startup, but it’s a special kind of startup that’s got enormous experience, a huge base of installed products around the world and vision about where the next generation will be and what the next quantum leap will be,” Scott said during an interview with IWCE’s Urgent Communications. “Frankly, we were the creators of interoperability, and it’s only proper that we take it to the next level.”

http://urgentcomm.com/interoperability/jps-interoperability-solutions-launch-april-15-assets-former-jps-communications?NL=UC-03&Issue=UC-03_20160413_UC-03_378&sfvc4enews=42&cl=article_1&utm_rid=CPEQW000001109849&utm_campaign=7230&utm_medium=email&elq2=a780c239aab64872989bba59fbd5acf5
5
News for Broadbandnuts & DSLnuts / Re: Heartbleed bug
« Last post by dannjr on April 22, 2014, 11:10:03 am »
The Good news is that manufactures and websites have fixed allot of the problems but you still need to be carefull
We upgraded our firewalls twice that week and there are still companies upgrading
Amazon came up clean and never had the issue
banks have either replaced or disabled the heartbeat which is the reason for the bleed

We have noticed that we did have a small bleed here for a short time but it never got to the websites based on the logs
That's not to say a website can't be hacked or Cracked.. It is public.. If you want to be safe unplug from the internet.

The ASUS above is a good option for a home user.. Unfortunately for us we page memory as high as 2.5gig over just one firewall and can peek at 3gig on the mailserver So our options are limited
6
News for Broadbandnuts & DSLnuts / Re: AT&T Killed IPv6.. No one should be happy...
« Last post by dannjr on April 22, 2014, 11:00:00 am »
I may have exaggerated a touch. But the truth of the matter.
Business owners have gone through the trouble to upgrade there systems at no small cost.
They have enabled websites and email servers that work with IPv6

AT&T called us yesterday to find out why we are unhappy.
The person on the phone had no clue as to what protocol 41 was and even less information on IPv6.
I blame AT&T for not training there phone support.
We spent a little over an hour on the phone and I could here the supervisor behind her
I can't fault the employee's and I probably can't fault the tech's at AT&T
We were told protocol 41 was not available after going through a explanation of what it was...(not port 41)
We were also told that when IPv6 was available to all the users it was just a test of the system and they aren't ready for it..
We were also told IPv6 may be ready by the end of the year but not to hold our breath...

Other then the IPv6 issue our connection has been very solid. I can't complain that way.. But we have invested allot of time with this and we maybe looking at our options to get a connection that will allow IPv6 Tunnels.
Can you here me now AT&T
7
News for Broadbandnuts & DSLnuts / Re: Heartbleed bug
« Last post by cablenut on April 16, 2014, 07:07:57 pm »
For Asus RT-N66* owners, there is a new firmware out to address this issue and more. This router has gained popularity because it is 1) Open source (meaning you can install DDWRT or Tomato based firmware on it) and 2) It is available everywhere coupled with its features and performance. I personally have had zero issues with this router other than a few resets once in a great while, and a few DHCP issues related to certain IP addresses conflicting with each other (stares at his network printer). Below is the change log. One thing to note is that they update the firmware for this router frequently because of its market position in the arena of being "open source"; it is highly supported so far.

Quote
Version 3.0.0.4.374.5517

Description   ASUS RT-N66R Firmware version 3.0.0.4.374.5517
Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed cross site scripting vulnerability
3. Fixed parameters buffer overflow vulnerability
4. Fixed XSS(Cross Site Scripting) vulnerability
5. Fixed CSRF(Cross Site Request Forgery) vulnerability
6. Added auto logout function. The timeout time can be configured in - Administration--> System
7. Included patches related to network map. Thanks for Merlin's contribution.
8. Fixed password disclosure in source code when administrator logged in.
9. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSL versions are not vulnerable to heartbleed bug.

Others:
1. Fixed IPTV related issues.
2. Modified the 3G/LTE dongle setting process in quick internet setup wizard.
3. Fixed the Cloud sync problem
4. Fixed Parental control check box UI issues.
5. Modified the FTP/ Samba permission setting UI
6. Modified media server setting UI
7.Samba/ media server/ iTunes server name can be changed.
8. Dual wan fail over now support fail back
9. Fixed wake on lan magic packet sending issue.
10. Fixed false alarm for samba and ftp permission.
11. Fixed IPv6 related issues.

Special thanks for David and Palula’s research
CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
Remote command execution http://seclists.org/fulldisclosure/2014/Apr/58
Reflected XSS: http://seclists.org/fulldisclosure/2014/Apr/59

http://www.asus.com/us/Networking/RTN66R
http://www.asus.com/us/Networking/RTN66U
8
News for Broadbandnuts & DSLnuts / Heartbleed bug
« Last post by dannjr on April 11, 2014, 11:45:55 am »
Lots of info all over the web on the heartbleed bug
I can only say..
Go to any of your websites that are secure.. Change your passwords to something thats at least 14 characters long Letters and Numbers... If for some reason in the Future a website like your bank or Email provider tells you to change your password again DO NOT ignore it.. Just do it..
Allot of Banks still have Certificates that are old and outdated..

The Amount of work that will go into securing everything again will probably take a long time
For instance we have upgraded our Firewall 3 times in 1 week (Not Cisco)
Cisco who makes the majority of Commercial firewalls has verified that the bug is in there firewalls and is working as fast as they can to update..

The Bug is not something we need to point fingers or argue about OpenSSL has been secure for more then 15 or more years.
What you need to do is protect yourself... Make sure your home router firewall is up to date. Check with the Manufacturer to make sure its still a secure peice of hardware. AND Change your passwords
   
9
News for Broadbandnuts & DSLnuts / AT&T Killed IPv6.. No one should be happy...
« Last post by dannjr on April 07, 2014, 12:12:26 am »
AT&T Why? Did they Kill Internet Protocol version six...

AT&T is blocking Internet Protocol version 6 (IPv6)
Did they break it.. They advertise the ability to use and have info on there websites..
Hundreds of Thousands of Website Developers use it and have it... This Include Google and OpenDNS and even we have it on our other business connections. It even helps 4G be a little faster...
If you have AT&T and a XBOX One.. Good luck its not getting IPv6 now
If you have AT&T and a Cell Service.. Good luck its not getting IPv6 now
If you have AT&T and a Internet TV.. Good luck its not getting IPv6 now
This can also slow it up and in some cases bandwidth on Cell phones will be higher use.

According to the Hundreds to thousands of Developers they broke there network again by putting out a bad update to there network.. I tend to believe that.. Others say there preparing to sell IPv6 IP space. Comcast IPv6 works and others that need it can get a Tunnel network from Sixx or my favorite Hurricane Electric only because they have a certification program we enjoy. AND they have been doing it for years.. AT&T might be able to fix there problem if they pick up the phone to HE.net

Years ago.. WELL not that many years.. We got a Internet Business connection from AT&T and we were assured by several people at AT&T that when we need it IPv6 would be available.. AND was...
Recently: We were approached by a non profit to help with some special needs and at the time we would have been able to fit there needs using IPv6 to assign encrypted connections to there users.. As of a couple weeks ago this has been put on hold Because AT&T broke it.. No AT&T IPv6..
We called AT&T and got the answer NO we cant open IPv6 for you and can't...
We dont Need IPv6 protocol 41 from AT&T just open the Protocol

It seems every-time we turn around AT&T either blocks something or breaks it.. We even heard they say its because of security... Grant it, there is a learning curve with IPv6 but we already knew that and control the services we open.. AND I know AT&T can control abuse by slowing up connections, Sending a email or disabling a customer till the abuse is fixed.. Just ask any user of a Cell phone who has Tethered a computer to use internet through there cell phone.
Internet is faster with IPv6 as long as Administrators set it right.. AND for the most part its safer then Internet protocol (TCP/IPv4) All your browsers and new Operating systems since Windows XP sp2 and Linux to mention just two support IPv6.. Yeah even Apple

Microsoft had some issues with IPv6 on the New Xbox and fixed what they needed.. If you have a wireless modem/router thats to old you might have to upgrade your router to deal with IPv6 This is part of the learning curve.. Wireless on older versions with IPv6 may lock up.
This might be AT&T's problem I'm not sure on that.. We have the Xbox one and disabled v6 because it was part of the learning curve. ANd we replaced the one Wireless router and had no problems with the AT&T router on the wireless with Xbox one. (when IPv6 was working)

I wonder how Microsoft feels about AT&T blocking IPv6(secret partner of U-verse development)

I know theirs allot more to do with this But common AT&T your supporting businesses that don't want to be told how to do business for to much longer.. Cost is one thing breaking our Development and blocking Learning is another.. The future is our Kids and they want to learn network development as well.
 
Even on one of the AT&T forums A user posted a link to file complaints to the FCC in how there blocking our business Tunnels, Tracert and a few other items.. You can search the Web on how AT&T broke DNS and how they wanted to block FaceTime and more.. Verizon don't get me started

If you want to keep the Internet in the open. The way its supposed to be. Not telling us what we can or cant have Please file a complaint with the FCC. Even the FCC has open rules for the Internet.

Heres the FCC Rules on a open Internet. Look around they even have a link to test your IPV6 capabilitys
http://www.fcc.gov/openinternet  

If you Feel we need to file a complaint please feel free to a open discussion here and file your complaint here
http://www.fcc.gov/complaints
Fill out the online form under Broadband, Billing/Service/Availability.

A large portion of the form is dedicated to billing disputes, so I left those blank and filled in item (5) with some text about how AT&T's behavior is a clear violation of the "no blocking" open Internet rules, as set forth here:

This is a link on AT&T's own website
https://forums.att.com/t5/Residential-Gateway/IPv6-Tunnels-broken-yet-again-this-time-on-the-NVG589-modem/td-p/3896665

There's other complaints going on and AT&T isn't the only one getting this
Comcast, Cell phone companies and more.. But its been real enlightening. The recent amount of complaints over IPv6 with AT&T... Considering Europe has been IPv6 enabled for 10 years and its being used more and more since 2005 here

Did I mentioned how AT&T is blocking Tracert.. Its a tool for tracing where a IP is coming from its one of the tools we can use to find and block a bad guy temporarily to keep our connections running.. They wont allow this from our desktops or with our commercial routers behind there equipment.. This is just to name problems AT&T is having.
Don't get me started on how bad DNS is.. All companies are having that problem...

To be fair AT&T has done a good job with us.. But its not this hard and some things need to change
Opening protocol 41 is one that needs to happen fast

Here's the FCC thought on IPv6 and Written VERY WELL
https://www.fcc.gov/guides/internet-protocol-version-6-ipv6-consumers
We're 100% ready are you..? Remember that when your watching TV over the internet  ;D
But one of the big problems. Most people are scared of change and IPv6 makes life more secure and AT&T probably needs to learn more about empty address segments and UDP packets to no place

Imagine not being able to get to your bank online or Use your Internet ready TV or worse

Thank you
10
Cablenut Program Support / Re: Cablenut & AT&T 6 Mbps
« Last post by Curt on April 05, 2014, 12:34:22 pm »
After using the above settings in Cablenut all these years I have further experimented with increasing my DSL speed. My speed seemed like it got faster and less jerky after adding the "Protect Against SYN Attacks" tweaks below. After using Cablenut manually add these settings in the registry:

Protect Against SYN Attacks
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name:SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name:TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0–65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name:TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100–65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name:TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80–65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name:TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0–255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name:TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0–65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name:EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack. Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name:KeepAliveTime
Recommended value data: 300000
Valid values: 80–4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
Set NetBIOS Protections
All the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters. These keys and values are:
Value name:NoNameReleaseOnDemand
Recommended value data: 1
Valid values: 0, 1
Description: Specifies to not release the NetBIOS name of a computer when it receives a name-release request.
Use the values that are summarized in Table 1 for maximum protection.
Table 1 Recommended Values
 
Value Name   Value (REG_DWORD)      
SynAttackProtect   2      
TcpMaxPortsExhausted   1      
TcpMaxHalfOpen   500      
TcpMaxHalfOpenRetried   400      
TcpMaxConnectResponseRetransmissions   2      
TcpMaxDataRetransmissions   2      
EnablePMTUDiscovery   0      
KeepAliveTime   300000 (5 minutes)      
NoNameReleaseOnDemand   1   
Protect Against ICMP Attacks
The named value in this section is under the registry key HKLM\System\CurrentControlSet\Services\TcpIp\Parameters
Value:EnableICMPRedirect
Recommended value data: 0
Valid values: 0 (disabled), 1 (enabled)
Description: Modifying this registry value to 0 prevents the creation of expensive host routes when an ICMP redirect packet is received.
Use the value summarized in Table 2 for maximum protection:
Table 2 Recommended Values
 
Value Name   Value (REG_DWORD)      
EnableICMPRedirect   0   
Protect Against SNMP Attacks
The named value in this section is located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.
Value:EnableDeadGWDetect
Recommended value data: 0
Valid values: 0 (disabled), 1, (enabled)
Description: Prevents an attacker from forcing the switching to a secondary gateway
Use the value summarized in Table 3 for maximum protection.
Table 3 Recommended Values
 
Value Name   Value (REG_DWORD)      
EnableDeadGWDetect   0   
AFD.SYS Protections
The following keys specify parameters for the kernel mode driver Afd.sys. Afd.sys is used to support Windows sockets applications. All of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\AFD\Parameters. These keys and values are:
Value:EnableDynamicBacklog
Recommended value data: 1
Valid values: 0 (disabled), 1 (enabled)
Description: Specifies AFD.SYS functionality to withstand large numbers of SYN_RCVD connections efficiently. For more information, see "Internet Server Unavailable Because of Malicious SYN Attacks," at http://support.microsoft.com/default.aspx?scid=kb;en-us;142641.
Value name:MinimumDynamicBacklog
Recommended value data: 20
Valid values: 0–4294967295
Description: Specifies the minimum number of free connections allowed on a listening endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections
Value name: MaximumDynamicBacklog
Recommended value data: 20000
Valid values: 0–4294967295
Description: Specifies the maximum total amount of both free connections plus those in the SYN_RCVD state.
Value name:DynamicBacklogGrowthDelta
Recommended value data: 10
Valid values: 0–4294967295
Present by default: No
Description: Specifies the number of free connections to create when additional connections are necessary.
Use the values summarized in Table 4 for maximum protection.
Table 4 Recommended Values
 
Value Name   Value (REG_DWORD)      
EnableDynamicBacklog   1      
MinimumDynamicBacklog   20      
MaximumDynamicBacklog   20000      
DynamicBacklogGrowthDelta   10   
Additional Protections
All of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.
Protect Screened Network Details
Network Address Translation (NAT) is used to screen a network from incoming connections. An attacker can circumvent this screen to determine the network topology using IP source routing.
Value:DisableIPSourceRouting
Recommended value data: 1
Valid values: 0 (forward all packets), 1 (do not forward Source Routed packets), 2 (drop all incoming source routed packets).
Description: Disables IP source routing, which allows a sender to determine the route a datagram should take through the network.
Do Not Forward Packets Destined for Multiple Hosts
Multicast packets may be responded to by multiple hosts, resulting in responses that can flood a network.
Value:EnableMulticastForwarding
Recommended value data: 0
Valid range: 0 (false), 1 (true)
Description: The routing service uses this parameter to control whether or not IP multicasts are forwarded. This parameter is created by the Routing and Remote Access Service.
Only Firewalls Forward Packets Between Networks
A multi-homed server must not forward packets between the networks it is connected to. The obvious exception is the firewall.
Value:IPEnableRouter
Recommended value data: 0
Valid range: 0 (false), 1 (true)
Description: Setting this parameter to 1 (true) causes the system to route IP packets between the networks to which it is connected.
Mask Network Topology Details
The subnet mask of a host can be requested using ICMP packets. This disclosure of information by itself is harmless; however, the responses of multiple hosts can be used to build knowledge of the internal network.
Value:EnableAddrMaskReply
Recommended value data: 0
Valid range: 0 (false), 1 (true)
Description: This parameter controls whether the computer responds to an ICMP address mask request.
Use the values summarized in Table 5 for maximum protection
Table 5 Recommended Values
 
Value Name   Value (REG_DWORD)      
DisableIPSourceRouting   1      
EnableMulticastForwarding   0      
IPEnableRouter   0      
EnableAddrMaskReply   0   
Pitfalls
When testing the changes of these values, test against the network volumes you expect in production. These settings modify the thresholds of what is considered normal and are deviating from the tested defaults. Some may be too narrow to support clients reliably if the connection speed from clients varies greatly.
Pages: [1] 2 3 ... 10