DSLNUTS    Cyberonic

Welcome to DSLnuts



  · Software · Discussion Forum · NEWS ·

       Welcome, user from ec2-54-211-191-72.compute-1.amazonaws.com.
      It's Now Sunday, 04 December 2016 04:08:20 AM CST

 news Discussion Forum News    

xx Heartbleed bug

April 11, 2014, 11:45:55 am by dannjr
Lots of info all over the web on the heartbleed bug
I can only say..
Go to any of your websites that are secure.. Change your passwords to something thats at least 14 characters long Letters and Numbers... If for some reason in the Future a website like your bank or Email provider tells you to change your password again DO NOT ignore it.. Just do it..
Allot of Banks still have Certificates that are old and outdated..

The Amount of work that will go into securing everything again will probably take a long time
For instance we have upgraded our Firewall 3 times in 1 week (Not Cisco)
Cisco who makes the majority of Commercial firewalls has verified that the bug is in there firewalls and is working as fast as they can to update..

The Bug is not something we need to point fingers or argue about OpenSSL has been secure for more then 15 or more years.
What you need to do is protect yourself... Make sure your home router firewall is up to date. Check with the Manufacturer to make sure its still a secure peice of hardware. AND Change your passwords
   
2 comments | Write Comment

xx AT&T Killed IPv6.. No one should be happy...

April 07, 2014, 12:12:26 am by dannjr
AT&T Why? Did they Kill Internet Protocol version six...

AT&T is blocking Internet Protocol version 6 (IPv6)
Did they break it.. They advertise the ability to use and have info on there websites..
Hundreds of Thousands of Website Developers use it and have it... This Include Google and OpenDNS and even we have it on our other business connections. It even helps 4G be a little faster...
If you have AT&T and a XBOX One.. Good luck its not getting IPv6 now
If you have AT&T and a Cell Service.. Good luck its not getting IPv6 now
If you have AT&T and a Internet TV.. Good luck its not getting IPv6 now
This can also slow it up and in some cases bandwidth on Cell phones will be higher use.

According to the Hundreds to thousands of Developers they broke there network again by putting out a bad update to there network.. I tend to believe that.. Others say there preparing to sell IPv6 IP space. Comcast IPv6 works and others that need it can get a Tunnel network from Sixx or my favorite Hurricane Electric only because they have a certification program we enjoy. AND they have been doing it for years.. AT&T might be able to fix there problem if they pick up the phone to HE.net

Years ago.. WELL not that many years.. We got a Internet Business connection from AT&T and we were assured by several people at AT&T that when we need it IPv6 would be available.. AND was...
Recently: We were approached by a non profit to help with some special needs and at the time we would have been able to fit there needs using IPv6 to assign encrypted connections to there users.. As of a couple weeks ago this has been put on hold Because AT&T broke it.. No AT&T IPv6..
We called AT&T and got the answer NO we cant open IPv6 for you and can't...
We dont Need IPv6 protocol 41 from AT&T just open the Protocol

It seems every-time we turn around AT&T either blocks something or breaks it.. We even heard they say its because of security... Grant it, there is a learning curve with IPv6 but we already knew that and control the services we open.. AND I know AT&T can control abuse by slowing up connections, Sending a email or disabling a customer till the abuse is fixed.. Just ask any user of a Cell phone who has Tethered a computer to use internet through there cell phone.
Internet is faster with IPv6 as long as Administrators set it right.. AND for the most part its safer then Internet protocol (TCP/IPv4) All your browsers and new Operating systems since Windows XP sp2 and Linux to mention just two support IPv6.. Yeah even Apple

Microsoft had some issues with IPv6 on the New Xbox and fixed what they needed.. If you have a wireless modem/router thats to old you might have to upgrade your router to deal with IPv6 This is part of the learning curve.. Wireless on older versions with IPv6 may lock up.
This might be AT&T's problem I'm not sure on that.. We have the Xbox one and disabled v6 because it was part of the learning curve. ANd we replaced the one Wireless router and had no problems with the AT&T router on the wireless with Xbox one. (when IPv6 was working)

I wonder how Microsoft feels about AT&T blocking IPv6(secret partner of U-verse development)

I know theirs allot more to do with this But common AT&T your supporting businesses that don't want to be told how to do business for to much longer.. Cost is one thing breaking our Development and blocking Learning is another.. The future is our Kids and they want to learn network development as well.
 
Even on one of the AT&T forums A user posted a link to file complaints to the FCC in how there blocking our business Tunnels, Tracert and a few other items.. You can search the Web on how AT&T broke DNS and how they wanted to block FaceTime and more.. Verizon don't get me started

If you want to keep the Internet in the open. The way its supposed to be. Not telling us what we can or cant have Please file a complaint with the FCC. Even the FCC has open rules for the Internet.

Heres the FCC Rules on a open Internet. Look around they even have a link to test your IPV6 capabilitys
http://www.fcc.gov/openinternet  

If you Feel we need to file a complaint please feel free to a open discussion here and file your complaint here
http://www.fcc.gov/complaints
Fill out the online form under Broadband, Billing/Service/Availability.

A large portion of the form is dedicated to billing disputes, so I left those blank and filled in item (5) with some text about how AT&T's behavior is a clear violation of the "no blocking" open Internet rules, as set forth here:

This is a link on AT&T's own website
https://forums.att.com/t5/Residential-Gateway/IPv6-Tunnels-broken-yet-again-this-time-on-the-NVG589-modem/td-p/3896665

There's other complaints going on and AT&T isn't the only one getting this
Comcast, Cell phone companies and more.. But its been real enlightening. The recent amount of complaints over IPv6 with AT&T... Considering Europe has been IPv6 enabled for 10 years and its being used more and more since 2005 here

Did I mentioned how AT&T is blocking Tracert.. Its a tool for tracing where a IP is coming from its one of the tools we can use to find and block a bad guy temporarily to keep our connections running.. They wont allow this from our desktops or with our commercial routers behind there equipment.. This is just to name problems AT&T is having.
Don't get me started on how bad DNS is.. All companies are having that problem...

To be fair AT&T has done a good job with us.. But its not this hard and some things need to change
Opening protocol 41 is one that needs to happen fast

Here's the FCC thought on IPv6 and Written VERY WELL
https://www.fcc.gov/guides/internet-protocol-version-6-ipv6-consumers
We're 100% ready are you..? Remember that when your watching TV over the internet  ;D
But one of the big problems. Most people are scared of change and IPv6 makes life more secure and AT&T probably needs to learn more about empty address segments and UDP packets to no place

Imagine not being able to get to your bank online or Use your Internet ready TV or worse

Thank you
1 comment | Write Comment

xx AT&T Uverse Business STATIC IP Addresses (Success)

April 09, 2012, 12:07:25 pm by dannjr
THIS IS LONG.. IS it worth saving a few thousand for your business connection.

We Recent had a allot of experience with U-verse Residential and business..
I'm getting this info out fast and some of it might be a little sloppy. When I get the full write up done I'll post it in another board for questions and answers. I'm doing short section on residential first.
If your looking for help with Residential because web pages don't seem to open properly. Open your network settings and add public DNS assignments to TcpIP v4. A good place to start is Google public and open DNS. There IP addresses are for Google 8.8.8.8 and 8.8.4.4 AND OpenDNS are 208.67.222.222 208.67.220.220 I suggest you look them up in Google search for more information.
The other and more practical way for residential is to have a second router. plug it into the AT&T 2wire. Wait a few minutes go get a coffee then login to the 2wire. Goto the Network info page and note the name of your router. Then go to the Firewall setting and enable DMZplus mode for your router. once its set use all your networking for your computers or gaming boxes to go threw that router.. There will be more details in the Business IP assignments portion of this BUT this could also solve any minor pix-elation you might be getting by leaving your TV's and phones connected direct to the 2wire. and your computers behind on the second layer. It will also allow to to setup connections from work easier

HERE's the Section most business owners are having problems with.
So you had U-verse business installed.. and your Surfing ... AND YOU CAN'T get your 5 Static IP's or more running..
I know your pain
We had U-verse business put in about March 30th after long discussions with Techs and Sales people at AT&T We went with it.. Cable wasnt a option because Cable dosn't work properly in our area with lost connections that just won't work.

We have 8 IP addresses assigned to us. 5 of them usable as public IP addresses. We run extensive cloud service here with 18 Websites on 3 servers with POP and SMTP mail Servers with a total of 8 machines running 24/7 over the years the AT&T Static IP's threw DSL have been fine with our other DSL running great for a total of 10 IP addresses. All that and a average of 35Gig of bandwidth for the websites and about 150000 emails a month.
So now it was time better uploads to work with our servers and our own work.

So now AT&T U-verse is installed on a Dry loop to our business Which took a lot of pateints to have installed.
They brought out a iNID which is basically the Router mounted outside. Then installed a what looks like a regular 2wire inside and a battery backup to power the outside iNID router. 3 peaces of equipment.. You go through the registration and your surfing... But you didn't come here to find out how to surf or even get it installed You want to know how to use your additional IP addresses

By now you've been put in MAC Address hell.. This WILL fix that

Since the 31st of march I read over 1000 pages on this, including how bad the 2wire is to different solutions that made for allot of work..
This will still be a little technical BUT will work the first time and you can get back to what you really do for a living.
My personal opinion the 2wire solution is brilliant more on that below.

Most businesses will have a IT Guy or Girl or the owner of the business has learned how to be Technical. This wont cost a bunch of money. Just a little time.. HEY it took you time just to get U-verse give it a little patients.  ;D ;D ;D ::)

First you need a older computer that your not using anymore OR look for a cheep Desktop with a minimum of 512 memory.
get 2 Network cards. inexpensive Realtek cards will work fine for this. In the future because of our needs we'll probably be getting managed Intel cards.. 99% of all businesses can probably get away with 2 NIC's(network cards)

So now you have the older computer setup with the 2 network cards.
You need something to run it and be able to assign your IP addresses with MAC addresses.... AGAIN I'M GETTING THIS INFO OUT FAST So it might be missing little details but the setup info works..

To do this we need a Operating system with a router solution.. This was done with PFSense. Some call it a Super router. I call it a Unbelievable Super Router.. Your 2wire router is built around FreeBSD our version is 4.4 PFsense is based on FreeBSD 8.1. For all practical purpose we're using PFsense 2.0.1 the latest build.
You'll need to download this from PFsense http://www.pfsense.org/ and burnit to disk.. There's ALLOT of info and support for the software on there website and Please if you find this works for you Give them some MONEY otherwise it is free 
For our purpose we used a Pentium 2.8 32bit with a gig of memory we had laying around.
Once you have PfSense installed and running you need to plug it into the 2wire.

PfSense will run without installing from the CD so you can get familiar with it... For this to work YOU WILL need to install it to a Hard drive.
During the setup you need to setup the WAN NIC(network card) more info is gotten on the pfsense website.
Once PFsense is up and running and your surfing through it.
Goto the 2wire and set it to turn off the firewall for your Static IP's

Goto Broadband Tab> Link Configuration link>
scroll down to "Supplementary network" > Add additional network
Check the box to > Enable
Input your Gateway IP that AT&T gave you for your Static IP addresses
Input your subnet mask usually 255.255.255.248
Check the box "Auto firewall open"
Hit save
I assume the AT&T tech already did this for you... but just in case you have that info now.
Now goto the Firewall Tab> Advanced configuration
Disable> Stealth Mode
Disable> Block ping
Disable> Strict UDP Session control
Leave UDP session timeout alone.. Pleanty of people have messed with this and for this setup LEAVE IT ALONE
TCP session timeout is great right were it is.

Scroll down past all the rest of the enabled stuff to
Attack detection>
Un-check all that stuff.. You don't need it pfSense will do that...
By all means Please leave NetBIOS unchecked.. you dont need to advirtise your network or open the computers this way to the public..
   
Now goto the LAN tab>
Scroll down to see devices
look for the currant IP and MAC address of the PFsense network card.. If you left it as DHCP assigned it should show your LAST Static IP address
If not at this time reboot the 2wire wait a minute and reboot the pfsense router

Go back into the 2wire firewall configuration > Applications. pinholes and DMZ
click on the pfsense computer link and if its not in the DMZ plus mode check that box or radio button and hit save.

At this point we're ready to get the rest of the IP addresses running as long as you can surf to the web through the pfsense box

In pfSense for our configuration we did a couple things I'll give you at the end. I'm also going to assume you know how to work with NAT port assignments and how to enable ICMP.. Believe it or not ICMP on ATT DSL and AT&T U-verse is important if you want to increase your connection time...

Lets assume your WAN IP is x.x.x.109... Its already up and running and the 2wire knows its MAC address
So in pfsense goto>
Firewall>Virtual IP>
Click the plus sign>
Click the box/radio button Carp
Interface WAN
Add your next IP if your WAN IP ends in x.x.x.108
(x represents number)
Set your CIDR for subnet 248 that = 29
Set a Virtual IP password.. If all goes well you can even login to pfsence from that virtual IP
Set the VHID Group>1
Since this is the first IP leave it as the number 1
Advertising Frequency> leave as default(Master) base 1 skew 0
Give it a short description you will use that name in NAT later on... I use the IP and the word "Static"
Hit Save the screen hit apply
Lets add another IP

click on a plus sign to add again follow the directions just above
Add the IP CIDR and password
Set the VHID Group to 2
Advertising Frequency the same as the first Virtual IP
Add your description and Save then apply

You can add more if you want but at this point you can check to see if there working in
status>Carp(failover)
In Status>Carp they should show as MASTER with a Green running arrow.
If you scroll down a little to find.......
pfSync nodes:

xxxxxxxxf
2xxxxxxxf

the x represents a number
Simply said these numbers represent HEX addresses which are translated to MAC addresses that the 2wire router then recognizes...
You can also add this to the pfsense
Status>Dashboard


As a Safety we added loop to our madness  :big:

I mentioned the 3rd network card. we added the interface and enabled it.. DO NOT ASSIGN IT to anything at this point.
We then added to
System>Routing>
Click the Routes Tab
Add your pool address and gateway.
 
Reboot your (2wire and pfsense)routers and go check for the IP's now showing in the 2wire
please note  It could in some cases take a little bit to propigate the CARP virtual IP's

I hope this has been a big help to someone and as I get more of my info and desktop captures together I'll clean this up a bit.
In the mean time dont hesitate to ask for help in the forum.

Some of the other things we have running in pfsense is pfblocker and Squid proxy.
Also keep in mind pfsense is running services and a firewall.. these should be treated seperatly mentally and your not opening things in the 2wire firewall to your network. Your openhing them to your new firewal to control..

Important to note: U-verse will pass DNS public. So using a DNS IP other then what AT&T assigns is important
ICMP will increase reliablity to a AT&T connection.. Opening the Advanced Firewall in the 2wire is not decreasing your security.. pfsense will.. Some people think its double NAT from the 2wire threw pfsense.. Ive ran enough tracerts and pings to know its passing just fine.. if your not sure do a packet sniff frrom pfsense.. they have it built in...
This is as close as your gonna get to having a True commercial Cisco router without the expense or headaches.
We've been running pfSense builds since just before version 1.2.1... once you setit you can forget it..
With pfsense we dont use allot of the addons.. Squid proxy is to help cache our websites not SSL or SSH.. it speeds up the webpages a touch.. Squid can also be used to GET windows updates but we don't use it for that.
pfblocker we use to block by country name or a CIDR set of addresses that have attacked the router

WE also set these up in other places bonding more then one ISP or Failover and decrease latency
our laTENCY in this particlar build averages 30ms and in pfsense 0.72ms
Memeory use is about 10% the Swap file is 0 and CPU fluctuates from 0 to 6% on a normal day.. We have seen it as high as 20%

The last Pfsense box we setup was for a Comcast business connection that was subscribed to as 12down x 2up with it bonded to a AT&T DSL at 3 x 512Kb... End results were 56Mb down by 5Mb upload... Dont ask for that secret

KEEP IN MIND besides giving this info most of the info for the build of YOUR pfSense box is on the pfSense Website.
They deserve 99.9999% of the credit without CARP I wouldn't be writing about this...

Please donate to there website.. This isnt cheap to support BUT man you'll save on nightmares at night knowing your up and running..

Thanks

Public static IP not working after u-verse AT&T U-Verse Static IP get information about a Static IP? - AT&T
7 comments | Write Comment

xx NEW AT&T Email settings

March 29, 2012, 05:03:15 pm by dannjr
Yes the world is going insane.. While we're using our new firewall to make things better for us.
AT&T has New Email setting's

Here's a link to the NEW setup
http://www.att.com/esupport/article.jsp?sid=KB401570&cv=804&title=Email+server+settings+%28POP+and+SMTP%29#fbid=iYtxCNWv8nh

Basically if your email is working now but a little spotty
you should change the POP and SMTP settings from
smtp.att.yahoo.com to outbound.att.net
and
pop.att.yahoo.com to inbound.att.net
You may or may not have to make additional changes
The Link above includes links to program settings that include Thunderbird or Outlook and more..

We hope this helped with getting your email working again.

Enjoy
1 comment | Write Comment

xx A Super Firewall

March 15, 2012, 09:41:43 am by dannjr
We instated a couple of firewalls a few weeks ago..
These cover the Servers which take care of all the email and websites
within the firewall(s) we have a option to block certain countries and cities
for instance the Baidu spider from Beiging China or the
top known spammers and spam bots.
Keep in mind no firewall is perfect but these seem to do the trick

Firewall Stats of blocked bad guys for the servers for the past couple weeks
Our users have been real happy not having to deal with Spam and We've been extremely happy not having to deal with
Baidu and Asia Bot's.

These numbers are based on just 2 of our servers
Server 2
Asia                                      23091
Europe                         9657
South America                      17

Server 1
Top Spammers                      625
Africa                               650
Asia                                    20688
Europe                               17987
South America                 3632  Mostly Brazil
Baidu                                  148    See Asia as well
dotnetdotcomorg              150
Wordlightcom                  320
limestonenetworkscom      12
amazoncom                        170


We run an extensive cloud (internet) servers and as of this date the email servers are at a all time low for spam and have only seen 12 virus hit the mail servers which were removed.

You might notice that Amazon is on that list.. Please keep in mind we are not blocking Amazon email or the website only an exploit that was detected coming out of Germany through Amazon.
We dont block all of Germany and we certainly don't block all of Europe
But the numbers your seeing above is just how bad these spammers want to exploit yours and our information..

The United States of America is nothing to laugh at either.
We still see a good amount of spam from here as well as viruses and some of that might be coming from companies that are from outside the united states using servers here.
The United states is a large resource for spam. Maybe one of the largest.

At this time I want to thank the providers of our firewall and custom settings
from PFSense.org and the Very user friendly addon from Countryblock and IPblocklist
If you have a spare computer and a Gig or more of memory with a Dual core CPU and two or more network cards you could have the same firewall capability within your home or office making a Safe point for all your computers

most of the info for building a pfSense can be gotten here
http://www.pfsense.org

One other thing since using pfSense we noticed that allot of wasted bandwidth and Latency have seemed to be gone.
our connections are not working as hard and we're able to get our communications out in half the time.

Please We're not a corporation or a large company we do this as a help to others who may have a small office or a home that may need help from time to time.. This is a Educational website along with dslnuts.com, Cablenut.com and broadbandnuts.com

Our one and only advertisement on the website helps us to keep all of this going. Clicking on the advert and checking them out not only helps us but helps them as well.

If you like something you see on Cyberonic Pick up the phone and give them a call.. You might be surprised when someone actually picks up the phone.

Thanks
1 comment | Write Comment



to the top

Thanks for Stopping by

All images, pages, logos & software found on this site are copyrighted under their perspective owners.COPYRIGHT 2000 CableNut Software and ccs files.
Site best viewed in 800x600 resolution or higher. Optimized for Internet Explorer 4.0 and higher.
Fight Spam! Click Here!