Issues from your ISP

Jacek · December 7, 2021, 3:29pm

I guess, they are trying to sell you stuff. I would buy a new cable modem / router on Amazon, and be done with them. Mine is maybe 10 years old, and every time I need to speak with them, they try to sell me a new one, plus are telling me that I need more bandwidth, as I am too dumb, and don’t understand the current requirements. A simple question for them about how much bandwidth one 1080p stream needs usually ends that nonsense.

If you get your own modem/router, you can disable remote control of it. This way, they cannot touch it. On the other hand, as long as you have their router, they can manipulate it (e.g., to prove it to you that you need to upgrade).

Potentially that was as a part of their new plan to restrict things like bittorent, …, and they pushed such changes to all their equipment in your region.

I am with them for quite long, and I really despise their service. However, the only other option is AT&T that suck as much or more. Every time I need to speak with them, my service is down for a day or so. So, having my own cable modem, at least stops them from doing some “experimental” of “for my own benefit” changes to it.

xkredr59 · December 7, 2021, 3:41pm

Not my question exactly but I feel reassured because I thought you were at great risk.
Now I get the idea you have a separate modem and router and you call the 10.x.x.x subnet in between your DMZ.
That’s perfectly fine of course, but I was under the impression you enabled the DMZ feature in your Netgear router, routing ALL inbound connections to your chia box.
Sorry for the misconception.

Jacek · December 7, 2021, 4:51pm

Thank you, I will try to do it today.

I would consider Nord VPN to be partially a scam that provides false information to boost their product. Even, the very first sentence about UPnP is wrong (“it is a protocol that allows devices to automatically connect to the network” - devices can connect to the network, when they are either put on an Ethernet or added to WiFi; UPnP can do zilch to bypass that, it is just a protocol for device to device communication - requesting or rendering services, and opening firewall ports is just such service)

By the way, DLNA is kind of UPnP with some extra specs, so I am familiar with both (actually was working on a simple DLNA/UPnP protocol stack for a company that I worked for at that time). That DLNA meeting about opening your home was exactly about IoT devices (including things like cable modems, printers, …).

Although, I would also include routers (e.g., Netgear, Linksys, …) in that list. They are usually very slow with addressing new threats (if address those at all). One problem with those is that we usually don’t pay attention to them and have them for a long time. Maybe it is time to go back to a pro router / firewall.

Another thing that would be high on my list are Android phones (don’t know much about security risks from iOS, but it may be the same).

Tried to continue watching that video, but it is just one false claim after another (about UPnP). Sorry, but Nord VPN is a scam from my point of view, and such videos are providing misleading information for those that cannot tell difference to boost sales of their product.

Although saying that is not the same as assuming that your IoT devices are all secure, etc. Some of those devices come from companies that have zero security expertise and/or zero budget for that, as such are inherent threats. A good example of that is what you have already mentioned - IP cameras. Such devices are sold basically at cost, and there is no room there for a solid security level. Those companies expertise is only to specify what plastic will be used for the lowest cost H/W on the list. To some degree, Netgear or Linksys operate the same way - they don’t design their H/W, don’t think that they write their own firmware.

xkredr59 · December 7, 2021, 5:17pm

Agreed, that video is very very lightweight and commercially biased, shouldn’t have linked to it. Certainly not addressing you saying its enabled in your router; in the mean time I pretty well understood you like a more fundamental approach of things

I guess the chia team wanted to ensure by default use of an uPnP request to users home routers there would be ample supply of full nodes available for inbound connections on port 8444. Some kind of user friendliness at last you could say… although that probably wasn’t the goal in the first place…

drhicom · December 7, 2021, 5:23pm

The modem doesn’t cost me anything. And their security guys are looking into some items. Someone maybe did an upgrade some place and broke something that was working.

Jacek · December 7, 2021, 5:36pm

As mentioned, I am also on Comcast, and my charge was either $5 or $10 / month (basically, after a year, my modem was paid off). Maybe it depends on the package you have, or region (more competition).

drhicom · December 7, 2021, 6:54pm

All our Xfinity services are paid by HOA, Tv, internet and alarm. If you want to up the download speed thats on your dime, the last speedtest.net was 362. I’m good, I remember 1.2 with ADSL.