!A question for Paradise Cable users

Discussion in 'NZ Computing' started by Max Burke, Jan 5, 2007.

  1. Max Burke

    Max Burke Guest

    I finally signed up for broadband with Paradise and got connected on
    Thursday. (40GB 2MB up/10MB down lightspeed plan)

    I use netmeter (http://readerror.gmxhome.de/) to monitor net connections,
    and it's reporting that there is continuous download activity (also being
    reported in Statbar) of about 1 - 2 Kb a second.

    There is no upload activity until I do something that causes upload
    activity.

    I have checked (by using some network monitoring tools) to see if anything
    running on my computer is doing this but nothing running on my computer is
    causing it.

    Would anyone have any idea what could be causing this or what else I should
    check before I fire up packet sniffers, call Telestra Clear, etc?

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
     
    Max Burke, Jan 5, 2007
    #1
    1. Advertising

  2. Max Burke

    Dave Taylor Guest

    "Max Burke" <> wrote in
    news:459ecaf1$:

    > I use netmeter (http://readerror.gmxhome.de/) to monitor net
    > connections, and it's reporting that there is continuous download
    > activity (also being reported in Statbar) of about 1 - 2 Kb a second.


    Get a sniffer and you will find that the little yellow modem light is
    flickering with all kinds of packets. Some are firmware upgrades for the
    modems, some are broadcasts and some are pings. Go get a router. TC
    filters nothing on the subnet. If you know what this means, you can find
    some interesting shares on the machines that you share your leg of the
    cable modem network. I found one that was called "Please don't delete
    anything in this share it is my uni work" LOL. The same machine had an
    open share with some files in it.

    Anyways, this is why most Cable ISPs filter 136-139 and 445. (SMB Ports if
    I remember)

    TC support will tell you to use the switch on the top of the modem to fix
    this "problem"

    --
    Ciao, Dave
     
    Dave Taylor, Jan 6, 2007
    #2
    1. Advertising

  3. Max Burke

    David Empson Guest

    Max Burke <> wrote:

    > I finally signed up for broadband with Paradise and got connected on
    > Thursday. (40GB 2MB up/10MB down lightspeed plan)
    >
    > I use netmeter (http://readerror.gmxhome.de/) to monitor net connections,
    > and it's reporting that there is continuous download activity (also being
    > reported in Statbar) of about 1 - 2 Kb a second.


    Do you have any kind of firewall or router between your computer and the
    cable modem?

    The cable network works somewhat like an Ethernet, with all traffic from
    everyone on the cable segment arriving at each cable modem. The modem
    itself filters out all of the traffic which is directly addressed to
    another node, but all broadcast traffic sent by anyone on the segment
    arrives at all cable modems and is passed through.

    This means that on a typical cable modem, you are getting a constant
    stream of ARP requests and other types of broadcasts, some of which are
    due to computers which are connected directly to the cable modem without
    a router, and are treating it like a local area network.

    This can cause some interesting problems. On one occasion I was trying
    to get a cable connection working with a router that I hadn't used
    before, and I had the computer set to be configured via DHCP. I was
    getting an address in the 172.16 range, and it appears this is because
    someone else on the segment was running a DHCP server that was giving
    out private addresses, and due to the broadcast nature of DHCP, it was
    happily giving out addresses to anyone on the entire segment who asked
    for one.

    This is also very insecure. If you don't have a router/firewall, then in
    theory anyone on your local segment has a LAN connection to your
    computer. For example, if you have file sharing enabled, anyone nearby
    could connect to it if they know the password. If you are running any
    version of Windows you are also at risk of being exposed to any viruses
    or other malware on other computers in the local cable segment.

    --
    David Empson
     
    David Empson, Jan 6, 2007
    #3
  4. Max Burke

    Enkidu Guest

    Max Burke wrote:
    > I finally signed up for broadband with Paradise and got connected on
    > Thursday. (40GB 2MB up/10MB down lightspeed plan)
    >
    > I use netmeter (http://readerror.gmxhome.de/) to monitor net
    > connections, and it's reporting that there is continuous download
    > activity (also being reported in Statbar) of about 1 - 2 Kb a second.
    >
    >
    > There is no upload activity until I do something that causes upload
    > activity.
    >
    > I have checked (by using some network monitoring tools) to see if
    > anything running on my computer is doing this but nothing running on
    > my computer is causing it.
    >
    > Would anyone have any idea what could be causing this or what else I
    > should check before I fire up packet sniffers, call Telestra Clear,
    > etc?
    >

    What ports/protocol?

    cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Jan 6, 2007
    #4
  5. Max Burke

    Mathew Good Guest

    On Sat, 6 Jan 2007 11:02:16 +1300, "Max Burke" <> wrote:

    >I finally signed up for broadband with Paradise and got connected on
    >Thursday. (40GB 2MB up/10MB down lightspeed plan)
    >
    >I use netmeter (http://readerror.gmxhome.de/) to monitor net connections,
    >and it's reporting that there is continuous download activity (also being
    >reported in Statbar) of about 1 - 2 Kb a second.
    >
    >There is no upload activity until I do something that causes upload
    >activity.
    >
    >I have checked (by using some network monitoring tools) to see if anything
    >running on my computer is doing this but nothing running on my computer is
    >causing it.
    >
    >Would anyone have any idea what could be causing this or what else I should
    >check before I fire up packet sniffers, call Telestra Clear, etc?




    Install the Kerio 2.1.5 Firewall that will tell you every thing..

    I do hope you are running a 2 way firewall.
     
    Mathew Good, Jan 6, 2007
    #5
  6. Max Burke

    Max Burke Guest

    > Dave Taylor scribbled:
    > "Max Burke" <> wrote in
    > news:459ecaf1$:


    > > I use netmeter (http://readerror.gmxhome.de/) to monitor net
    > > connections, and it's reporting that there is continuous download
    > > activity (also being reported in Statbar) of about 1 - 2 Kb a
    > > second.


    > Get a sniffer and you will find that the little yellow modem light is
    > flickering with all kinds of packets. Some are firmware upgrades for
    > the modems, some are broadcasts and some are pings. Go get a router.
    > TC filters nothing on the subnet. If you know what this means, you
    > can find some interesting shares on the machines that you share your
    > leg of the cable modem network. I found one that was called "Please
    > don't delete anything in this share it is my uni work" LOL. The
    > same machine had an open share with some files in it.


    There is just one computer conected to the cable modem and it's not conected
    to any other computer.

    > Anyways, this is why most Cable ISPs filter 136-139 and 445. (SMB
    > Ports if I remember)


    > TC support will tell you to use the switch on the top of the modem to
    > fix this "problem"


    That's the standby switch. I'm using it already when I dont want to be
    online.

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
     
    Max Burke, Jan 6, 2007
    #6
  7. Max Burke

    Max Burke Guest

    > David Empson scribbled:
    >> Max Burke <> wrote:
    >> I finally signed up for broadband with Paradise and got connected on
    >> Thursday. (40GB 2MB up/10MB down lightspeed plan)
    >> I use netmeter (http://readerror.gmxhome.de/) to monitor net
    >> connections, and it's reporting that there is continuous download
    >> activity (also being reported in Statbar) of about 1 - 2 Kb a
    >> second.


    > Do you have any kind of firewall or router between your computer and
    > the cable modem?


    Yes, two software firewalls, Trend Micro 2006, and Windows XP.

    > The cable network works somewhat like an Ethernet, with all traffic
    > from everyone on the cable segment arriving at each cable modem. The
    > modem itself filters out all of the traffic which is directly
    > addressed to another node, but all broadcast traffic sent by anyone
    > on the segment arrives at all cable modems and is passed through.


    This is a 'stand alone computer, it isn't on any local network of mine and
    is using a dierct connection to the Internet through the modem. Are you
    talking about the Telstraclear cable segment I would be connected to?

    > This means that on a typical cable modem, you are getting a constant
    > stream of ARP requests and other types of broadcasts, some of which
    > are due to computers which are connected directly to the cable modem
    > without a router, and are treating it like a local area network.


    > This can cause some interesting problems. On one occasion I was trying
    > to get a cable connection working with a router that I hadn't used
    > before, and I had the computer set to be configured via DHCP. I was
    > getting an address in the 172.16 range, and it appears this is because
    > someone else on the segment was running a DHCP server that was giving
    > out private addresses, and due to the broadcast nature of DHCP, it was
    > happily giving out addresses to anyone on the entire segment who asked
    > for one.
    > This is also very insecure. If you don't have a router/firewall, then
    > in theory anyone on your local segment has a LAN connection to your
    > computer. For example, if you have file sharing enabled, anyone nearby
    > could connect to it if they know the password. If you are running any
    > version of Windows you are also at risk of being exposed to any
    > viruses or other malware on other computers in the local cable
    > segment.


    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
     
    Max Burke, Jan 6, 2007
    #7
  8. Max Burke

    Max Burke Guest

    > Enkidu scribbled:

    >> Max Burke wrote:
    >> I finally signed up for broadband with Paradise and got connected on
    >> Thursday. (40GB 2MB up/10MB down lightspeed plan)
    >> I use netmeter (http://readerror.gmxhome.de/) to monitor net
    >> connections, and it's reporting that there is continuous download
    >> activity (also being reported in Statbar) of about 1 - 2 Kb a
    >> second.


    >> There is no upload activity until I do something that causes upload
    >> activity.


    >> I have checked (by using some network monitoring tools) to see if
    >> anything running on my computer is doing this but nothing running on
    >> my computer is causing it.


    >> Would anyone have any idea what could be causing this or what else I
    >> should check before I fire up packet sniffers, call Telestra Clear,
    >> etc?


    > What ports/protocol?


    Still looking into that...

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
     
    Max Burke, Jan 6, 2007
    #8
  9. Max Burke

    Max Burke Guest

    > Mathew Good scribbled:

    >> On Sat, 6 Jan 2007 11:02:16 +1300, "Max Burke"
    >> <> wrote:
    >> I finally signed up for broadband with Paradise and got connected on
    >> Thursday. (40GB 2MB up/10MB down lightspeed plan)


    >> I use netmeter (http://readerror.gmxhome.de/) to monitor net
    >> connections, and it's reporting that there is continuous download
    >> activity (also being reported in Statbar) of about 1 - 2 Kb a
    >> second.


    >> There is no upload activity until I do something that causes upload
    >> activity.


    >> I have checked (by using some network monitoring tools) to see if
    >> anything running on my computer is doing this but nothing running
    >> on my computer is causing it.
    >> Would anyone have any idea what could be causing this or what else
    >> I should check before I fire up packet sniffers, call Telestra
    >> Clear, etc?


    > Install the Kerio 2.1.5 Firewall that will tell you every thing..


    > I do hope you are running a 2 way firewall.


    I am. Trend Micro 2006, and Windows XP's firewall.

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
     
    Max Burke, Jan 6, 2007
    #9
  10. Max Burke

    Enkidu Guest

    Max Burke wrote:
    >> David Empson scribbled:
    >>> Max Burke <> wrote:
    >>> I finally signed up for broadband with Paradise and got connected on
    >>> Thursday. (40GB 2MB up/10MB down lightspeed plan)
    >>> I use netmeter (http://readerror.gmxhome.de/) to monitor net
    >>> connections, and it's reporting that there is continuous download
    >>> activity (also being reported in Statbar) of about 1 - 2 Kb a
    >>> second.

    >
    >> Do you have any kind of firewall or router between your computer and
    >> the cable modem?

    >
    > Yes, two software firewalls, Trend Micro 2006, and Windows XP.
    >
    >> The cable network works somewhat like an Ethernet, with all traffic
    >> from everyone on the cable segment arriving at each cable modem. The
    >> modem itself filters out all of the traffic which is directly
    >> addressed to another node, but all broadcast traffic sent by anyone
    >> on the segment arrives at all cable modems and is passed through.

    >
    > This is a 'stand alone computer, it isn't on any local network of mine
    > and is using a dierct connection to the Internet through the modem. Are
    > you talking about the Telstraclear cable segment I would be connected to?
    >

    Yes, he is. The TC Ethernet segment has many other computers on it
    (hundreds? Thousands, maybe). The TC ethernet segment is notoriously
    noisy for that reason.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Jan 6, 2007
    #10
  11. Max Burke wrote:
    > I finally signed up for broadband with Paradise and got connected on
    > Thursday. (40GB 2MB up/10MB down lightspeed plan)
    >
    > I use netmeter (http://readerror.gmxhome.de/) to monitor net
    > connections, and it's reporting that there is continuous download
    > activity (also being reported in Statbar) of about 1 - 2 Kb a second.
    >
    > There is no upload activity until I do something that causes upload
    > activity.
    >
    > I have checked (by using some network monitoring tools) to see if
    > anything running on my computer is doing this but nothing running on my
    > computer is causing it.
    >
    > Would anyone have any idea what could be causing this or what else I
    > should check before I fire up packet sniffers, call Telestra Clear, etc?



    To achieve a level of firewall go to your modem's configuration page at
    http://192.168.100.1/config.html

    Then check the "Enable DHCP Server" box and read the blurb underneath it:
    > The SURFboard cable modem can be used as a gateway to the Internet by a maximum of 32 users on a Local Area Network (LAN). When the Cable Modem is disconnected from the Internet, users on the LAN can be dynamically assigned IP Addresses by the Cable Modem DHCP Server. These addresses are assigned from an address pool which begins with 192.168.100.11 and ends with 192.168.100.42. Statically assigned IP addresses for other devices on the LAN should be chosen from outside of this range


    Now you'll need to configure your computer's network port to configure it's IP
    address by talking to the modem using DHCP (dodgy hardware control protocol?)

    This gives you quite good protection - outsiders can't connect directly to your
    computer.
     
    Mark Robinson, Jan 6, 2007
    #11
  12. Max Burke

    David Empson Guest

    Max Burke <> wrote:

    > > David Empson scribbled:
    > >> Max Burke <> wrote:
    > >> I finally signed up for broadband with Paradise and got connected on
    > >> Thursday. (40GB 2MB up/10MB down lightspeed plan)
    > >> I use netmeter (http://readerror.gmxhome.de/) to monitor net
    > >> connections, and it's reporting that there is continuous download
    > >> activity (also being reported in Statbar) of about 1 - 2 Kb a
    > >> second.

    >
    > > Do you have any kind of firewall or router between your computer and
    > > the cable modem?

    >
    > Yes, two software firewalls, Trend Micro 2006, and Windows XP.


    Software firewalls will probably be discarding all the irrelevant
    incoming traffic, but it is still arriving at your Ethernet controller,
    so it will be getting counted, and Netmeter is probably just reporting
    that counter.

    > > The cable network works somewhat like an Ethernet, with all traffic
    > > from everyone on the cable segment arriving at each cable modem. The
    > > modem itself filters out all of the traffic which is directly
    > > addressed to another node, but all broadcast traffic sent by anyone
    > > on the segment arrives at all cable modems and is passed through.

    >
    > This is a 'stand alone computer, it isn't on any local network of mine and
    > is using a dierct connection to the Internet through the modem.


    In order to connect multiple computers to a cable modem, you have to use
    a router with Network Address Translation, or be assigned multiple
    static IP addresses by TelstraClear.

    A single computer doesn't require a hardware router, but it helps to cut
    down the "background noise" on the cable segment, reducing some
    processing overhead on the computer (and counting unnecessary data).

    > Are you talking about the Telstraclear cable segment I would be connected
    > to?


    Yes, I am.

    The TC cable network consists of a series of segments, which are
    arranged geographically (at least one physical cable from the exchange,
    possibly several cables). Each segment is controlled by a "head end",
    which is also a router that forwards traffic between the segment and the
    Internet.

    Each segment also has a large number of cable modems connected (one for
    each customer: potentially several hundred). The segment acts almost
    exactly like an Ethernet: all transmissions by any cable modem or by the
    head-end are received by everything else on the segment (i.e. all other
    cable modems, and by the head-end).

    The cable modem is pretty dumb: it forwards everything it receives on
    the network which was broadcast, plus anything which is addressed
    directly to the connected computer (using the computer's Ethernet MAC
    address).

    I'm not sure whether there is an additional address involved for the
    cable modem itself - it could be doing MAC address translation to hide
    the details from the connected computer, or it could be learning the
    computer's MAC address and borrowing it for use on the cable segment
    (the visible effect is the same). The only evidence I have is that a
    computer in "promiscuous" mode connected directly to a cable modem is
    not able to receive anything except broadcasts (and traffic addressed to
    that computer), so the cable modem is definitely doing some filtering.

    The majority of the broadcasts are ARP requests (Address Resolution
    Protocol), which are due to computers trying to locate the physical
    address for specific IP addresses on their subnet (typically the
    head-end), or the head-end trying to locate a specific computer (and its
    cable modem). The reply gets sent directly to the cable modem which
    requested it, so other cable modems don't forward it to their connected
    computer.

    This means you can't snoop on other people's traffic, but any services
    which use broadcast to advertise themselves (particularly file sharing
    or similar) will be accessible to anyone on your cable segment.

    Even if you didn't run a firewall (a very bad idea), your computer would
    normally discard most of this broadcast traffic (e.g. an ARP request to
    another IP address), but some of it is recognised (e.g. picking up
    available file servers) and a miscreant might be able to attack your
    computer using a specially crafted broadcast or by determining your IP
    address by collecting a list of active addresses on the network (from
    the ARP requests they receive) and then attacking you directly.

    --
    David Empson
     
    David Empson, Jan 6, 2007
    #12
  13. Max Burke

    Mathew Good Guest

    On Sat, 6 Jan 2007 18:37:40 +1300, "Max Burke" <> wrote:

    >> Mathew Good scribbled:

    >
    >>> On Sat, 6 Jan 2007 11:02:16 +1300, "Max Burke"
    >>> <> wrote:
    >>> I finally signed up for broadband with Paradise and got connected on
    >>> Thursday. (40GB 2MB up/10MB down lightspeed plan)

    >
    >>> I use netmeter (http://readerror.gmxhome.de/) to monitor net
    >>> connections, and it's reporting that there is continuous download
    >>> activity (also being reported in Statbar) of about 1 - 2 Kb a
    >>> second.

    >
    >>> There is no upload activity until I do something that causes upload
    >>> activity.

    >
    >>> I have checked (by using some network monitoring tools) to see if
    >>> anything running on my computer is doing this but nothing running
    >>> on my computer is causing it.
    >>> Would anyone have any idea what could be causing this or what else
    >>> I should check before I fire up packet sniffers, call Telestra
    >>> Clear, etc?

    >
    >> Install the Kerio 2.1.5 Firewall that will tell you every thing..

    >
    >> I do hope you are running a 2 way firewall.

    >
    >I am. Trend Micro 2006, and Windows XP's firewall.




    Can the Trend stop out going calls, like Phone home Trojans..?


    That is what I mean about 2 Way, in/out

    Get Kerio with one simple click you can see all the connection..
     
    Mathew Good, Jan 6, 2007
    #13
  14. Max Burke

    Max Burke Guest

    > Mathew Good scribbled:

    >> On Sat, 6 Jan 2007 18:37:40 +1300, "Max Burke"


    > I do hope you are running a 2 way firewall.


    >> I am. Trend Micro 2006, and Windows XP's firewall.


    > Can the Trend stop out going calls, like Phone home Trojans..?


    Yes it can/does.

    > That is what I mean about 2 Way, in/out
    > Get Kerio with one simple click you can see all the connection..


    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
     
    Max Burke, Jan 6, 2007
    #14
  15. Max Burke

    jasen Guest

    On 2007-01-06, Mark Robinson <2tod.net> wrote:

    > address by talking to the modem using DHCP (dodgy hardware control protocol?)


    :)

    Dynamic Host Configuration Protocol.

    Bye.
    Jasen
     
    jasen, Jan 7, 2007
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sarns
    Replies:
    0
    Views:
    391
    Sarns
    Aug 7, 2003
  2. Invisible

    Paradise users STILL have worm problems

    Invisible, Nov 25, 2003, in forum: NZ Computing
    Replies:
    5
    Views:
    421
    T.N.O.
    Nov 28, 2003
  3. James McLaughlin

    Question for Paradise users...

    James McLaughlin, Mar 16, 2005, in forum: NZ Computing
    Replies:
    9
    Views:
    506
    Gerry
    Mar 18, 2005
  4. Max Burke
    Replies:
    8
    Views:
    414
    Max Burke
    Sep 27, 2007
  5. Giuen
    Replies:
    0
    Views:
    1,539
    Giuen
    Sep 12, 2008
Loading...

Share This Page