dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2427
share rss forum feed


Pabl0

join:2004-08-11
Canada

1 edit

This is a joke right? - Not any more.

So I am working with Teksavvy to try and get them to look in my area for congestion. Evenings I get about a quarter of the bandwidth I get in the day. I know cable is a shared connection but at extreme times simple browsing is sluggish.

Been sending info back via support page and I was instructed to do the following.

quote:
We will need to ping your computer from our side, so we ask that you leave the computer directly connected to the modem with any firewalls disabled.
I will admit I may be more paranoid than most about putting unprotected computers on the internet. On the other hand, I would imagine there is more than a few customers out there that have systems that are not 100% patched that run the risk of being in a world of hurt following these instructions.

I have a server in the States that I watch the logs on regularly. The number of times a day the system is probed and scanned by ip addresses that have no business doing so is remarkable. (Most addresses being from China)

Whoever is in charge of such policy and procedure should do some reading starting here:

»blog.gothamtg.com/2012/06/20/wha···al-time/

You need to find a better way to troubleshoot issues so you are not asking your customers computer to step out into the information highway unprotected and risk being turned in to a skid mark by a BOT driving a 18 wheeler.
--
From Arrested Development
Narrator: Then George Sr. stumbled across a loophole in the Mexican legal system.


George Sr.: (holding up cash) I have money.

bjlockie

join:2007-12-16
Ottawa, DSL

Re: This is a joke right?

Do it while you're on the phone with someone.



Angelo
The Network Guy
Premium
join:2002-06-18

1 recommendation

reply to Pabl0

If your paranoid about your OS state... you can use a live cd it wouldn't get your pc infected nor would it do any harm to your pc in any shape or form. Disabling your firewall for a few minutes of troubleshooting has minimal risk, your more at risk from drive by malware then this. Just my 2 cents



Pabl0

join:2004-08-11
Canada
reply to bjlockie

I think the practice as a whole is someting worth reconsidering.



jmck
formerly 'shaded'

join:2010-10-02
Ottawa, ON

you can still have a firewall but simply open up ICMP, but it does seem silly and dumb to ask that. it should be enough for you to simply provide whatever test results they need.



Pabl0

join:2004-08-11
Canada

said by jmck:

you can still have a firewall but simply open up ICMP, but it does seem silly and dumb to ask that. it should be enough for you to simply provide whatever test results they need.

I agree but in my experience so far anything short of complete compliance is an opportunity to blame your setup/equipment.

The latest on my is the trace route indicated there is a problem with the modem or the cable connected to the modem. More amusing.


jmck
formerly 'shaded'

join:2010-10-02
Ottawa, ON

maybe you can provide something better, get winmtr or mtr and run it against google.ca and report the results to them. let it run for a good 5-10 mins and it should help them identify the issue easier.



lazytolog

@no6.org.uk
reply to Pabl0

Most routers can be setup to reply WAN side ICMP packets, just look for the option. That'll save you from going bareback with the internet, LOL.



lazytolog

@46.28.109.x
reply to Angelo

said by Angelo:

If your paranoid about your OS state... you can use a live cd it wouldn't get your pc infected nor would it do any harm to your pc in any shape or form. Disabling your firewall for a few minutes of troubleshooting has minimal risk, your more at risk from drive by malware then this. Just my 2 cents

Seriously? You are actually recommending someone do that? You have no clue what his PC is already running in the background, the only thing 'barely' protecting his PC is filtering of WAN packets from exposing local services and whatnot.

I can understand how I might not worry about disabling the firewall on some of my systems, as I am aware of everything that is running on it. I surmise you have some decent level of ingrained policy and understanding on how things work, but assuming that another systems you have never touched is as well setup as yours is a terrible sign of temerity.

I learned pretty early not to trust systems or networks I haven't built or audited myself, and it was a costly mistake for the company.

Well, my 2 cents. Hope this saves you from a costly mistake in the future.

JeanPhilippe

join:2014-01-10
reply to Pabl0

No one is asking you to expose anything sensitive to the web.

Like Angelo said, a Live cd would contain the threat. (provided you disconnected your other drives.)

Not much else to say here.


JMJimmy

join:2008-07-23

1 recommendation

reply to Pabl0

DeepFreeze.

That said, I've run without a firewall for 6-7 years now. It's really not a big deal to do it over the short term.



TSI Kris
Premium
join:2013-11-18
Chatham, ON
reply to Pabl0

Hello Pabl0,

Your feedback is definitely appreciated, but perhaps I can shed some light on why we ask this to happen.

When we submit repair tickets to our vendors, one of the requirements is testing from our side as well as the results the customer has already submitted. In particular, we are required to run a minimum of 50 pings to the customer's current IP address.

Firewalls, routers, antivirus programs, etc. can cause these ICMP requests to be blocked often causing delays to the whole process. If we can ensure right away that the pings will be successful it also ensures that the ticketing process goes smoother and is resolved quicker.

Hopefully this helps clarify the situation.

Regards,
TSI Reanne



Pabl0

join:2004-08-11
Canada

I understand the issue. Customer equipment is a huge variable outside the control of TSI. Reducing complexity of that variable helps the tech troubleshoot. I am onboard with that. Up to a point.

What I find hard to believe is that TSI feels that the one troubleshooting step above is a suitable step for every customer who submits similar issues. This particular step is without risk and is a one size fits all step regardless of their operating system and patch level. There are a lot of assumptions being taken by TSI and I would hazard to guess that they would not claim any responsibility if something nefarious did happen to a costumers system.

In an ideal situation TSI would have the proper tools too access the modem and perform tests using that device effectively eliminating the customers equipment completely. Especially at the early stages of troubleshooting.

Instead they are forced in to collecting a lot of data from the customer equipment without truly knowing if, at the end of the day, there is still something on the system interfering with the connection. This is the risk with a reseller who has no direct access to their own product.

Its a hard situation but no an excuse to disregard real risk.

There are many ways on this particular incident I could work around the issue. That is not going to help the next customer that requests similar support.


MFido

join:2012-10-19
kudos:2
reply to Pabl0

said by Pabl0:

I will admit I may be more paranoid than most

You say it better than others

camelot

join:2008-04-12
Whitby, ON
Reviews:
·Start Communicat..
·TekSavvy Cable

1 edit
reply to TSI Kris

said by TSI Kris:

we are required to run a minimum of 50 pings to the customer's current IP address.

The day my ISP asks me to do this, is the day I cancel services with them. Your job is to troubleshoot the connection of the MODEM to your network, not my PC. You should have the tools to interrogate the modems- without needing to go beyond the modem.

I'm sorry, but in 20+ years, I've NEVER been "required" this step for troubleshooting purposes for an ISP.

That said, 50?? Really? You think the result would be any different if it was just 5?


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable
reply to jmck

said by jmck:

you can still have a firewall but simply open up ICMP, but it does seem silly and dumb to ask that. it should be enough for you to simply provide whatever test results they need.

I'd like to know how they'd ask you to do this on a Sagemcom, which blocks ICMP by default and doesnt have the setting to enable it.

Some people use the Sagemcom as their router, how does TSI expect them to bypass it?

Are they going to go thru with them to set up a PPPoE dialer on their computer?
--


rmortier

join:2010-01-22
reply to Pabl0

Yeah I always skip that step of the troubleshooting. I 100% completely agree with you. My router responds to ICMP packets so ping my router instead.


notfred

join:2012-09-15
Reviews:
·TekSavvy DSL
reply to camelot

said by camelot:

Your job is to troubleshoot the connection of the MODEM to your network, not my PC. You should have the tools to interrogate the modems- without needing to go beyond the modem.

TekSavvy don't for cable because the cable companies will not give them access to those tools. It's all part of the proceeding before the CRTC over TPIA with cable.

camelot

join:2008-04-12
Whitby, ON
Reviews:
·Start Communicat..
·TekSavvy Cable

said by notfred:

TekSavvy don't for cable because the cable companies will not give them access to those tools.

Not my problem. Just because Rogers/Cogeco won't give them the tools, does not mean I will expose my stuff to the wide open net. All of this is nonsense. It should have been hashed out a long time ago.

I will not give TSI permission or the ability to "Ping" my PC.

bn1221

join:2009-04-29
Cortland, NY

Chill out - put a Roku or PS3 out there for them to ping.



Striek

join:2011-04-09
Brampton, ON
reply to Pabl0

Relax. It's just a few pings. You don't need to disable the entire firewall, you just need to allow icmp echo requests.

I've left my machines open to pings for decades, never had an issue.

If Google can be secure leaving their boxes open to pings, so can you.



TypeS

join:2012-12-17
London, ON
kudos:1
Reviews:
·TekSavvy Cable
reply to camelot

said by camelot:

said by TSI Kris:

we are required to run a minimum of 50 pings to the customer's current IP address.

The day my ISP asks me to do this, is the day I cancel services with them. Your job is to troubleshoot the connection of the MODEM to your network, not my PC. You should have the tools to interrogate the modems- without needing to go beyond the modem.

I'm sorry, but in 20+ years, I've NEVER been "required" this step for troubleshooting purposes for an ISP.

That said, 50?? Really? You think the result would be any different if it was just 5?

Every single TPIA using Rogers network is required to do that step for slow speed troubleshooting. If you refuse it, ticket gets rejected. You also have to remember most TPIA cable modems are bridge, the real termination point of the connection is the device connected to the modem.

Only the cable provider (ie Rogers) can truly access the modem and they're not going to hand out those tools voluntarily.

said by camelot:

said by notfred:

TekSavvy don't for cable because the cable companies will not give them access to those tools.

Not my problem. Just because Rogers/Cogeco won't give them the tools, does not mean I will expose my stuff to the wide open net. All of this is nonsense. It should have been hashed out a long time ago.

I will not give TSI permission or the ability to "Ping" my PC.

Better not call in then if you ever have an issue with slow speeds or just go back to Rogers or Cogeco or whomever.

There's no "hashing it out". For someone who's been on this forum, you're clearly missing who these contracts between an incumbent and an IISP is created. An IISP only gets what the CRTC has mandated.


Pabl0

join:2004-08-11
Canada

said by TypeS:

An IISP only gets what the CRTC has mandated.

For sure. I do not envy the position TSI is in.They are certainly hamstrung by these rules.

There are many alternative options to the original instructions. The email I had was very detailed in every step to take in order to get all the data required to escalate the issue.

My point is simple. My experience with any ISP during troubleshooting is if you do not follow their instructions exactly word for word any deviation is used as a reason to assume the reported issues is likely a customer issue.

Therefore if I do any of the alternate suggestion in the thread I am non compliant and my issue will not be taken seriously.

I would not have been so annoyed if the instruction were something like the following:

quote:
In order to complete our troubleshooting we will need to be able to ping your external IP address. Provide us with your current external IP (Google "What is my ip address") and make sure your firewall or router is configure to respond to pings/ICMP request (Provide website that can help verify this). Once complete we will notify you and you can revert your settings as needed.
As I stated before leaving a computer on the internet without any firewall is not risk free. Also, is it terribly inconvenient for many customers to disconnect everything in the house for an unspecified amount of time and having to check for updates until we are given the go ahead to get every set back up.

The instructions I was given were a canned response that is likely used with many customers and that section warrants review.

I see two situations here:

The customer can not be trusted because they likely do not know their set up is causing the reported issue. If this is the case the customer should not be trusted to have a system that is in optimal condition to be placed directly on the modem unprotected.

OR

The customer is knowledgeable and is smart enough to have a fully patched optimized system that presents minimal risk when put directly on the internet without a firewall. This customer also is likely to have eliminated the possibility their equipment/setup was the problem in the first place.

You can't distrust the customers set up and trust that it is risk free when directly connected to the modem.

I know that at the end of the day TSI would not take responsibility should a un-patched system get exploited as a result of these instructions. Therefore the risk to TSI is negligible.

I am a pessimist working in IT and it has served me well to plan for the worst.


TypeS

join:2012-12-17
London, ON
kudos:1
Reviews:
·TekSavvy Cable

While I agree with allowing a router or firewall appliance to allow ICMP echo and reply.

Another thing Rogers will reject a ticket for is a router being connected. And they can't be fooled. They will take the first 3 octects from a MAC address of the device connected to the modem and find who the manufacturer is (anyone can do this). If they find out it's a router manufacturer, they will respond by saying "have the customer disconnect their home router".

I don't agree with all the troubleshooting steps, but at the end of the day the incumbent has final say.



Pabl0

join:2004-08-11
Canada

Enter MAC address spoofing



TSI Martin
Premium
join:2006-02-23
Chatham, ON
kudos:32

said by Pabl0:

Enter MAC address spoofing

This only lead to eventual DHCP IP assigning issues.


PlatooN

join:2007-02-13
Kitchener, ON
reply to TypeS

said by TypeS:

While I agree with allowing a router or firewall appliance to allow ICMP echo and reply.

Another thing Rogers will reject a ticket for is a router being connected. And they can't be fooled. They will take the first 3 octects from a MAC address of the device connected to the modem and find who the manufacturer is (anyone can do this). If they find out it's a router manufacturer, they will respond by saying "have the customer disconnect their home router".

I don't agree with all the troubleshooting steps, but at the end of the day the incumbent has final say.

nearly every major home router manufacture also makes NIC's.


TypeS

join:2012-12-17
London, ON
kudos:1
Reviews:
·TekSavvy Cable

But they are used far less than Realtek/Atheros/Intel NICs.

Also, the only one I've ever come across a number of times (and is discountinued) is the D-Link 530TX .

I don't think Linksys or D-Link make NIC cards anymore, never heard of any from Netgear or D-Link either.



TSI Martin
Premium
join:2006-02-23
Chatham, ON
kudos:32
reply to Pabl0

said by Pabl0:

quote:
In order to complete our troubleshooting we will need to be able to ping your external IP address. Provide us with your current external IP (Google "What is my ip address") and make sure your firewall or router is configure to respond to pings/ICMP request (Provide website that can help verify this). Once complete we will notify you and you can revert your settings as needed.

We have taken your feedback into consideration and have gone ahead and altered the way we ask for this to be done.

New text : We will need to ping your computer from our side, so we ask that you leave the computer directly connected to the modem with ICMP Responses allowed or your firewall disabled. Please note that once we have confirmed a ticket has been submitted for you, you may return your firewall settings to their previous state.

Thanks,
Martin
--
TSI Martin (Escalations / E-Services) - TekSavvy Solutions Inc.
Authorized TSI employee ( »»TekSavvy FAQ »Official support in the forum )
Follow us on Twitter : @TekSavvyCSR ; @TekSavvyNetwork


Pabl0

join:2004-08-11
Canada
reply to Pabl0

Re: This is a joke right? - Not any more.

Cool beans.

This is the part that makes TSI an attractive provider. With other providers my "rant" over this issue would be a topic of discussion for a few days and eventually find its way to the bottom of the heap as other discussion are started.

With TSI there is a reasonable chance that someone from the organization will take notice and a real response will be forthcoming. This is a rare thing for many organizations and should be acknowledged when it happens.

Thanks TSI and thanks Martin!