dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11

TSI Kris
Premium Member
join:2013-11-18
Chatham, ON

TSI Kris to Pabl0

Premium Member

to Pabl0

Re: This is a joke right?

Hello Pabl0,

Your feedback is definitely appreciated, but perhaps I can shed some light on why we ask this to happen.

When we submit repair tickets to our vendors, one of the requirements is testing from our side as well as the results the customer has already submitted. In particular, we are required to run a minimum of 50 pings to the customer's current IP address.

Firewalls, routers, antivirus programs, etc. can cause these ICMP requests to be blocked often causing delays to the whole process. If we can ensure right away that the pings will be successful it also ensures that the ticketing process goes smoother and is resolved quicker.

Hopefully this helps clarify the situation.

Regards,
TSI Reanne

Pabl0
join:2004-08-11
Canada

Pabl0

Member

I understand the issue. Customer equipment is a huge variable outside the control of TSI. Reducing complexity of that variable helps the tech troubleshoot. I am onboard with that. Up to a point.

What I find hard to believe is that TSI feels that the one troubleshooting step above is a suitable step for every customer who submits similar issues. This particular step is without risk and is a one size fits all step regardless of their operating system and patch level. There are a lot of assumptions being taken by TSI and I would hazard to guess that they would not claim any responsibility if something nefarious did happen to a costumers system.

In an ideal situation TSI would have the proper tools too access the modem and perform tests using that device effectively eliminating the customers equipment completely. Especially at the early stages of troubleshooting.

Instead they are forced in to collecting a lot of data from the customer equipment without truly knowing if, at the end of the day, there is still something on the system interfering with the connection. This is the risk with a reseller who has no direct access to their own product.

Its a hard situation but no an excuse to disregard real risk.

There are many ways on this particular incident I could work around the issue. That is not going to help the next customer that requests similar support.
camelot
join:2008-04-12
Whitby, ON

1 edit

camelot to TSI Kris

Member

to TSI Kris
said by TSI Kris:

we are required to run a minimum of 50 pings to the customer's current IP address.

The day my ISP asks me to do this, is the day I cancel services with them. Your job is to troubleshoot the connection of the MODEM to your network, not my PC. You should have the tools to interrogate the modems- without needing to go beyond the modem.

I'm sorry, but in 20+ years, I've NEVER been "required" this step for troubleshooting purposes for an ISP.

That said, 50?? Really? You think the result would be any different if it was just 5?
notfred
join:2012-09-15

notfred

Member

said by camelot:

Your job is to troubleshoot the connection of the MODEM to your network, not my PC. You should have the tools to interrogate the modems- without needing to go beyond the modem.

TekSavvy don't for cable because the cable companies will not give them access to those tools. It's all part of the proceeding before the CRTC over TPIA with cable.
camelot
join:2008-04-12
Whitby, ON

camelot

Member

said by notfred:

TekSavvy don't for cable because the cable companies will not give them access to those tools.

Not my problem. Just because Rogers/Cogeco won't give them the tools, does not mean I will expose my stuff to the wide open net. All of this is nonsense. It should have been hashed out a long time ago.

I will not give TSI permission or the ability to "Ping" my PC.

Eagles1221
join:2009-04-29
Vincentown, NJ

Eagles1221

Member

Chill out - put a Roku or PS3 out there for them to ping.

TypeS
join:2012-12-17
London, ON

TypeS to camelot

Member

to camelot
said by camelot:

said by TSI Kris:

we are required to run a minimum of 50 pings to the customer's current IP address.

The day my ISP asks me to do this, is the day I cancel services with them. Your job is to troubleshoot the connection of the MODEM to your network, not my PC. You should have the tools to interrogate the modems- without needing to go beyond the modem.

I'm sorry, but in 20+ years, I've NEVER been "required" this step for troubleshooting purposes for an ISP.

That said, 50?? Really? You think the result would be any different if it was just 5?

Every single TPIA using Rogers network is required to do that step for slow speed troubleshooting. If you refuse it, ticket gets rejected. You also have to remember most TPIA cable modems are bridge, the real termination point of the connection is the device connected to the modem.

Only the cable provider (ie Rogers) can truly access the modem and they're not going to hand out those tools voluntarily.
said by camelot:

said by notfred:

TekSavvy don't for cable because the cable companies will not give them access to those tools.

Not my problem. Just because Rogers/Cogeco won't give them the tools, does not mean I will expose my stuff to the wide open net. All of this is nonsense. It should have been hashed out a long time ago.

I will not give TSI permission or the ability to "Ping" my PC.

Better not call in then if you ever have an issue with slow speeds or just go back to Rogers or Cogeco or whomever.

There's no "hashing it out". For someone who's been on this forum, you're clearly missing who these contracts between an incumbent and an IISP is created. An IISP only gets what the CRTC has mandated.

Pabl0
join:2004-08-11
Canada

Pabl0

Member

said by TypeS:

An IISP only gets what the CRTC has mandated.

For sure. I do not envy the position TSI is in.They are certainly hamstrung by these rules.

There are many alternative options to the original instructions. The email I had was very detailed in every step to take in order to get all the data required to escalate the issue.

My point is simple. My experience with any ISP during troubleshooting is if you do not follow their instructions exactly word for word any deviation is used as a reason to assume the reported issues is likely a customer issue.

Therefore if I do any of the alternate suggestion in the thread I am non compliant and my issue will not be taken seriously.

I would not have been so annoyed if the instruction were something like the following:
quote:
In order to complete our troubleshooting we will need to be able to ping your external IP address. Provide us with your current external IP (Google "What is my ip address") and make sure your firewall or router is configure to respond to pings/ICMP request (Provide website that can help verify this). Once complete we will notify you and you can revert your settings as needed.
As I stated before leaving a computer on the internet without any firewall is not risk free. Also, is it terribly inconvenient for many customers to disconnect everything in the house for an unspecified amount of time and having to check for updates until we are given the go ahead to get every set back up.

The instructions I was given were a canned response that is likely used with many customers and that section warrants review.

I see two situations here:

The customer can not be trusted because they likely do not know their set up is causing the reported issue. If this is the case the customer should not be trusted to have a system that is in optimal condition to be placed directly on the modem unprotected.

OR

The customer is knowledgeable and is smart enough to have a fully patched optimized system that presents minimal risk when put directly on the internet without a firewall. This customer also is likely to have eliminated the possibility their equipment/setup was the problem in the first place.

You can't distrust the customers set up and trust that it is risk free when directly connected to the modem.

I know that at the end of the day TSI would not take responsibility should a un-patched system get exploited as a result of these instructions. Therefore the risk to TSI is negligible.

I am a pessimist working in IT and it has served me well to plan for the worst.

TypeS
join:2012-12-17
London, ON

TypeS

Member

While I agree with allowing a router or firewall appliance to allow ICMP echo and reply.

Another thing Rogers will reject a ticket for is a router being connected. And they can't be fooled. They will take the first 3 octects from a MAC address of the device connected to the modem and find who the manufacturer is (anyone can do this). If they find out it's a router manufacturer, they will respond by saying "have the customer disconnect their home router".

I don't agree with all the troubleshooting steps, but at the end of the day the incumbent has final say.

Pabl0
join:2004-08-11
Canada

Pabl0

Member

Enter MAC address spoofing

JenSuisUn
Premium Member
join:2006-02-23
Chatham, ON

JenSuisUn

Premium Member

said by Pabl0:

Enter MAC address spoofing

This only lead to eventual DHCP IP assigning issues.

PlatooN
join:2007-02-13
Kitchener, ON

PlatooN to TypeS

Member

to TypeS
said by TypeS:

While I agree with allowing a router or firewall appliance to allow ICMP echo and reply.

Another thing Rogers will reject a ticket for is a router being connected. And they can't be fooled. They will take the first 3 octects from a MAC address of the device connected to the modem and find who the manufacturer is (anyone can do this). If they find out it's a router manufacturer, they will respond by saying "have the customer disconnect their home router".

I don't agree with all the troubleshooting steps, but at the end of the day the incumbent has final say.

nearly every major home router manufacture also makes NIC's.

hummokay
@torservers.net

hummokay to JenSuisUn

Anon

to JenSuisUn
said by JenSuisUn:

said by Pabl0:

Enter MAC address spoofing

This only lead to eventual DHCP IP assigning issues.

Hmm... I have to confess, I have been using a Juniper OUI for my spoofed MAC on DSL for a long time (5+ years). Does that cause issues?

(I made it up early on just because it was 'cool', now I don't know if I should revert to something more reasonable or doing so now could cause problems; yea, I know, it was stupid of me back then)

TypeS
join:2012-12-17
London, ON

TypeS to PlatooN

Member

to PlatooN
But they are used far less than Realtek/Atheros/Intel NICs.

Also, the only one I've ever come across a number of times (and is discountinued) is the D-Link 530TX .

I don't think Linksys or D-Link make NIC cards anymore, never heard of any from Netgear or D-Link either.

JenSuisUn
Premium Member
join:2006-02-23
Chatham, ON

JenSuisUn to Pabl0

Premium Member

to Pabl0
said by Pabl0:

quote:
In order to complete our troubleshooting we will need to be able to ping your external IP address. Provide us with your current external IP (Google "What is my ip address") and make sure your firewall or router is configure to respond to pings/ICMP request (Provide website that can help verify this). Once complete we will notify you and you can revert your settings as needed.

We have taken your feedback into consideration and have gone ahead and altered the way we ask for this to be done.

New text : We will need to ping your computer from our side, so we ask that you leave the computer directly connected to the modem with ICMP Responses allowed or your firewall disabled. Please note that once we have confirmed a ticket has been submitted for you, you may return your firewall settings to their previous state.

Thanks,
Martin
JenSuisUn

JenSuisUn to hummokay

Premium Member

to hummokay
said by hummokay :

Hmm... I have to confess, I have been using a Juniper OUI for my spoofed MAC on DSL for a long time (5+ years). Does that cause issues?

Since DSL doesn't use the MAC in any way, it won't matter. Cable detects the MAC address connected to the modem & as such may do a difference.

I wouldn't worry to much about it.

Regards,
Martin
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

1 recommendation

MaynardKrebs to TSI Kris

Premium Member

to TSI Kris
said by TSI Kris:

@TSI Reanne

Firewalls, routers, antivirus programs, etc. can cause these ICMP requests to be blocked often causing delays to the whole process. If we can ensure right away that the pings will be successful it also ensures that the ticketing process goes smoother and is resolved quicker.

Fair enough.

So, to make this process go easier for customers who need to go down this path, why doesn't TSI have a Linux "Live CD" downloadable image on the TSI support pages - a bootable CD image and a bootable USB stick image (in case there needs to be some USB stick tweaks to make it work). It would be an image which TSI can vouch for (MD5 checksum, etc....) and known to produce the test results you need to carp @ the incumbents.

You'd also have a set of instructions - complete with pictures - to show customers how to use it (a video maybe).

TSI could update the Live CD images as needed over time.

n3k0
@teksavvy.com

n3k0

Anon

said by MaynardKrebs:

Fair enough.

...TSI could update the Live CD images as needed over time.

Or a simple batch file/script which would complete all the steps necessary to complete the tests.
kanatamike
join:2013-07-19
Kanata, ON

kanatamike to camelot

Member

to camelot
said by camelot:

That said, 50?? Really? You think the result would be any different if it was just 5?

How do you expect to detect 2% packet loss with only 5 pings?
kanatamike

kanatamike to camelot

Member

to camelot
said by camelot:

I will not give TSI permission or the ability to "Ping" my PC.

This is pretty much the height of paranoia. Can't do any damage with a ping. Can't test a connection without a ping.
kanatamike

kanatamike to JenSuisUn

Member

to JenSuisUn
said by JenSuisUn:

said by Pabl0:

Enter MAC address spoofing

This only lead to eventual DHCP IP assigning issues.

Why would this lead to DHCP IP assigning issues? There is no reason whatsoever that this should be a problem. Unless, of course, you have unlimited lease times. But you wouldn't do that, right?

Pabl0
join:2004-08-11
Canada

Pabl0 to kanatamike

Member

to kanatamike
said by kanatamike:

said by camelot:

I will not give TSI permission or the ability to "Ping" my PC.

This is pretty much the height of paranoia. Can't do any damage with a ping. Can't test a connection without a ping.

I thought I was paranoid. Regardless of permission pings are going to happen.

Better watch out for these nefarious pings from the orient.

lleader
join:2011-01-01
Mississauga, ON

lleader

Member

said by Pabl0:

pings from the orient

I thought they went more for ping-pong...

torobull123
join:2009-06-20

torobull123

Member

Getting crazy TSI network congestion in Toronto. Pings are fine. Speeds fluctuate like crazy. 1/3rd of sync max.

lazytolog
@no6.org.uk

lazytolog to Pabl0

Anon

to Pabl0
said by Pabl0:

said by kanatamike:

said by camelot:

I will not give TSI permission or the ability to "Ping" my PC.

This is pretty much the height of paranoia. Can't do any damage with a ping. Can't test a connection without a ping.

I thought I was paranoid. Regardless of permission pings are going to happen.

Better watch out for these nefarious pings from the orient.

Let me reassure you, I am most likely amongst the most paranoid of the denizens of the net (well, surely there are those whom would go as far as to build their own PC from scratch with IC chips and custom made boards... unfortunately, I'm not that far out lol). Yet, I enjoy leaving fully open DMZ on certain systems in hopes of catching some interesting 'arthropods' (most of the time amateurish, but sometime there are a few gems). I don't mind at all being pingable (well, it's always about context and your threat model... I could go into a tedious and tortuous rant about it... so I'll spare you), it's, overall, more useful for me to have ICMP working from WAN than to lament myself about being 'detected' or 'targeted'. Anyways, there are still ways to detect endpoints that are 'almost' akin to a black hole (as long as it's 'almost' but not yet, it's detectable), so... ya... if I had enough reasons, your puny router would not have mattered in the least. One could exfiltrate data through even a fascist firewalls with simple techniques such as pseudo-randomized packet delays (jitterbug for the intrigued).

To put things into perspective, nowadays, you'll see frequent port scans from random points of the internet (obviously, a lot from china), often simply because an idiot just decided to scan the whole internet with his new gizmo, and you just happened to be amongst the first randomized targets, soon enough he'll be bored and shut it down after maybe scanning 1000 to 25000 IP's without understanding the results of his fruitless and purposeless waste of time. Even governments armed with their latest "quantum-hyperion-deep-soul-searching-fractal-based-evolutionary-algorithm" thingamajig have a fairly hard time trying to slush their way through the deluge of data we make today. Nonetheless, they are actually making their country weaker by preparing the sliver of intelligible data they could extract and serving it on a silver plate all ready to be used by internal and foreign adversaries.

Well, I forgot what I was getting at, and this is just too laborious and becoming too long for my lazy brain... I don't want to read myself back... I guess the take away is: one should only worry and take precautions against specifically targeted attacks by individuals/organizations which holds a reason to influence you or your entourage in any way (true freedom is pivotal in the continued progress of our civilization, otherwise we'll stagnate into another period of 'dark ages', our history as a multiethnic specie is littered with them, and not just the Middle Ages everyone knows about).

PlatooN
join:2007-02-13
Kitchener, ON

PlatooN to TypeS

Member

to TypeS
said by TypeS:

But they are used far less than Realtek/Atheros/Intel NICs.

Also, the only one I've ever come across a number of times (and is discountinued) is the D-Link 530TX .

I don't think Linksys or D-Link make NIC cards anymore, never heard of any from Netgear or D-Link either.

Sure, but are they going to come to your home and check what's in your PC? Doubtful.

what they care about it CAN they ping you, not WHAT they are pinging. Just say "I am pingable, yes that is my pc connected directly"
InvalidError
join:2008-02-03

InvalidError to kanatamike

Member

to kanatamike
said by kanatamike:

Why would this lead to DHCP IP assigning issues? There is no reason whatsoever that this should be a problem.

The only case where it may cause a problem is if two devices on the same network happen to use the same MAC address. The likelihood of the same DHCP system seeing two instances of the same MAC address under normal circumstances where people either use their router as-is or clone a MAC off their own LAN is pretty low but it can happen if someone is using a randomized MAC that happens to match yours. When it does, weird stuff may happen.
geokilla
join:2010-10-04
North York, ON

geokilla to JenSuisUn

Member

to JenSuisUn
said by JenSuisUn:

said by Pabl0:

quote:
In order to complete our troubleshooting we will need to be able to ping your external IP address. Provide us with your current external IP (Google "What is my ip address") and make sure your firewall or router is configure to respond to pings/ICMP request (Provide website that can help verify this). Once complete we will notify you and you can revert your settings as needed.

We have taken your feedback into consideration and have gone ahead and altered the way we ask for this to be done.

New text : We will need to ping your computer from our side, so we ask that you leave the computer directly connected to the modem with ICMP Responses allowed or your firewall disabled. Please note that once we have confirmed a ticket has been submitted for you, you may return your firewall settings to their previous state.

Thanks,
Martin

And what is ICMP?

JenSuisUn
Premium Member
join:2006-02-23
Chatham, ON

JenSuisUn

Premium Member

Simply put, allow ping requests. But typically firewalls will use the proper term, which is ICMP. Ping is more of an action taken using the Internet Control Message Protocol.

Quote Wikipedia
quote:
The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages.[1] It is assigned protocol number 1.[2] ICMP[3] differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute).
Regards,
Martin