dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4946

PostJudge
@216.121.208.x

PostJudge to DigitalXeron

Anon

to DigitalXeron

Re: [INTERNET] Cogeco SNMP Warning & Router Issue

said by DigitalXeron:

Not too long ago, Cogeco reported to me that my organization was allegedly running an open, abusable NTP instance, turned out to be running on their own Cisco 800 series router installed at our premises.

The abuse department told me that it was my responsibility to call in to escalate the issue myself after I convinced them that it was their equipment. When I called in I practically got into an argument with one of the CSRs who insisted that their router cannot possibly run an open NTP instance, and that it is "just a tunnel" but it definitely was and still is to this very moment.

After all of this, the NTP instance on their router has not been turned off for several months since I reported it. The individuals I can get a hold of seem to have no knowledge of the status of anything of investigations of this nature, and they can't seem to get any status updates either.

While I appreciate Cogeco's forwardness on these kinds of things, I think the language they use is highly confrontational, especially using phrases like "If you are unable to address this threat immediately, we request that you temporarily disconnect your system from the internet until you are able to further investigate." — Of course in my instance I refused to disconnect because the issue was not the NTP instance run by my organization (which is secure) but rather a defective Cisco NTP instance that can't be locked down (as it appears).

Now, I think what Cogeco needs to do at this point in time is make their abuse department less confrontational and less threatening, providing education as to the possible cause of these sorts of issues. Their abuse department also needs more access to the layout of the Cogeco network as so they can identify what is customer equipment and what is their equipment.

Further, in the OP's case, Cogeco needs to be way less confrontational and more "Let's help you out and put our corporate weight behind you and we can both contact Netgear to get SNMP properly closed" OR "Hey, SNMP is filtered, we should update our criteria to exclude filtered from the positive results"

Agreed. Great post. It shows experience and understanding of the problem.

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

1 edit

DigitalXeron to urbanriot

Member

to urbanriot
said by urbanriot:

said by DigitalXeron:

Further, in the OP's case, Cogeco needs to be way less confrontational

Did you read the opening to this thread with the quoted email?

Not only did they politely advise the client what the client was responsible for, with educational links, they also sent the email from an address the client could respond to. Their email seems cooperative rather than confrontational

Though, the email seems to be rather alarmist in using terms of what could possibly happen, and does not illustrate how Cogeco came to identifying what customers are doing what activities. Did Cogeco wiretap the customer to sniff for certain traffic signatures? Did they get a complaint from an external company doing scans? Why was that company doing scans? Did they get an abuse complaint about an active attack?

When a company contacts you telling you that your network and/or computers are doing something illicit that you may not know about, that is a very touchy time and requires being more forthcoming than "you have this, do this".

In fact if an ISP were to receive a complaint like that, they would shrug it off as it didn't contain dates/times of any incident nor any logs or details as to where this information came from.
said by urbanriot:

I disagree that Cogeco should be directly aiding clients to resolve issues the client is responsible for. It's certainly 'bad' that Apple and Netgear provided equipment that responds to SNMP polls on the WAN port, but it shouldn't be Cogeco's responsibility to walk people through disabling functions that should not be enabled or working with clients to resolve third party issues.

The problem is often times providers and vendors will act like "it isn't possible" when presented an issue by a customer that goes against their normal troubleshooting procedures, and many many customers will not have the knowledge that the OP does in being able to work out that the vendor is indeed at fault for providing faulty equipment. Essentially the above email could cause an unskilled client of Cogeco's to spend money they didn't have to spend when they couldn't convince the manufacturer of the fault.

Too, it can put the client into a position where they're in between a rock and a hard place (in between two corporations with one threatening to shut off their service and the other claiming that it's not their fault and that the customer must have done something). Having the actual technical details that were used by Cogeco or whoever to identify clients would allow clients to forward that information to the vendor to provide real-world diagnostics as to what happened. These diagnostics would be less ignorable by vendors like Apple and Netgear if they were performed by a big name like Cogeco.
said by urbanriot:

It would make more monetary sense for Cogeco to simply block the offending ports; Of course then you'd have plenty of clients that would be upset about such a recourse.

If Netgear is providing erroneous information this issue belongs with Netgear, not Cogeco.

What about incidents like mine where Cogeco's own equipment is at fault and their abuse department blames the customer and expects the customer to fix that equipment because they are not in the loop as far as what *their* responsibility? Should I have to contact Cisco to have them give me information on how to disable NTP? Should I be looking at venues to replace the Cisco unit with a unit that I can disable NTP on and then request Cogeco give me the configuration to set my unit up? — After all, in sending the notice to me that they did they made it all my responsibility to fix the problem.

Cogeco_Peter
join:2012-10-03
Burlington, ON

Cogeco_Peter to Pilo101

Member

to Pilo101
Our security team has escalated the issue with Netgear to ensure that the security threats regarding the Open SNMP are resolved. Netgear has advised that a firmware update will be available for download by the end of August that should resolve the issue.

Pilo101
@24.141.22.x

Pilo101

Anon

Thanks. You guys should know that given that Netgear couldn't figure out what the problem was when I spent over 3 hours talking to them, and that Cogeco was threatening to cut my service off because of it, I bought a new router. All that said, Cogeco owes me the $150 I spent on a new router!

Nogeco
@216.121.208.x

Nogeco

Anon

said by Pilo101 :

Thanks. You guys should know that given that Netgear couldn't figure out what the problem was when I spent over 3 hours talking to them, and that Cogeco was threatening to cut my service off because of it, I bought a new router. All that said, Cogeco owes me the $150 I spent on a new router!

They really should be more responsible. They should have contacted Netgear and done more investigation on their end. Simply panicking with a email saying dos attacks and being so confrontational is just sloppy and lazy.

Why was this not brought up to Netgear BEFORE Cogeco was cutting off services. Cogeco has done a horrible job in handling this, and it's very unprofessional.

Also why is Cogeco the only ISP cutting peoples services off for having the R6100 router? There are thousands out there all around the world and Cogeco is the only ISP cutting peoples services off and telling people to buy a new router.

Someone high up at Cogeco should really review how this is being handled.
Pilo101
join:2014-08-20
Ancaster, ON

Pilo101

Member

^^^ THIS!!!

You hit the nail right on the head. I was speaking with a very frustrating supervisor yesterday who just could not wrap his head around precisely this point. He basically said that it isn't their responsibility to ensure that my network is secure. I called him on the fact that Netgear could not figure it out at the time and I had no choice but to buy a new router...basically they take no responsibility for the issue.

urbanriot
Premium Member
join:2004-10-18
Canada

urbanriot to DigitalXeron

Premium Member

to DigitalXeron
said by DigitalXeron:

Though, the email seems to be rather alarmist in using terms of what could possibly happen, and does not illustrate how Cogeco came to identifying what customers are doing what activities. Did Cogeco wiretap the customer to sniff for certain traffic signatures? Did they get a complaint from an external company doing scans? Why was that company doing scans? Did they get an abuse complaint about an active attack?

I would expect their polite warning is automatically triggered. The cause is irrelevant really, as the SNMP response should be disabled regardless of how it came to their attention.
said by DigitalXeron:

it can put the client into a position where they're in between a rock and a hard place (in between two corporations with one threatening to shut off their service and the other claiming that it's not their fault and that the customer must have done something).

That's a good point and hopefully the client would take Cogeco's offer "If [they] have any questions or concerns do not hesitate to contact us via the address below or simply click REPLY leaving the subject line intact so we can respond quickly". Then Cogeco could aid the client as they've done so here.

Unfortunately the OP did not follow directions and opted to call rather than reply to the email as suggested by the appropriate department and the difficulty in resolving this issue was ramped up.
said by DigitalXeron:

What about incidents like mine where Cogeco's own equipment is at fault and their abuse department blames the customer and expects the customer to fix that equipment because they are not in the loop as far as what *their* responsibility?

This isn't an incident like the one you suggest and the customer is responsible for their equipment. Kudos to Cogeco in taking the extra steps in communicating with Netgear on this issue.
Pilo101
join:2014-08-20
Ancaster, ON

Pilo101

Member

said by urbanriot:

Unfortunately the OP did not follow directions and opted to call rather than reply to the email as suggested by the appropriate department and the difficulty in resolving this issue was ramped up.

Really? That wasn't necessary. The call was to the right people. There were issues on the call to be sure, but they are solely due to the fact that the original CSR was snotty and not collaborative. Once it was escalated, the conversations were good...the issue is the aggressive stance, and the fact that this seems to be a problem with one router that only has issues with this one ISP. The collaborative approach for the ISP and the router mfg to work together on the issue before the customer faces nuclear winter is what should have happened.

BadUserJudge
@192.186.115.x

BadUserJudge to urbanriot

Anon

to urbanriot
said by urbanriot:

said by DigitalXeron:

Though, the email seems to be rather alarmist in using terms of what could possibly happen, and does not illustrate how Cogeco came to identifying what customers are doing what activities. Did Cogeco wiretap the customer to sniff for certain traffic signatures? Did they get a complaint from an external company doing scans? Why was that company doing scans? Did they get an abuse complaint about an active attack?

I would expect their polite warning is automatically triggered. The cause is irrelevant really, as the SNMP response should be disabled regardless of how it came to their attention.

This is wrong, as all SNMP is not bad. Just because something responds doesn't mean it's insecure. Further investigation is needed, and not doing that is lazy and sloppy security work.
said by urbanriot:

said by DigitalXeron:

it can put the client into a position where they're in between a rock and a hard place (in between two corporations with one threatening to shut off their service and the other claiming that it's not their fault and that the customer must have done something).

That's a good point and hopefully the client would take Cogeco's offer "If [they] have any questions or concerns do not hesitate to contact us via the address below or simply click REPLY leaving the subject line intact so we can respond quickly". Then Cogeco could aid the client as they've done so here.
Unfortunately the OP did not follow directions and opted to call rather than reply to the email as suggested by the appropriate department and the difficulty in resolving this issue was ramped up.

This is just confrontational and inflammatory posting, because you have no idea what you are talking about. I have replied to the email and got no answer back. Then what? You can't call them, you can't actually have a conversation with them on the phone. So if they don't respond they answer to nobody, and THE HIGHER UP MANAGEMENT AT COGECO HAS TO REVIEW HOW THIS IS BEING HANDLED TO NOT REPEAT THE SAME MISTAKES, AS IT IS COSTING PEOPLE MONEY
said by urbanriot:

said by DigitalXeron:

What about incidents like mine where Cogeco's own equipment is at fault and their abuse department blames the customer and expects the customer to fix that equipment because they are not in the loop as far as what *their* responsibility?

This isn't an incident like the one you suggest and the customer is responsible for their equipment. Kudos to Cogeco in taking the extra steps in communicating with Netgear on this issue.

It is an incident like the one he experienced. You have no experience in this, you don't even have the router in question about this. So why do you act like you're all high and mighty and know all the answers but you don't have a clue of the details of this situation but you act like you do. Cogeco needs to take more responsibility for these emails and it is expected of them to do more investigation and reach out to netgear or take responsibility for their OWN NETWORK before they start cutting off customers service.

Why you even want to argue that whatever Cogeco does is right without even understanding the situations is really a joke. You should really mind your own business and stop arguing about things you don't understand, but think you do.

COGECO IS THE ONLY ISP OUT OF THOUSANDS CUTTING PEOPLE OFF AND THREATENING THEM FOR SIMPLY HAVING A NETGEAR R6100 ROUTER, THIS IS WRONG. IF THEY CONTACTED NETGEAR BEFORE DOING THIS, THEY COULD HAVE A SOLUTION AND EMAIL THAT TO THE CUSTOMER. INSTEAD THEY CHOOSE TO SEND CONFRONTATIONAL EMAILS AND THREATENING DISCONNECTION

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

DigitalXeron to urbanriot

Member

to urbanriot
said by urbanriot:

I would expect their polite warning is automatically triggered. The cause is irrelevant really, as the SNMP response should be disabled regardless of how it came to their attention.

It is very relevant in diagnosing what state that port is in and how it responded because say if it wasn't "closed" or dropped but registered as "filtered" but set of an alarm, the customer may not have any SNMP service operational after all at which point it would be upon Cogeco to adjust their alarm thresholds to exclude that erroneous state. it's just like how on some systems/routers the ident port would come off as "closed" but not drop the port 113 traffic totally.

In network operations, providing as much information as possible is critical, including how that information was discovered and what happened, regardless if that network is a home network or a huge commercial ISP-class network or even corporate enterprise network. To do otherwise would be like taking away a cable guy's signal level equipment and telling him he needs to diagnose a problem on a line anyways, it is his responsibility to fix the problem but without full information there wouldn't be details on the characteristics of the problem thus he may not be able to fix the issue.

The sum of this is that you don't tell someone about a problem then send them into that problem blind while withholding information that could help them, it's just rude to.
said by urbanriot:

That's a good point and hopefully the client would take Cogeco's offer "If [they] have any questions or concerns do not hesitate to contact us via the address below or simply click REPLY leaving the subject line intact so we can respond quickly". Then Cogeco could aid the client as they've done so here.

Unfortunately the OP did not follow directions and opted to call rather than reply to the email as suggested by the appropriate department and the difficulty in resolving this issue was ramped up.

The call-in tech support procedures should then include if it is an issue whereas Cogeco security is involved, to get the security ticket number so they can look up the issue or call over to ask about the issue. This is so that they can then help the customer with the incident and tell them their next steps and possibly the information omitted by the "polite" mailing. Some customers simply work problems out better over the phone than they do via email.

But in my incident, the security department actually directed me to call the issue in anyways to create an escalated ticket, so there's definitely some cross-over going on. If the call-in support can't resolve the issue, the customer should be able to be transferred to someone who can. When I had my issue, at the least the commercial support rep had all the access to the issue after I gave them the ticket number etc, I wager it wouldn't be that much harder for the residential reps.
said by urbanriot:

This isn't an incident like the one you suggest and the customer is responsible for their equipment. Kudos to Cogeco in taking the extra steps in communicating with Netgear on this issue.

Agreed to the kudos to which I would like to personally thank them for doing the right thing in this situation.

But when Cogeco sends someone a message basically making them responsible for an issue — that person then becomes responsible to see the issue through. So if you drop a problem in my lap I'm going to feel responsible to see it resolved completely as so that the diagnostics that were originally used no longer return that bad result or see the diagnostic procedures changed so they exclude that issue. I don't want to be issued a warning in future for the same issue or risk being disconnected for not being compliant when there's a "left hand not knowing what the right hand is doing" issue.

BadUserJ
@192.186.115.x

BadUserJ

Anon

said by DigitalXeron:

But when Cogeco sends someone a message basically making them responsible for an issue — that person then becomes responsible to see the issue through. So if you drop a problem in my lap I'm going to feel responsible to see it resolved completely as so that the diagnostics that were originally used no longer return that bad result or see the diagnostic procedures changed so they exclude that issue. I don't want to be issued a warning in future for the same issue or risk being disconnected for not being compliant when there's a "left hand not knowing what the right hand is doing" issue.

Yes, and in this situation people who have no idea what they are talking about think SNMP can just be "turned off" by the user and Cogeco started with the same kind of lazy thinking and that's where you have the issue.

Turns out it's more involved than that and only a firmware upgrade can change the SNMP (which still remains to come out). Which proves the point that it's a filtered SNMP not vulnerable to what Cogeco thinks it is...anyways....

The point being is that the alarm bell emails didn't do anything but provide stress and grief to customers and could have been avoided if Cogeco did more investigation. They should have only sent those emails out when it was proven that they SNMP was being used in DOS attacks, which would be very apparent on both Cogeco's and the user end.

urbanriot
Premium Member
join:2004-10-18
Canada

urbanriot to BadUserJudge

Premium Member

to BadUserJudge
said by BadUserJudge :

This is wrong, as all SNMP is not bad. Just because something responds doesn't mean it's insecure. Further investigation is needed, and not doing that is lazy and sloppy security work.

said by BadUserJudge :

Why you even want to argue that whatever Cogeco does is right without even understanding the situations is really a joke.

These two quotes, together, illustrate a very good point concerning this thread in general.
said by BadUserJudge :

COGECO IS THE ONLY ISP OUT OF THOUSANDS CUTTING PEOPLE OFF AND THREATENING THEM FOR SIMPLY HAVING A NETGEAR R6100 ROUTER, THIS IS WRONG.

That's not true, no one has reported that they were cut off and the issue is not specifically related to a Netgear router, it affects anyone unintentionally and/or irresponsibly replying to internet SNMP polls.

Rather, Cogeco is an ISP that doesn't block SNMP like plenty of other ISP's do. This thread suggests it may be in Cogeco's best interest to simply block exploitable ports for residential accounts as the polite email path demonstrably leads to frustrated or upset users. This thread, with your visibly upset bold writings, wouldn't even exist if they instead opted to block SNMP; Blocking ports would lead to less frightened people.

For example, referring to Comcast's list shows they outright block SNMP:
»customer.comcast.com/hel ··· d-ports/

Rogers community forums also states that Rogers had sent emails in 2013 advising users the same as Cogeco.

On the Apple forums a Rogers customer stated he was actually cut off with their Apple Airport:
»discussions.apple.com/th ··· tstart=0

It seems this is not such a unique situation after all and, fortunately, it seems there's a light at the end of the tunnel for the OP (assuming Netgear gets their act together with a fix before Cogeco acts similarly to Rogers).
Expand your moderator at work

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

DigitalXeron to urbanriot

Member

to urbanriot

Re: [INTERNET] Cogeco SNMP Warning & Router Issue

said by urbanriot:

That's not true, no one has reported that they were cut off and the issue is not specifically related to a Netgear router, it affects anyone unintentionally and/or irresponsibly replying to internet SNMP polls.

If the OP's evidence is any indiciation, the SNMP port was registered as "filtered" as in it did not complete a handshake procedure. With how Cogeco blocks netbios ports, these ports ALSO come up as "filtered" which is Cogeco's own definition of blocking — by that parameter if the OP's diagnostics are fully correct Cogeco needs to adjust their detection parameters to exclude filtered ports.
said by urbanriot:

Rather, Cogeco is an ISP that doesn't block SNMP like plenty of other ISP's do. This thread suggests it may be in Cogeco's best interest to simply block exploitable ports for residential accounts as the polite email path demonstrably leads to frustrated or upset users. This thread, with your visibly upset bold writings, wouldn't even exist if they instead opted to block SNMP; Blocking ports would lead to less frightened people.

This doesn't address the fact Most of the Internet's exploits are delivered over port 80 and/or 443. It would eliminate a lot of problems for service providers to block that port, but to do so would be an exercise for the reader to think about. (Hint: HTTP)

I'm glad Cogeco has taken this route in blocking less. Blocking ports is only beneficial to networks that implement blocks and does not hold vendors responsible for poor development of their equipment or software. A significant problem here is one of user choice. Most users do not purchase a router expecting it to have serious security concerns beyond people cracking into the wireless network and don't think of their routers as "servers".

Blocking ports leads down a dark and scary path where networks quickly block more and more ports where it becomes a race to the bottom and networks become more and more draconian. This mentality has a chilling effect on innovation across the Internet as nobody would want to create a new service because it'll become blocked when it is discovered it contains a flaw as few will want to work with them to correct possible issues.

I agree that the all-caps alarmist posting is harmful and do not agree with the assertion of being singled out is in play and would encourage the poster to seek calm. I do understand the anger in that this is a symptom of a greater problem — A problem where corporate prettyprinting comes off as insulting to users where information that is very necessary to resolve issues is withheld and communication options become awkward for some people.
said by urbanriot:

It seems this is not such a unique situation after all and, fortunately, it seems there's a light at the end of the tunnel for the OP (assuming Netgear gets their act together with a fix before Cogeco acts similarly to Rogers).

Perhaps this example is in itself an example of why home router user interfaces are toxic in how they are limited and prevent user choice from fully configuring the device, including the firewall on those devices to successfully update the configuration. Vendors have "dumbed down" home routers way too far and do not provide even an option in most cases to gain full access to the device. Does the user truly ever fully own their router then? I don't think so.
Expand your moderator at work

urbanriot
Premium Member
join:2004-10-18
Canada

urbanriot to DigitalXeron

Premium Member

to DigitalXeron

Re: [INTERNET] Cogeco SNMP Warning & Router Issue

said by DigitalXeron:

This doesn't address the fact Most of the Internet's exploits are delivered over port 80 and/or 443.

I would say that's technically inaccurate to this thread and debating that would go beyond the scope of the Cogeco forum. The issue described in this thread is not referring to exploits per se but an unwitting contribution in malicious activities.
said by DigitalXeron:

I'm glad Cogeco has taken this route in blocking less.

I agree with this on a personal level since I share plenty of services through the internet on my residential account. However, I do not irresponsibly respond to SNMP polls so I personally would not have an issue with this blocked.

We'd agree that blocking port 80 or 443 would be rude. Blocking NTP? Well, I have no use to respond as a time server but if you could justify a need, then I suppose there's no issue. But SNMP? I have a difficult time justifying a residential need for responding to SNMP polls by legitimate requests, never mind the anonymous requests.

I expect if Cogeco blocked it by default that no one would notice but I'd be interested to hear from anyone that would notice and why.
said by DigitalXeron:

does not hold vendors responsible for poor development of their equipment or software.

I ultimately hold Apple, Netgear and anyone else responsible for these options. Apple is grossly negligent in the fact that they eliminated the ability to disable this option on newer versions of Mac OS and Netgear equally so by not offering the option.

Cogeco in playing the responsible party is blamed by people who do not understand the issue they, the customer, are responsible for.
said by DigitalXeron:

would encourage the poster to seek calm.

Perhaps your registered account soothing nature has convinced me to see your point of view.

Cogeco: You're doing something bad, stop it.

User: No I'm not!

Cogeco: Yes you are, turn off this option!

User: I don't have this option!

Cogeco: Oh...

So you did bring up a good point earlier, one that I can empathise with. If these devices have the capability to participate in malicious activity by default and the user can't resolve this on their own, could a company do more than simply force a user to stop doing what they're doing?

Option 1) Block the port. Barely anyone would notice and support calls would be minimal.

Option 2) Send out an automated email advising the client to reply for more information. Well, it seems people will respond with hostility and will call Cogeco, ramping up the support responsibilities.

Option 3) Send out an automated proactive email asking the client for more information as to the equipment the customer may be using and then respond with links as to how to resolve it or perhaps communicate with the network provider as to resolutions. Not sure if this is monetarily preferable to option 2, it might be.

In the end I might agree with you, that Option 3 may be the best option for all parties since I've already helped three friends resolve this issue. Or perhaps Option 1 might be the best option for Cogeco since it leads to minimal economic impact and user frustration. Tough call.

BadUserJ
@192.186.115.x

BadUserJ to urbanriot

Anon

to urbanriot
said by urbanriot:

These two quotes, together, illustrate a very good point concerning this thread in general.

Yes, they show you don't have the router in question and have no experience with SNMP besides what you google, even though you claim you're an expert (or think you are) with others. You think all SNMP is bad because you don't know any better.
said by BadUserJudge :

COGECO IS THE ONLY ISP OUT OF THOUSANDS CUTTING PEOPLE OFF AND THREATENING THEM FOR SIMPLY HAVING A NETGEAR R6100 ROUTER, THIS IS WRONG.

said by urbanriot:

That's not true, no one has reported that they were cut off
Rogers community forums also states that Rogers had sent emails in 2013 advising users the same as Cogeco.

On the Apple forums a Rogers customer stated he was actually cut off with their Apple Airport:
»discussions.apple.com/th ··· tstart=0

Cogeco has disconnected people over this, I know and have talked to these people and saw others on other forums "report" the same thing. I am sure you spent a lot of time doing your little google searches trying to prove me wrong, but it was a waste of time. As the best you can do is a single post, in the apple forums with no replies that's over a year old. That's a joke.

AND APPLE has an option to turn off snmp according to the user in that thread, so it's not like this specific situation that you seem to not want to even try to understand or seem to even grasp.
said by urbanriot:

example, referring to Comcast's list shows they outright block SNMP:
»customer.comcast.com/hel ··· d-ports/

For example comcast doesn't block snmp network wide:

»businesshelp.comcast.com ··· nternet/
said by urbanriot:

and the issue is not specifically related to a Netgear router, it affects anyone unintentionally and/or irresponsibly replying to internet SNMP polls.

THIS THREAD WAS STARTED AND PINPOINTED THE R6100 ROUTER AS THE PROBLEM. OTHER ROUTERS YOU CAN TURN OFF SNMP IN THE GUI SO IT'S NOT A BIG DEAL. THE R6100 YOU CAN'T. A FIRMWARE FIX IS ON THE WAY END OF AUGUST TO FIX THIS, THAT IS HELPFUL TO MANY DOING A SEARCH ON SNMP AND THE R6100 ROUTER. Despite Urbanriot's best efforts to state his opinion on something he has no idea about, and convolute the thread to make it harder for people to find help simply because it's critical of Cogeco that the white knight must defend.....again....a...joke.

Yes, of course there are other devices that can have SNMP wide open, but that's not the issue that OP has, that's not the issue people have with Cogeco about this. It's how Cogeco handles the situation and HOW THIS WAS HANDLED NEEDS TO BE REVIEWED BY HIGH UP MANAGEMENT AT COGECO, BECAUSE IT WAS THE WRONG WAY TO DO IT.

Nogeco
@216.121.208.x

Nogeco to DigitalXeron

Anon

to DigitalXeron
Urbinriot is wrong in that he doesn't understand this thread is about how cogeco handles SNMP on a specific router and not vague security issues. So to try an make points he veers it off topic so that he can make long winded posts.

The thread is about how cogeco handles the situation poorly about the r6100 router and how they should have contacted netgear and only contacted the customer when it was proven the router was used in a DOS attack, not before.

He doesn't seem to understand that and wants to go off on long winded points that prove nothing. Like the router that he linked to, can turn off snmp manually, so it's not even an issue. You get the email and turn off the SNMP. With the specific situation this thread is about, it can't be turned off by the user and needs a firmware upgrade.

This is what he seems to not get, or ignored. Either or it's annoying and keeps the thread from being useful for people with SNMP and the r6100 router by filling it with nonsense.

kim
MVM,
join:2001-03-25
ON

kim to Pilo101

MVM,

to Pilo101
Hey, I was just walking down the hall and heard some pretty heated debate going on in here so I thought I'd stick my head in the door and see what's what. Turns out you guys are struggling to stick to the facts and keep the personal stuff out of it so I thought I'd draw a picture of what may happen next if you don't step away from the line we discussed before.

Personal attacks cease or come back with Bubba who resembles Andre the Giant btw, he's in the middle of his Saturday tea party with the little girls. If I interrupt his tea party he will storm down here wearing his tiara and bling and you'll be sorry. Never, ever interrupt Bubba's tea parties.
Just sayin'

GoogleExpert
@216.121.208.x

GoogleExpert to urbanriot

Anon

to urbanriot
said by urbanriot:

That's not true, no one has reported that they were cut off and the issue is not specifically related to a Netgear router,

I have talked to Netgear over the phone who has stated they have replaced over 100 R6100 routers in "Canada" because of this issue. MANY of them said they were cut off because of the router and they say to take it up with your ISP (Cogeco). I have talked in person with two people who have had their service cut off because of this by Cogeco. You are so wrong it's not even funny, the funny part is you act like you know. Just stop it.

urbanriot
Premium Member
join:2004-10-18
Canada

urbanriot

Premium Member

said by BadUserJ :

AND APPLE has an option to turn off snmp according to the user in that thread, so it's not like this specific situation that you seem to not want to even try to understand or seem to even grasp.

Using google is unnecessary for those of us with technical experience. Updates to Mac OS nullify the ability for users to obtain access to that option within the Airport Utility. You require someone with an older version of Mac OS or a PC with an older version to change this option. Pro tip for you or anyone else that might need it, use Airport Utility 5.6.1.
said by BadUserJ :

I am sure you spent a lot of time doing your little google searches trying to prove me wrong, but it was a waste of time.

Again, those reviewing this thread with technical experience know better without using google. I could sit here and ask you to elaborate on your technical insight but you've already done a bang-up job alluding to the situation so there's no need for us both to waste time.
said by GoogleExpert :

]I have talked in person with two people who have had their service cut off because of this by Cogeco.

I don't believe you. I also don't believe that you've talked to Netgear. Your credibility, based on previous posts, is NIL.
Expand your moderator at work

GoogleExpert
@216.121.209.x

GoogleExpert to urbanriot

Anon

to urbanriot

Re: [INTERNET] Cogeco SNMP Warning & Router Issue

said by urbanriot:

Using google is unnecessary for those of us with technical experience. Updates to Mac OS nullify the ability for users to obtain access to that option within the Airport Utility. You require someone with an older version of Mac OS or a PC with an older version to change this option. Pro tip for you or anyone else that might need it, use Airport Utility 5.6.1.

Wrong again, you have to use an older Airport Utility app but that app runs on the latest OSX mavericks and all preceding OSX and it can be turned off during first install. So the point is IT CAN BE TURNED OFF BY THE USER . That you don't seem to understand.
said by urbanriot:

Again, those reviewing this thread with technical experience know better without using google. I could sit here and ask you to elaborate on your technical insight but you've already done a bang-up job alluding to the situation so there's no need for us both to waste time.

Nobody cares and reads this unless they have this problem (or way too much time on their hands). I have used the router in question, know SNMP protocol and understand how OID's work. You obviously don't have any understanding of all three.
said by urbanriot:

I don't believe you. I also don't believe that you've talked to Netgear. Your credibility, based on previous posts, is NIL.

That's because you don't know what you are talking about and just giving your opinion. I have pinpointed the router as the problem, CLI commands prove it;s not wide open SNMP, and relayed (communicated) that to Netgear and Cogeco which are going to have a fix out soon.

You don't have the router in question, never received the email about SNMP, never talked to Cogeco or Netgear about this problem. So you have the credibility issue and despite your best efforts to convolute the thread I am sure people will be helped by this thread who do a search.

urbanriot
Premium Member
join:2004-10-18
Canada

urbanriot

Premium Member

said by GoogleExpert :

Wrong again, you have to use an older Airport Utility app but that app runs on the latest OSX mavericks and all preceding OSX and it can be turned off during first install. So the point is IT CAN BE TURNED OFF BY THE USER . That you don't seem to understand.

Not out of the box it doesn't and it's also not available on the user's system. That you don't seem to understand.
said by GoogleExpert :

I have used the router in question, know SNMP protocol and understand how OID's work. You obviously don't have any understanding of all three.

Well then please, enlighten the network security industry as to how they're wrong and you're right. I'm sure many people would be pleased to read this and we could forward your results to all the big ISP's of the world for further enlightenment.

Please be as technical as possible so we can debate who does and does not have an understanding of the topic at hand.
Pilo101
join:2014-08-20
Ancaster, ON

Pilo101 to urbanriot

Member

to urbanriot
said by urbanriot:

I don't believe you. I also don't believe that you've talked to Netgear. Your credibility, based on previous posts, is NIL.

As the OP, let me add some to this as it is getting silly and emotional and everyone is missing the point. urbanriot, GoogleExpert is correct on this, there HAVE been people cut off on this and Netgear has been having an increase in calls about this (this is first hand).

All of this said, everyone is arguing the technical points of whether SNMP is bad, configurations, how an exploit can be used, whether unicorns exist...

I am disheartened to join this forum and see this spiral like this. If you guys want to argue the technical nuances of SNMP and Cogeco, please start another post. For this one, I posted this for a few reasons:

- To educate the community on something that happened
- Try and understand why this happened
- Establish a pattern if any
- Address the WAY that this was handled, and not whether it was or not.

As I have said repeatedly, my angst and frustration are towards the tactics and communication that was used by the ISP. If SNMP is a legitimate issue, fine, I get that, and I am not going to dispute it. Where I struggled was the nuclear winter, no time to properly get the situation resolved with the router supplier, threatening by the ISP, which left me and my family no choice but to either a) go without service (router) for a week while I waited for Netgear to RMA mine or b) buy a 'safe' router.

I had to choose b) for a number of reasons. In hindsight, a) would not have fixed my problem anyway as a new R6100 would have had the same issue!

That frustration, 4 hours with tech support, time shopping, configuring new router, etc combines for a very annoyed consumer.

It could have been prevented with a collaborative approach by the ISP with the Router mfg. This was done in the background and after the fact, and I applaud that, but for me, it was way too late.

Those are the facts. If the people here want to argue on SNMP, internet security fundamentals, then close this thread and lets move on.

Cogeco and I have talked a lot about this issue and we are where we are. Moving forward, this is a learning experience for the Cogeco team on balancing the needs of security with the fact that they are a service providing company and in the end, need to provide a minimum level of service and proactive communication to their customers. They fell down on this originally, and hopefully learn from this going forward.


doonsy
join:2002-03-15

1 recommendation

doonsy to Pilo101

Member

to Pilo101
this thread is full of lulz, keep up the good work.

nssadmin
@72.38.91.x

nssadmin to Pilo101

Anon

to Pilo101
said by Pilo101:

GoogleExpert is correct on this, there HAVE been people cut off on this and Netgear has been having an increase in calls about this (this is first hand).

Can you provide more information on that experience? I ask as we provide residential connectivity support for a number of clients who called us on the same day regarding this issue. Assuming everyone received the notifications on the same day, you'd think that they would be cut off already but we haven't heard back from them.

We do know that those infected with abusive malware are cut off pretty quickly but I have a feeling the delay on this issue is much less.

Perhaps a Cogeco representative can shed some light on how long a customer has to resolve this issue before they'll be cut off?

We've had at least 7 people call us, 2 of which we were able to walk through the process. The other 5 basically said they'll call us to fix the issue or have us install a new router if they get cut off.