Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)2degrees: Changes to IP Addresses (CGNAT)
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | ... | 32
Tinkerisk
4800 posts

Uber Geek
+1 received by user: 3660


  #2351498 11-Nov-2019 11:07
Send private message

BarTender:

 

... proir cutting their service over to CGNAT?

 

Nope, prior informing the customers.

 

Fairly sure an ISP port scanning a customer without prior consent would get into trouble with regards to the privacy act and the misuse of computers section of the crimes act.

 

According to the UKUSA agreement NZ is one of five eye states - you just let the other states spy on your citizens and you are clean. :-) And you don't have to read the content just to see traffic. A postman doesn't read the letters he brings ... usually.

 

Also assumes that the customer hasn't firewalled the source IP.

 

Either the customer is too stupid or he's not ... if not, he should be informed :-)




     

  • Qui nihil scit, omnia credere debet.
  • Firewalls do NOT stop dragons.
  • In effect we have everything to hide from someone, and no idea who someone is.



BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #2351507 11-Nov-2019 11:25
Send private message

Tinkerisk:

 

BarTender: Fairly sure an ISP port scanning a customer without prior consent would get into trouble with regards to the privacy act and the misuse of computers section of the crimes act.

 

According to the UKUSA agreement NZ is one of five eye states - you just let the other states spy on your citizens and you are clean. :-) And you don't have to read the content just to see traffic. A postman doesn't read the letters he brings ... usually.

 

That's not how it works. 🤦 ISPs aren't part of the government security services and can't go capturing individual customer traffic (unless it is causing harm to the ISPs network as included quite often in the ISPs T&C's which this wouldn't apply) or performing an intrusive action against their connection without their consent or under a warrant. IANAL but I would think doing an unsolicited port scan of a customers connection would fall under the misuse of computers section of the crimes act and unless it was covered in the T&Cs which I highly doubt.

 

252 Accessing computer system without authorisation

 

(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.

 

 

You are either being obtuse or fail to understand the legal ramifications of an ISP doing a port scan across their entire customer base without prior consent or expressly written into their T&Cs.

 

Either the customer is too stupid or he's not ... if not, he should be informed :-)

 

Again you are completely avoiding the statement about the ramifications of notifying an entire customer base and the significant impact that would have on the service desk of a change that will impact a very minor percentage of their customer base.

 

Someone who has the smarts to open a firewall port should also have the smarts to diagnose what happened when it stops working.

 

And minor edit here on the above. If someone has opened port 22 to permit SSH, but then firewalled off the source IP to only be from nominated IP addresses. If an ISP gets through all the legal jeopardy and port scans you then they wouldn't / shouldn't (depending on how the firewall was setup) get a response when port scanning. Also what happens if they switch the connection off at night they would be no better off as the target customer wouldn't be notified. Doing a port scan with meaningful results across a whole customer base is a MASSIVE undertaking with little or no value.

sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2351510 11-Nov-2019 11:38
Send private message

BarTender:

 

If you ever needed a barometer of how much the impact is I always recommend going to the Facebook page of the provider. If it is seriously a problem then there would be at least 10-20 posts about it and everyone jumping on-board about how disgruntled they were. After a quick scroll of at least 10 pages I couldn't find even a single mention..... So what does that tell me?

 

 

It says that for 99.9% of users there will be zero impact as a result of this change.

 

 

 

 



Tinkerisk
4800 posts

Uber Geek
+1 received by user: 3660


  #2351722 11-Nov-2019 16:47
Send private message

BarTender: That's not how it works. 🤦

 

I was just a little bit sarcastic but this wasn't obvious enough - maybe. At the end I'm happy this (not noticing customers even when 0.0001%) can't happen were I live without serious consequences for the ISP if the distribution of static IPs would be handled like the wind blows - especially when communicated otherwise on a webpage before.




     

  • Qui nihil scit, omnia credere debet.
  • Firewalls do NOT stop dragons.
  • In effect we have everything to hide from someone, and no idea who someone is.

BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #2352041 12-Nov-2019 09:18
Send private message

Tinkerisk:

 

BarTender: That's not how it works. 🤦

 

I was just a little bit sarcastic but this wasn't obvious enough - maybe. At the end I'm happy this (not noticing customers even when 0.0001%) can't happen were I live without serious consequences for the ISP if the distribution of static IPs would be handled like the wind blows - especially when communicated otherwise on a webpage before.

 

 

Again it's not how this works.

 

Thinking about this from a purely practical point of view. After 2D have put in CGNAT a whole lot of their address space becomes available. Last time I looked at CGNAT in earnest depending on how your CGNAT box worked you would pre-allocate 100 ports per customer. Then when more than 20/100/whatever ports get established you allocate more port groups for the subscriber.

 

If you went for 100 ports per customer as default that would mean you could squeeze 163k customers into a single /24 (Assuming 252 usable IPs) (65000/100 = (650 * 252) = 163800). Again assuming 2D have that many fixed customers as I couldn't easily find their fixed customer count anywhere.

 

To then hand out a dozen or so "free" Static IPs for those who complain or start charging them $10 per month it is all money in the bank as either way you are far better off than you were beforehand in regards to IP address allocation if you were running very close to the line in regards to address availability.

 

If 2D were super smart and wanted to save on capital investment (which they may be??) they would leverage their existing mobile core CGNAT box which no doubt is over specified for the job with a new virtual router for fixed broadband and then pump from the fixed broadband BNGs to the Mobile CGNAT box and out to the internet. Savings all around and puts them into a place they will never run out of IPv4 addresses.

 

But the simple commercial reality is that it is still far far cheaper in time and effort to deal with the very small minority complaining here via the service desk than to put any effort into either sending out communications which would slam the service desk or doing any research into who runs services at home and trying to communicate with the smaller number directly knowing that any research would be significantly flawed or get them into legal hotwater.

jonathan18
7415 posts

Uber Geek
+1 received by user: 2850

ID Verified
Trusted

  #2364693 2-Dec-2019 14:10
Send private message

I've read over/skimmed all 21 pages of this thread - there's 30 minutes of my life I won't get back!

 

Here's a noob question: how do I confirm if I've been switched over to CGNAT?

 

I've previously been with an ISP which used CGNAT at the time (BigPipe) and don't recall any issues, but would like to know one way or another if we have been switched.

 

I get the point made many, many times in the thread that most customers won't be affected, and get that this is likely to include us; that said we have security cameras and aircon that can be accessed/controlled remotely, hence me wanting to be sure of our situation.

 

Thanks in advance.

 
 
 
 

Shop now for Dell laptops and other devices (affiliate link).
toejam316
1516 posts

Uber Geek
+1 received by user: 888

Trusted
Lifetime subscriber

  #2364695 2-Dec-2019 14:13
Send private message

Check your Modem/Routers WAN IP.
If it's in the range of 100.64.0.0/10 (100.64.0.0–100.127.255.255), you're a lucky winner and are on CG-NAT. Given what seems to be happening here, I suspect we're nearing the point now where if you don't explicitly have a public IP, you will have CG-NAT.




Join Quic Broadband with my referral - no sign up fee and gives me account credit

 

Anything I say is the ramblings of an ill informed, opinionated so-and-so, and not representative of any of my past, present or future employers, and is also probably best disregarded.

kiwijunglist
2983 posts

Uber Geek
+1 received by user: 135

ID Verified

  #2364696 2-Dec-2019 14:14
Send private message

Do your camera's require open ports or do they dial out. If they required open ports and they no longer work then you've probably been switched to cgnat.




HTPC / Home automation (home assistant) enthusiast.

NickMack
977 posts

Ultimate Geek
+1 received by user: 831

Trusted
In memoriam
Lifetime subscriber

  #2364697 2-Dec-2019 14:15
Send private message

jonathan18:

 

I've read over/skimmed all 21 pages of this thread - there's 30 minutes of my life I won't get back!

 

Here's a noob question: how do I confirm if I've been switched over to CGNAT?

 

I've previously been with an ISP which used CGNAT at the time (BigPipe) and don't recall any issues, but would like to know one way or another if we have been switched.

 

I get the point made many, many times in the thread that most customers won't be affected, and get that this is likely to include us; that said we have security cameras and aircon that can be accessed/controlled remotely, hence me wanting to be sure of our situation.

 

Thanks in advance.

 

 

Hi Jonathan18

 

As a matter of interest - is everything working for you, or has something stopped? 

 

 

 

Nick




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

joemate
59 posts

Master Geek
+1 received by user: 22

ID Verified

  #2364699 2-Dec-2019 14:18
Send private message

Compare the WAN IP allocated to your router with the one you see at whatsmyip.org

jonathan18
7415 posts

Uber Geek
+1 received by user: 2850

ID Verified
Trusted

  #2364702 2-Dec-2019 14:19
Send private message

Wow, those were some quick replies, thanks!

 

Thanks for the explanation on how to check; will do so when I'm home tonight.

 

Everything seems to be working at the moment; I just wanted to be aware of my situation in case something did stop working after the point I am switched, if this hasn't happened already (given it doesn't appear customers are getting any prior warning).

 
 
 
 

Shop now on AliExpress (affiliate link).
Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2364707 2-Dec-2019 14:28
Send private message

NickMack:

As a matter of interest - is everything working for you, or has something stopped? 


 


Nick



Sure signal count? ;)

Kidding, likely A vf whitelist reference missing

Possible the external ranges would be a mobile public allotment being used for land now? Would sure explain after getting 2 other ranges whitelisted prior to cgnat.

NickMack
977 posts

Ultimate Geek
+1 received by user: 831

Trusted
In memoriam
Lifetime subscriber

  #2364899 2-Dec-2019 15:07
Send private message

Oblivian:
NickMack:

 

As a matter of interest - is everything working for you, or has something stopped? 

 

Nick

 



Sure signal count? ;)

Kidding, likely A vf whitelist reference missing

Possible the external ranges would be a mobile public allotment being used for land now? Would sure explain after getting 2 other ranges whitelisted prior to cgnat.

 

:-) I wonder when VF will start offering VoWifi....




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

tanivula
998 posts

Ultimate Geek
+1 received by user: 158

Lifetime subscriber

  #2377005 17-Dec-2019 13:38
Send private message

Not sure if this has been discussed, how will this affect VoIP users?  I'm guessing people with 2deg VoIP landlines will be ok, but one of the reasons I've stuck with 2deg is because of the public IP for 2talk to work properly. 

cyril7
9075 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

  #2377010 17-Dec-2019 13:41
Send private message

Hi, most VOIP services will work just fine, infact 2Talk broadband is also .......................CG-NAT including for business connections.

 

Where issues do occur is if you have peered SIP trunks, but that is not what you have with a few standalone VOIP handsets in a residential or SME environment.

 

Cyril

1 | ... | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | ... | 32
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright