Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30
833 posts

Ultimate Geek


  #2351498 11-Nov-2019 11:07
Send private message quote this post

BarTender:

 

... proir cutting their service over to CGNAT?

 

Nope, prior informing the customers.

 

Fairly sure an ISP port scanning a customer without prior consent would get into trouble with regards to the privacy act and the misuse of computers section of the crimes act.

 

According to the UKUSA agreement NZ is one of five eye states - you just let the other states spy on your citizens and you are clean. :-) And you don't have to read the content just to see traffic. A postman doesn't read the letters he brings ... usually.

 

Also assumes that the customer hasn't firewalled the source IP.

 

Either the customer is too stupid or he's not ... if not, he should be informed :-)





- ISP1: T-OneBox FTTH modem, 1/.5G, full DS, VLAN7, VoIP + ipTV streaming flat

 

- ISP2: 4G/LTE USB modem + TL-MR3020, 100/40M data plan (wireless fallback)

 

- NET: ZBOX nano router, 2 C2960X-48TS-L, 3 GWN7630/LR, EL1600, EL800

 

- SVR: E3C236 32G/24T, 2 H2 16G/500G, HC1 1T, N2 128G | HC2 14T, HC2 4T

 

- USR: DeskMini 310, NUC8i7HVK, Aspire E5, EliteBook 840, Galaxy Tab, 4K TV

 

- IoT (868MHz): 4 LoRaWAN GWs, CCU3 (openHAB), Vantage Pro 2 plus

 

- 3D: Ender-3, Ender-3 Pro, Ultimaker 2E+, Ultimaker 3, Ultimaker S5, MP-CNC

 

- ipPBX: GO-Box, 2 GRP2613, SPA112 (Fax & W-48, a 1948 Siemens phone)


2977 posts

Uber Geek

Trusted
Lifetime subscriber

  #2351507 11-Nov-2019 11:25
3 people support this post
Send private message quote this post

Tinkerisk:

 

BarTender: Fairly sure an ISP port scanning a customer without prior consent would get into trouble with regards to the privacy act and the misuse of computers section of the crimes act.

 

According to the UKUSA agreement NZ is one of five eye states - you just let the other states spy on your citizens and you are clean. :-) And you don't have to read the content just to see traffic. A postman doesn't read the letters he brings ... usually.

 

That's not how it works. 🤦 ISPs aren't part of the government security services and can't go capturing individual customer traffic (unless it is causing harm to the ISPs network as included quite often in the ISPs T&C's which this wouldn't apply) or performing an intrusive action against their connection without their consent or under a warrant. IANAL but I would think doing an unsolicited port scan of a customers connection would fall under the misuse of computers section of the crimes act and unless it was covered in the T&Cs which I highly doubt.

 

252 Accessing computer system without authorisation

 

(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.

 

 

You are either being obtuse or fail to understand the legal ramifications of an ISP doing a port scan across their entire customer base without prior consent or expressly written into their T&Cs.

 

Either the customer is too stupid or he's not ... if not, he should be informed :-)

 

Again you are completely avoiding the statement about the ramifications of notifying an entire customer base and the significant impact that would have on the service desk of a change that will impact a very minor percentage of their customer base.

 

Someone who has the smarts to open a firewall port should also have the smarts to diagnose what happened when it stops working.

 

And minor edit here on the above. If someone has opened port 22 to permit SSH, but then firewalled off the source IP to only be from nominated IP addresses. If an ISP gets through all the legal jeopardy and port scans you then they wouldn't / shouldn't (depending on how the firewall was setup) get a response when port scanning. Also what happens if they switch the connection off at night they would be no better off as the target customer wouldn't be notified. Doing a port scan with meaningful results across a whole customer base is a MASSIVE undertaking with little or no value.





and


 
 
 
 


28692 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2351510 11-Nov-2019 11:38
Send private message quote this post

BarTender:

 

If you ever needed a barometer of how much the impact is I always recommend going to the Facebook page of the provider. If it is seriously a problem then there would be at least 10-20 posts about it and everyone jumping on-board about how disgruntled they were. After a quick scroll of at least 10 pages I couldn't find even a single mention..... So what does that tell me?

 

 

It says that for 99.9% of users there will be zero impact as a result of this change.

 

 

 

 


833 posts

Ultimate Geek


  #2351722 11-Nov-2019 16:47
Send private message quote this post

BarTender: That's not how it works. 🤦

 

I was just a little bit sarcastic but this wasn't obvious enough - maybe. At the end I'm happy this (not noticing customers even when 0.0001%) can't happen were I live without serious consequences for the ISP if the distribution of static IPs would be handled like the wind blows - especially when communicated otherwise on a webpage before.





- ISP1: T-OneBox FTTH modem, 1/.5G, full DS, VLAN7, VoIP + ipTV streaming flat

 

- ISP2: 4G/LTE USB modem + TL-MR3020, 100/40M data plan (wireless fallback)

 

- NET: ZBOX nano router, 2 C2960X-48TS-L, 3 GWN7630/LR, EL1600, EL800

 

- SVR: E3C236 32G/24T, 2 H2 16G/500G, HC1 1T, N2 128G | HC2 14T, HC2 4T

 

- USR: DeskMini 310, NUC8i7HVK, Aspire E5, EliteBook 840, Galaxy Tab, 4K TV

 

- IoT (868MHz): 4 LoRaWAN GWs, CCU3 (openHAB), Vantage Pro 2 plus

 

- 3D: Ender-3, Ender-3 Pro, Ultimaker 2E+, Ultimaker 3, Ultimaker S5, MP-CNC

 

- ipPBX: GO-Box, 2 GRP2613, SPA112 (Fax & W-48, a 1948 Siemens phone)


2977 posts

Uber Geek

Trusted
Lifetime subscriber

  #2352041 12-Nov-2019 09:18
Send private message quote this post

Tinkerisk:

 

BarTender: That's not how it works. 🤦

 

I was just a little bit sarcastic but this wasn't obvious enough - maybe. At the end I'm happy this (not noticing customers even when 0.0001%) can't happen were I live without serious consequences for the ISP if the distribution of static IPs would be handled like the wind blows - especially when communicated otherwise on a webpage before.

 

 

Again it's not how this works.

 

Thinking about this from a purely practical point of view. After 2D have put in CGNAT a whole lot of their address space becomes available. Last time I looked at CGNAT in earnest depending on how your CGNAT box worked you would pre-allocate 100 ports per customer. Then when more than 20/100/whatever ports get established you allocate more port groups for the subscriber.

 

If you went for 100 ports per customer as default that would mean you could squeeze 163k customers into a single /24 (Assuming 252 usable IPs) (65000/100 = (650 * 252) = 163800). Again assuming 2D have that many fixed customers as I couldn't easily find their fixed customer count anywhere.

 

To then hand out a dozen or so "free" Static IPs for those who complain or start charging them $10 per month it is all money in the bank as either way you are far better off than you were beforehand in regards to IP address allocation if you were running very close to the line in regards to address availability.

 

If 2D were super smart and wanted to save on capital investment (which they may be??) they would leverage their existing mobile core CGNAT box which no doubt is over specified for the job with a new virtual router for fixed broadband and then pump from the fixed broadband BNGs to the Mobile CGNAT box and out to the internet. Savings all around and puts them into a place they will never run out of IPv4 addresses.

 

But the simple commercial reality is that it is still far far cheaper in time and effort to deal with the very small minority complaining here via the service desk than to put any effort into either sending out communications which would slam the service desk or doing any research into who runs services at home and trying to communicate with the smaller number directly knowing that any research would be significantly flawed or get them into legal hotwater.





and


4454 posts

Uber Geek

Trusted
Subscriber

  #2364693 2-Dec-2019 14:10
Send private message quote this post

I've read over/skimmed all 21 pages of this thread - there's 30 minutes of my life I won't get back!

 

Here's a noob question: how do I confirm if I've been switched over to CGNAT?

 

I've previously been with an ISP which used CGNAT at the time (BigPipe) and don't recall any issues, but would like to know one way or another if we have been switched.

 

I get the point made many, many times in the thread that most customers won't be affected, and get that this is likely to include us; that said we have security cameras and aircon that can be accessed/controlled remotely, hence me wanting to be sure of our situation.

 

Thanks in advance.


912 posts

Ultimate Geek

Trusted

  #2364695 2-Dec-2019 14:13
Send private message quote this post

Check your Modem/Routers WAN IP.
If it's in the range of 100.64.0.0/10 (100.64.0.0–100.127.255.255), you're a lucky winner and are on CG-NAT. Given what seems to be happening here, I suspect we're nearing the point now where if you don't explicitly have a public IP, you will have CG-NAT.




Anything I say is the ramblings of an ill informed, opinionated so-and-so, and not representative of any of my past, present or future employers, and is also probably best disregarded.


 
 
 
 


2867 posts

Uber Geek


  #2364696 2-Dec-2019 14:14
Send private message quote this post

Do your camera's require open ports or do they dial out. If they required open ports and they no longer work then you've probably been switched to cgnat.




HTPC / Home automation (home assistant) enthusiast.


621 posts

Ultimate Geek

Trusted
2degrees

  #2364697 2-Dec-2019 14:15
Send private message quote this post

jonathan18:

 

I've read over/skimmed all 21 pages of this thread - there's 30 minutes of my life I won't get back!

 

Here's a noob question: how do I confirm if I've been switched over to CGNAT?

 

I've previously been with an ISP which used CGNAT at the time (BigPipe) and don't recall any issues, but would like to know one way or another if we have been switched.

 

I get the point made many, many times in the thread that most customers won't be affected, and get that this is likely to include us; that said we have security cameras and aircon that can be accessed/controlled remotely, hence me wanting to be sure of our situation.

 

Thanks in advance.

 

 

Hi Jonathan18

 

As a matter of interest - is everything working for you, or has something stopped? 

 

 

 

Nick





11 posts

Geek


  #2364699 2-Dec-2019 14:18
Send private message quote this post

Compare the WAN IP allocated to your router with the one you see at whatsmyip.org


4454 posts

Uber Geek

Trusted
Subscriber

  #2364702 2-Dec-2019 14:19
Send private message quote this post

Wow, those were some quick replies, thanks!

 

Thanks for the explanation on how to check; will do so when I'm home tonight.

 

Everything seems to be working at the moment; I just wanted to be aware of my situation in case something did stop working after the point I am switched, if this hasn't happened already (given it doesn't appear customers are getting any prior warning).


3561 posts

Uber Geek


  #2364707 2-Dec-2019 14:28
Send private message quote this post

NickMack:

As a matter of interest - is everything working for you, or has something stopped? 


 


Nick



Sure signal count? ;)

Kidding, likely A vf whitelist reference missing

Possible the external ranges would be a mobile public allotment being used for land now? Would sure explain after getting 2 other ranges whitelisted prior to cgnat.

621 posts

Ultimate Geek

Trusted
2degrees

  #2364899 2-Dec-2019 15:07
One person supports this post
Send private message quote this post

Oblivian:
NickMack:

 

As a matter of interest - is everything working for you, or has something stopped? 

 

Nick

 



Sure signal count? ;)

Kidding, likely A vf whitelist reference missing

Possible the external ranges would be a mobile public allotment being used for land now? Would sure explain after getting 2 other ranges whitelisted prior to cgnat.

 

:-) I wonder when VF will start offering VoWifi....





627 posts

Ultimate Geek


  #2377005 17-Dec-2019 13:38
Send private message quote this post

Not sure if this has been discussed, how will this affect VoIP users?  I'm guessing people with 2deg VoIP landlines will be ok, but one of the reasons I've stuck with 2deg is because of the public IP for 2talk to work properly. 


7262 posts

Uber Geek

Trusted
Subscriber

  #2377010 17-Dec-2019 13:41
Send private message quote this post

Hi, most VOIP services will work just fine, infact 2Talk broadband is also .......................CG-NAT including for business connections.

 

Where issues do occur is if you have peered SIP trunks, but that is not what you have with a few standalone VOIP handsets in a residential or SME environment.

 

Cyril


1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Vodafone mobile data plans with unlimited data
Posted 26-Feb-2020 06:55


Vodafone launches innovation initiatives to help businesses use 5G
Posted 26-Feb-2020 05:00


Ultimate Ears HYPERBOOM brings massive sound and extreme bass
Posted 25-Feb-2020 09:00


Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.