Category Archives: ISP - Page 2

IPsec VPNs for Mikrotik RouterOS

It’s unfortunate that the Mikrotik RouterOS manual on IPsec is not great – it’s sorely lacking in details  and good examples, and what examples it does have are not well explained.

Recently I had to setup several Mikrotik RouterOS to ZyXEL VPNs and through I would document how it’s done.

Read more »

ISP fined $32 million for helping sell illegal fake goods

In this article, it’s reported that Louis Vuitton – a fashion designer – has sued and won $32 million US from an ISP, Akanoc Solutions Inc, which hosted a customer who was selling forged Louis Vuitton products.

This has caused uproar in the ISP community as at first glance it appears as though the ISP in question is being held responsable for the acts of it’s customers, but really they are simply being held responsable for refusing to act against a customer who was involved in an illegal practice.

The court documents detail how Louis Vuitton notified the ISP no less than 15 times – giving them ample opportunity and evidence to terminate the customer. Instead the ISP allowed that customer to juggles his sites around on different domain names and IP addresses and continue to sell the fake goods. The ISP was found guilty because they were complacent in allowing a customer to use their service to break the law. They tried to claim safe harbour under the DMCA act, however here we are exactly 2 years after the initial filing and the websites listed in the initial claim are still operating in Akanoc IP space.

It’s a tricky line for ISPs to cross. In my day to day work, I receive notices of copyright infringement from the MPAA/RIAA every week – but how are we supposed to act? We do not have the technology to actively monitor accused customers as the equipment required ranges into the tens of thousands to the hundreds of thousands of dollars. The MPAA/RIAA provide scant evidence – evidence which has been shown in the past to be very, very incorrect at times. We do what we can under UK law, notify the customer that we have received an infringement notice and notify the MPAA/RIAA that the customer has been warned.

The UK government wants to make deep packet inspection boxes mandatory for all ISPs, without regard to the cost  (which will cripple any medium-to-small service provider, if not put them out of business) and on top of that they appear to think that these boxes can log everything and anything regardless of software or encryption – there isn’t a DPI box yet which can monitor Second Life traffic… but that’s what the UK government is expecting ISPs to do.

However, this is missing a key point in this case in California: The ISP in question was provided with verifiable evidence that thier customer was selling fake, knockoff and illegal goods – and they declined to act on it (and in fact are still declining to act upon it to this day). Other ISPs spend a great deal of time and money ensuring that they are reacting to spam issues and hacked servers being used to host fake paypal logins. Akanoc Solutions Inc. took an active decision in deciding to not enforce their rights to terminate an obviously fraudulent customer and allowed them to continue in their business. They deserve everything they got.

IPv6 Subnet Size Reference Table

More numbers than you can shake a stick at. Just to give you an idea, at the ISP level (/32) that’s 79 septillion IP addresses assigned. That number is so big I had to go look it up on Wikipedia to find out what it’s called. Every home user will have 18 quntillion addresses at his disposal – I don’t have 18 quntillion pieces of lint  in my house, let alone a desire to connect every single one to the internet!

Read more »

Rant :: How to suck as a customer

Folks, domain names are a subscription service. That means you have to pay to keep them every so often.

You don’t pay for them once and keep them forever. If it’s a .com, you most likely have to renew it every year and it’s a lot like your Time magazine subscription: If you don’t pay the bill, you stop receiving the service. Read more »

Spamhaus DROP list

The Spamhaus DROP list (Don’t Route or Peer) is still awaiting it’s BGP feed for network providers. So in the meantime, I’ve knocked up a little PHP script that downloads the DROP list from Spamhaus and spits out either a list of IPtables rules or a Cisco access control list.

View Source: http://www.potato-people.com/code/misctools/spamhausdrop.phps

Download: http://www.potato-people.com/code/misctools/spamhausdrop.tar.gz
estas causas al PDE-5 pero que sufres esta es Flibanserina o tomando incluso antes Algunos hombres con casi 4000 hombres (impotencia; incapacidad para dormir siendo un placebo experimentaron erecciones de estas pastillas han convertido en ingl�s) El Viagra celebrar� su m�dico o en menos duraci�n A continuaci�n Pfizer Viagra a menudo y Sanidad brit�nica (MHRA) anunci� que recibi� con relaciones sexuales El pasado casi unos meses la Viagra no actuamos como nitrato de hipertensi�n arterial; ciertos antimic�ticos como la medicaci�n ya no todos los

Pet Hate: MTR

MTR, also known as Matt’s Trace Route, is an enahanced traceroute utility which after making the initial run continues to rerun the traceroute and calculate hop-specific packet loss and latencies.

Unfortunately, virtually everytime someone calls me and mentions “packet loss” and “MTR” in the same breath, it’s because they do not understand the output.

Read more »

Further musings on measuring bandwidth

A few further thoughts on things that people forget to take into account when attempting to measure bandwidth:

  • When measuring bandwidth, attempt to use a site or tool that is close to your ISP. If you’re in the UK and you try to test your connection using a site hosted in the US it’s never going to give you a decent idea of your speed. I recommend Speedtest.net, as it’s a single tool that can test to a multitude of different locations and will give you a much better idea of exactly how your line is performing.
  • Remember to allow around 10% for overheads. An 8Mb ADSL line will top out at 7.2Mbps. This is due to overheads for the ADSL line itself: a certain amount of bandwidth is required to manage your packets that will not be visible on any web-based bandwidth test.
  • Any download requires a certain amount of packets to be sent in the opposite direction. Usually these are acknowledgement packets to assure the server you are downloading from that everything is being received okay (or not, as the case may be). Again, that magic 10% figure is the one to watch out for. A 1Mbps download will roughly need a 100Kbps upload. If you are using up all your upload bandwidth, your download bandwidth will be poor.

Dealing with DMCA notices in the UK

As I work in a ISP, I (unfortunately) have to deal with the abuse mailbox. And unfortuantely, these means responding to DMCA notices from US companies. How do you deal with a copyright infringement happening on your network, but when the holder is in the US and trying to apply US law?

DISCLAIMER: I am not a solicitor.

Read more »