Charter anyone?

[Brianzz]

Anyone else on Charter internet have problems getting here yesterday? I started about 10:30 AM EST yesterday morning and tried last at around 2:00 AM EST and kept getting the stupid charter search page saying the domain was invalid, everything seems fine today. I figured it must be a Charter problem because I went through the google cached pages and they had recent posts.

[StatFreak]

I'm not on Charter and had no unusual issues yesterday.

[Brianzz]

weird, must've been a localized problem. Like those cable outages when your cable is out and you call and tell them and they say "There's an outage in your area but it's not effecting you" riiiight.

[StatFreak]

weird, must've been a localized problem. Like those cable outages when your cable is out and you call and tell them and they say "There's an outage in your area but it's not effecting you" riiiight.

Roadrunner doesn't have problems like that. When there's an outtage, I call to inquire/complain and they tell me that everything's fine -- "there is no spoon".

Soapbox rant alert.

Of course, they're the same A-holes that secretly created a DNS landing zone and opted-in all of their customers without bothering to ask, or even bothering to tell anyone that they did it.    After all, why pester their customers with such pesky details?

They did set up an extremely hidden server to allow customers to opt out. That way, they satisfied the legal requirement, so that if any watchdog attorneys came sniffing around, they could point to their obscure server and exclaim, "SEE? we offer our customers a way to opt out of this crap; all they have to do is to go to this server and do so."

Of course, it took me six months to track it down, and Roadrunner tech support told me bald faced lies on three separate occasions when I called to ask why my firewall was being pounded every 8-10 seconds 24/7. I finally found the server though a post on an underground site! 

For anyone with Roadrunner who's interested, it's  http://ww23.rr.com  (Note that it's NOT "www dot", but "ww23 dot"). Then there's a teeny little link that says "opt in or out of this service" that you have to click on to opt out.

End of soapbox rant.

[jay]

Don't discount the possibility of a virus or other trojan that hijacks your DNS.

[stayouttadabunker]

Briefly, what is a "DNS landing zone"
and why is it maybe bad to be in one?

[StatFreak]

Briefly, what is a "DNS landing zone"
and why is it maybe bad to be in one?

There's nothing inherently bad about it. It a redirect that Roadrunner uses if you type a url that it can't find. Instead of getting a standard 404 error, you go to their somewhat friendlier page that "suggests" possible corrections to your "mistyped" address. The problem that I had with Roadrunner's landing zone service was three fold.

First, I really didn't want the redirects; they pissed me off. If I type the wrong thing, leave me alone. Most of the time, I didn't type the wrong url; it just wasn't there anymore, and I wanted to know that for certain or be able to type slightly different urls without the constant interruption.

Second, I don't like my ISP, or anyone, deciding what they think is best for me and implementing their solution without bringing me into the loop, and I especially don't like having them intrude on my machine without telling me and without my permission. I also don't like their slimy tactic of allowing a customer to opt out, but not telling anyone how to do so, and even lying to customers who call tech support asking questions.

Third, the entire time that I was "voluntarily" participating in their hidden service, they somehow got my machine to try to initiate contact with their server and it never stopped. My machine would start trying to get there as soon as it booted and would not stop until it was shut down. It would try several ports and cycle through them several times a minute. My firewall prevented connection, but it filled my damned log so fast that I couldn't clearly identify other more serious log events. You can understand why I thought that I had a Trojan Horse that was trying to transmit information from my machine to that of a hacker.   I wasn't about to let something like that go unchecked or uninvestigated.

During one phone call, after I had traced the IP, the Roadrunner techs admitted that the IP and site were theirs and that it was DNS related, but blew it off saying, "Oh yeah, that does have something to do with our DNS servers; you should just ignore it." Of course, this partial admission took place only after I had called several times, had confronted them directly about the specific IP, and had been escalated to tier II. They never admitted what it really was, or that I had the choice of opting out.


Okay, I'm not an internet guru, so someone explain this to me: It way MY computer that was initiating connection attempts to their server, but the moment that I opted out of their service on THEIR server, MY computer permanently stopped trying to connect. Keep in mind that my machine would initiate these connection attempts even when it was unplugged from the LAN/WAN. What commands or local service on my machine would they have been using to do this? (The opt in/out is definitely not cookie-related.)

[stayouttadabunker]

Click "Start", go to "Run", and type in>> msconfig <<

I'll betcha it was something under the folder tab "WIN.INI" that the ISP put in there
that causes your computer to run a connection attempt...   

[StatFreak]

Click "Start", go to "Run", and type in>> msconfig <<

I'll betcha it was something under the folder tab "WIN.INI" that the ISP put in there
that causes your computer to run a connection attempt...   

No. At least I never saw anything in there. I monitor all processes on my machine closely and have the task manager process page open at all times (I added TM to my startup). I have 59 processes at start up if all is nominal.

I also use Spybot S&D's startup page to quickly enable and disable registry start up items. I recommend this, btw. When you open the program and bring up this page, it lists all of your startup items along with descriptions and recommendations, if any. One simply clicks on the checkboxes to activate or deactivate any entries. If one wants to permanently remove an entry, the program will do that too. One can also create a "snapshot" of the current state. This is very useful as the program will then bold any entry that has been added or changed since the last snapshot. It's an easy way to see what has been added to your computer's startup arsenal.

The way that it works under the hood is to create a dummy registry key called "Run-" right next door to the MS Run key (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-). It then moves any unchecked items from the Run key into the Run- key, and vice-versa. This is very clever, as the the actual registry entries are left unaltered, but merely parked in an inactive key.

I have also disabled many of WindoZe unnecessary services using the MMC plugin. I keep a fairly close eye on them as well. Still, for all of this, I'm not an IT expert. I wasn't able to determine what they were doing on my machine.   I've never been sure how to tell what the multiple instances of legitimate "svchost.exe" were doing, and I've wondered if one of those was responsible..

[Brianzz]

Ok I can't access NLG from *ANY* Charter IP address. I tried all 5 of my neighbors wireless connections and get server not found errors. Although I can get here using a web surf proxy or a real proxy server. Really strange.

[StatFreak]

Ok I can't access NLG from *ANY* Charter IP address. I tried all 5 of my neighbors wireless connections and get server not found errors. Although I can get here using a web surf proxy or a real proxy server. Really strange.

Just curious. Which web surfing proxy are you using, and does it work well for you (bandwidth-wise, etc.)?

[Brianzz]

All those proxy sites suck, I had some pay proxy lists also but there's speed issues with all of them

[StatFreak]

All those proxy sites suck, I had some pay proxy lists also but there's speed issues with all of them

I'm still looking for one with enough bandwidth to stream video. I haven't found one yet, but then, I'm a cheapskate. I don't really want to pay for it.

[Brianzz]

The pay for proxy lists I had I used to use on yahoo chat ICMP flood people offline or take over voice chats using voice bots 

[CaptainHappy]

Ok I can't access NLG from *ANY* Charter IP address. I tried all 5 of my neighbors wireless connections and get server not found errors. Although I can get here using a web surf proxy or a real proxy server. Really strange.

Brian,

Two things....

1. Did your neighbors know you were leaching?  All mine use WEP or similar password protections! 

2. I am using Charter right now at My Mom's in Sparks/Reno NV and I am getting in OK on IE 6.0, not sure about earlier though. Not sure if I can help, but if you tell me something to look at I can for you.

CH

[brichter]

WEP can be hacked via an initialization vector crack in minutes using online tools...

[Brianzz]

these yokels around here wouldn't know a WEP from a WMD from a CMD, they're all open access, I should have seen if they were sharing files such as personal porn collections 

Things seem to be semi back to normal, I can get on at home again, for the time being.

I was using FF 3.5.2 on this laptop, IE 6.0 on one of the desktops and IE 7.0 on the other desktop and all were no go on any network, really weird. Maybe Charter was just PMS'ing

[StatFreak]

Just for giggles I checked my local wireless connections (re: neighbors) and found one with a completely open connection. I even know who they are because they used their family name for their router's ID. I browsed the internet for a few minutes on their nickel, and checked to see if they had any open shares on their local computer, not that I would have done anything. Idiots.

...Then I re-disabled my computer's wireless adapter.

[brichter]

Just for giggles I checked my local wireless connections (re: neighbors) and found one with a completely open connection. I even know who they are because they used their family name for their router's ID. I browsed the internet for a few minutes on their nickel, and checked to see if they had any open shares on their local computer, not that I would have done anything. Idiots.

...Then I re-disabled my computer's wireless adapter.

I usually look for the shared printer then send  a note to it, telling them to secure their network.

[jay]

One way of managing some of this better is to change the default IP range from the 192.168.... to another range of public addresses....10.50.20.xx
Disabling DHCP, and static addressing the machines. I subsequently then lock down the router to JUST the mac addresses of my devices.

So even if you are using WEP which is crackable It is unlikely (Not impossible) that you have been sniffing my network, figured out my IP range, cloned one of my mac addresses.

This is like bars on your windows.... it won't keep a true professional out but it will make a casual person look for softer targets.

[brichter]

Law of the jungle:

You don't have to be the fastest zebra in the herd when the lions show up, You just have to be faster than the slowest zebra in the herd.

[StatFreak]

One way of managing some of this better is to change the default IP range from the 192.168.... to another range of public addresses....10.50.20.xx
Disabling DHCP, and static addressing the machines. I subsequently then lock down the router to JUST the mac addresses of my devices.

So even if you are using WEP which is crackable It is unlikely (Not impossible) that you have been sniffing my network, figured out my IP range, cloned one of my mac addresses.

This is like bars on your windows.... it won't keep a true professional out but it will make a casual person look for softer targets.

(Shhhh. ) Funny, that's exactly what I do, but don't tell anybody. I use a 10 subnet (not saying what range, though). I not only lock out all non-assigned IP addresses from using the WAN, but from using the LAN as well. All LAN to LAN and LAN to WAN communications are spelled out explicitly in my firewall rules. In addition to everything that you've mentioned above, I have a 20+ character password (not saying how long) for my router, and it's a randomly generated hodgepodge of upper and lower case characters, numbers and symbols. In addition, the admin functions can't be accessed through the wireless; you have to have a hard-wired connection to log in. I think my porn is reasonably safe!