I love Hughesnet for my internet servie - never down.
---------- Original Message ----------
From: Timothy Millunzi <tjmillunzi@xxxxxxxxx>
To: WarwickList@xxxxxxxxxxxxx
Subject: [The-L] Re: email and web blocking WBS
Date: Sat, 24 Nov 2018 12:11:55 -0500
Hi All,
Tim G. Makes some very good points, particularly about securing your router,
the first of your devices on your internet connection and the one generally
providing you with protection against outside malicious attacks. But just to be
clear, this thread has morphed a bit from its original question. The original
question was what can be done about WBS shared IP addresses being blacklisted
due to one or more Warwick users of that shared IP address having malware on
one or more of their devices and that malware is using the device to perform
prohibited network activity (generally email spamming). First, we could all
just make sure that we were all following best security practices (such as
locking down our routers as Tim G. explained and running a quality antivirus on
all our Apple, Windows and Android devices and never clicking on an unknown
link or loading a file from an unknown source, among other things). For this
to be effective everyone would have to also scan their devices for any malware
currently present and then remove that software before continuing on with good
security practices to ensure no new malware is introduced. Once our shared IP
addresses were no longer the source of “bad” Internet behavior, we
could get them removed from the blacklists and, as long as we stayed
“clean”, that would be the end of it. Second, WBS can move to
dedicated IP addresses, where each user will get their own unique IP address.
This will not eliminate the actual security issues where people are allowing
their devices to be “infected”, but it will isolate the negative
impact to that one user. Third, you can use a Proxy or VPN service to provide
you with a different external facing IP address (one that is not part of the
WBS shared address structure and thus not subject to the blacklisting). Only
the first of these options actually addresses the overall security of your home
network and the devices attached to it. I can have the tightest network
security in the world but if my daughter gives me a USB stick with some videos
of the grandkids on it and that stick is infected with a really good virus I
could end up transmitting all my user-ids and passwords up to some nefarious
site unless I have a quality antivirus installed to catch it. Network/computer
security is really quite complex. At one point in my career I was VP of
Operations and Support and Chief Security Officer for LiveVault Corporation.
That taught me that you can spend a lot of time and money on securing your
computers and Internet connected devices from all possible threats, but you do
have to consider the cost/benefit of anything you do (cost not only being in
dollars but in complexity/difficulty of doing what you want to do on the WEB).
While a bank or a credit card processing firm will be the explicit target of
many attacks, your home network and computers are not near as at risk. Taking
basic precautions is probably all most people will need to do: Making sure your
router and other devices are reasonably locked down (no passwords left at
default, no unnecessary ports or services open).
Run a quality Antivirus (there are several free antivirus packages along with
the more popular commercial products, Google “best freeware
antivirus” to get a list) on all your devices that allow it.
Follow good security practices. Don’t accept downloads from sites you
are not sure of, don’t open links you are not sure of, if you get an
email, even from someone you know, with a link or download you weren’t
already expecting, confirm separately with the person what it is. Don’t
respond to “phishing” email with any of you private information
(including user-ids and passwords, no reputable company will ask for these).
Don’t use a link given to you in an email to sign in to a financial or
store account (scammers will send you an email that looks legit and will embed
a link asking you to use it to sign in to verify some detail of your account,
the embedded link will take you to a site that looks EXACTLY like the actual
site except for a very small discrepancy in the URL; so you will go ahead and
try to sign in with with your user-id/password and - bingo - the scammer now
has you Citi Bank login credentials), instead always go to the site using your
own bookmark.
There are probably lots of other simple things you can do to make sure you
don’t fall victim to Internet fraud. If there is enough interest, maybe
WBS could host a get together to go over some of them. Regards, Tim M
On Nov 24, 2018, at 8:26 AM, Tim Gwinn <tim@xxxxxxxxxxx> wrote:If Brad's
estimate is right and this conversion to public IPs is completed "in a few
weeks" and if you are able to hang on and muddle through until then, I would
not see a need to sign up for a VPN. > wonder if all devices used (say computer
plus phone or ipad work all work seamlessly with a vpn. If you do use need to
get a VPN app, they install like any other program. E.g., I installed my proXPN
phone app from Google Play store, and it looks like the Apple store has VPN
apps as well. The app should be free since it is a service you are paying to
subscribe to, not the app per se. Once the app is installed, and you have
signed up with the VPN service provider, all you need to do usually is just to
log into the app with your VPN subscriber login. Then, there is usually just a
simple ON/OFF or ENABLE/DISABLE setting which turns the VPN routing on or off.
From then on, the app runs in the background and it should be seamless for all
your activity on the computer or device. So, its quite simple in most cases.
There are typically more options to play with, such as selecting which VPN
server location to use, but by default it should choose the geographically
nearest one. Some offer to enable the VPN on startup, so you don't have to
remember to do it. Things like that. The rest of the more advanced options can
usually be left at default. I personally dislike software that tries to act
like multiple things, such as a VPN+antivirus+buzzwordthis+buzzwordthat. Often
those packages do everything only so-so, rather than one thing well. It's also
added complexity to setup and maintain. So, I just want a VPN software that is
ONLY a VPN, and nothing else. That's just my bias. I agree with TimM - setting
up a VPN at the router level is not the preferred way to go. It is an option so
I wanted to mention it, but its more costly, and more complex. And again, if we
can hold out a few weeks, then this situation should ameliorate without making
hardware changes. Of course, with great power comes great responsibility. Once
we each have our own IP on the internet then every malicious actor on the
internet will be able to target our IP addresses directly. So, your router is
you main line of defense. Having a router is not enough, it needs to be secure.
There have been some routers with vulnerabiltiies int their firmware, which
actually make them insecure, and allow bad guys to get into your network or
take over the router and have it become part of a botnet.
E.g.,:https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mikrotik-routers-send-traffic-to-attackers/
So, a few things to check are:Change the factory default router login password
to something unique. (Although its not best practice, since we are concerned
about remote attackers, and not someone in your home, then you can write the
password on a piece of tape and stick it to the bottom of the router to make it
easier to find in case you forget it.)
Update the router firmware. (On some newer routers, you can check for the
latest firmware from the router menu, or it may automatically check
periodically, or can even be configured to do the updates automatically. On
older routers, you need to go to the manufacturers website, find the support
page for that router, look for the latest firmware, compare that version to
your current running version, download the new firmware if needed, then upload
it from your device to your router.)
Disable remote administration. (Remote administration allows accessing your
router setup login from anywhere in the world. Unless you absolutely need it,
disable remote administration of the router. That prevents bad guys from
breaking into router via that avenue of attack.)
Disable uPNP. (Unless you have a device/program that you know needs it, disable
it. Unfortunately, too many routers ship with it enabled by default.)
Disable all inbound ports & port-mapping. (Again, unless you have a
device/program that you know needs it, disable inbound ports. This disallows
inbound traffic from initiating from outside our router; we only want inbound
traffic to be as a result of something we initiate from our devices in the
internal side of our router (e.g., a webserver only sends a webpage to us as a
result of us initiating a request for that page). This -should- be the default
in all modern routers. It's just something to verify.)
Make sure the WBS connection is plugged into the WAN or INTERNET port on your
router. It should be the ONLY thing plugged into the WAN/INTERNET port. That's
the outward-facing port, so no other devices should be on that side. All our
devices should be connected over wifi or the ethernet jacks labeled LAN.
By default, your devices will get their DNS server from your router, DNS is how
devices send a lookup request to convert a sitename like www.google.com to an
IP address. Consider setting your DNS in your router to 9.9.9.9. This is a free
DNS service called Quad9 that it blocks known-bad IP addresses. So if someone
in your home accidentally clicks on a malicious link, when it tries to convert
evildomain.com (say) to an IP address by performing a DNS request, Quad9 will
not respond with an IP address if it knows that is a malicious site. So, it
prevents the user from ever getting redirected to the bad site. Quad9 also
doesn't retain any personally-identifiable info. See: https://www.quad9.net/
Unfortunately, each router manufacturer has wildly different router menus,
different firmware update methods, different features and abilities, etc., so
there's no way to create a universal step-by-step guide for router
configuration. Regards,TimG On Fri, Nov 23, 2018, at 8:11 PM, ear@xxxxxxxxxxx
wrote:Hi Tim, Thanks for this info. Many of us in town may end up scrambling
to do this... I'm wondering if there could be some kind of short mini-workshop
to talk folks thru setting up a VPN ; and wonder if all devices used (say
computer plus phone or ipad work all work seamlessly with a vpn. Or is there a
utube you could recommend ? On Thursday 22/11/2018 at 11:58 am, Tim Gwinn
wrote:FYI - One temporary workaround is to use a VPN (virtual private network)
app on your device, which will create an encrypted "tunnel" connection between
your device and a VPN server (which is not in the WBS IP range) somewhere else
on the internet. In short, it gives your device an entirely non-WBS IP address
on the internet, so that services that block or challenge you based on your IP
address will see this non-WBS IP address and thus not block nor pester you with
challenges. There are many VPN services like this out there. Some are free,
most have a monthly fee. I happen to use proXPN, which is around $7/mo. It
supports Windows, Mac, Android. https://secure.proxpn.com/index.php Here is a ;
very recent review comparison of VPNs by PC
Mag:https://www.pcmag.com/article2/0,2817,2403388,00.asp These apps run in the ;
background of your device, so once it is set up and enabled, its transparent,
and doesn't interfere with your normal activity. Issues that can occur are some
restricted bandwidth (but generally, WBS bandwidth is the limiting facotr), and
some services like Netflix may or may not allow connection over a VPN, since
VPNs are sometimes used to get around region/country specific pricing or
availability, and so services like Netflix may be wary of customers signing in
via VPNs. Regards,Tim Gwinn On Wed, Nov 21, 2018, at 10:42 PM, Mari Rovang
wrote:Jim, We are having the same I’m not a robot phenomenon any time we
try to access a website, or even use the online dictionary. Says it’s
detecting unqualified activity. Doesn’t happen in other locations. Also,
the photos are hazy and hard to interpret. Mari On Wed, Nov 21, 2018 at 7:34 PM
Jim McRae <jimmcraejim@xxxxxxxxx> wrote:Yes Rick. I also don't know what my
"credentials" are. Sorry to be so dense. I'm sure it's obvious to a whole lot
of folks. Also, several news locations ask me to confirm that I'm not a robot.
That has come up so frequently lately that I don't trust anyone enough to click
anything on command. What do folks know about that happening now. Any
manipulative requests around this? On Tue, Nov 13, 2018 at 5:21 PM David Young
<coordinator@xxxxxxxxxxxxxxxxxx> wrote:Warwick Broadband have an IP blacklist
problem. We almost cured it last month and now it is very much back. We need
everyone to change their email credentials and run antivirus protection.
We believe the blacklisting is caused by SPAM being sent from one or more
subscriber computers. But, it may be IP spoofing, using our customer’s
email credentials from a remote site. Fixing this requires running antivirus
software on your computers and keeping the protection current.
If this is happening remotely (meaning: not on our network) the fix is for
folks to change their email passwords. That way a remote server can’t
successfully pretend to be one of us.
Studying this today added another element to ponder: are websites blocking our
IPs because they see too many connections coming from it?
Options we are considering include implementation of carrier class network
address translation where customers are assigned to a unique port range which
means we can track down offenders with some snooping; using public IP4
addresses; or implementing public IP6 with support IP4). The advantage of the
public IP address use will be that only the “offender” will be
impacted by blacklisting.
David Young
Administrative Coordinator
Town of Warwick
978-729-3224 (mobile)
978-544-6315 (Selectboard office)
413-676-9544 (Broadband service)
From: warwicklist-bounce@xxxxxxxxxxxxx <warwicklist-bounce@xxxxxxxxxxxxx> On
Behalf Of narguimbauSent: Tuesday, November 13, 2018 2:35 PMTo:
WarwickList@freelists.orgSubject: [The-L] Re: - 10/27
My incoming email has been blocked since October 27. Don’t know why.
Trying to fix it.
Nick Arguimbau
Sent from Mail for Windows 10
____________________________________________________________
Gut Doctor "I Beg Americans To Throw Out This Vegetable Now"
food-frauds.com
http://thirdpartyoffers.netzero.net/TGL3241/5bf9b5e5c9c1b35e55c60st03duc
