Hughesnet (and its competitor Exede) can be viable alternatives for rural
Internet access, but satellite based internet services come with several
caveats.
First, if you do anything that requires a low latency network, you will
generally be unhappy with satellite based internet. Latency refers to the time
it takes to make a round trip from your computer/device to the computer/device
you're talking to and then back again. Satellite networks have very high
latency of around 600–800ms ( or 0.6-0.8 seconds) which is caused by the long
distance your data has to cross wirelessly — around 88,000 miles for the round
trip between your home, the satellite, the source of your data and back again.
WBS latency is normally around 60-80ms, one tenth that of satellite.
An example of how this is important is if you want to use something like the
Verizon Wireless Network Extender, which gives you a small box that uses your
internet connection to provide localized cell phone coverage at your home.
With a satellite connection, you’ll be getting almost a one second delay in
your phone signal. So when you say “Hi” you won’t hear the answering “Hi” for
over a second. What’s even worse, instead of hearing your own echo over the
phone in just 60ms (so short of a time you won’t even notice that you are
hearing your echo) you'll hear it a half second or more after you've finished
speaking.
High latency also makes most high-end Internet gaming impossible, since your
response times will (relative to low latency connections) be ridiculously slow.
High latency also makes using a Remote Desktop connection very frustrating
(e.g your mouse lags a good second behind where you are actually pointing it,
ask me how I know).
Second, both satellite based service providers come with strict data limits
that control how much data you can download each month. When you exceed these
limits, you’ll still be able to download data, but the download speeds will be
very slow. For example, Hughesnet offers plans of 10GB, 20GB, 30GB and 50GB
per month. To put this in more understandable terms these would correspond to
5 hours, 10 hours, 15 hours and 25 hours of HD video downloaded per month. So
the 20GB plan would let you watch 4 or 5 HD movies each month. Note, you do
get an extra “free” 50GB of downloads during the off-peak time of 2am-8am, so
if you know how to schedule your downloads you can take advantage of this extra
data or if you’re willing to bing watch Castle Rock on Hulu at 4:00 am. WBS
gives you unlimited downloads.
Third, satellite providers achieve some of their speed by using very
sophisticated data compression technologies. Some data, like email, is very
compressible, other data like MP4 video is already compressed to some extent
and is therefore less compressible. The absolute worst data to try and
compress is VPN (Virtual Private Network) encrypted traffic. Since a good VPN
will make the data look like perfectly random white noise, the result of trying
to compress it will actually end up making the data volume bigger and slowing
the connection down rather than speeding it up. If your need to use a VPN to
access your corporate network from home (or you just want the extra security
that using a VPN provides) you will find that you’ll get less than expected
performance from your satellite network when using the VPN.
So you can see there are several “gotcha’s” when using a satellite internet
service provider. That being said, if you are just using email and doing some
web browsing, not doing a lot of video streaming, not into high-end gaming, not
using any type of VOIP (Voice Over Internet Protocol, such as the above Verizon
Network Extender) and not required to use a VPN, then Hughesnet or Exede may
work for you. Since I do most of the above (I’m not much of a “gamer”), I’ve
found that WBS better meets my needs. And it costs less.
Tim M
On Nov 24, 2018, at 3:33 PM, Barbara & Cary Noel <cbnoel_1@xxxxxxxxxxx> wrote:
I love Hughesnet for my internet servie - never down.
---------- Original Message ----------
From: Timothy Millunzi <tjmillunzi@xxxxxxxxx>
To: WarwickList@xxxxxxxxxxxxx
Subject: [The-L] Re: email and web blocking WBS
Date: Sat, 24 Nov 2018 12:11:55 -0500
Hi All,
Tim G. Makes some very good points, particularly about securing your router,
the first of your devices on your internet connection and the one generally
providing you with protection against outside malicious attacks.
But just to be clear, this thread has morphed a bit from its original
question. The original question was what can be done about WBS shared IP
addresses being blacklisted due to one or more Warwick users of that shared
IP address having malware on one or more of their devices and that malware is
using the device to perform prohibited network activity (generally email
spamming).
First, we could all just make sure that we were all following best security
practices (such as locking down our routers as Tim G. explained and running a
quality antivirus on all our Apple, Windows and Android devices and never
clicking on an unknown link or loading a file from an unknown source, among
other things). For this to be effective everyone would have to also scan
their devices for any malware currently present and then remove that software
before continuing on with good security practices to ensure no new malware is
introduced. Once our shared IP addresses were no longer the source of “bad”
Internet behavior, we could get them removed from the blacklists and, as long
as we stayed “clean”, that would be the end of it.
Second, WBS can move to dedicated IP addresses, where each user will get
their own unique IP address. This will not eliminate the actual security
issues where people are allowing their devices to be “infected”, but it will
isolate the negative impact to that one user.
Third, you can use a Proxy or VPN service to provide you with a different
external facing IP address (one that is not part of the WBS shared address
structure and thus not subject to the blacklisting).
Only the first of these options actually addresses the overall security of
your home network and the devices attached to it. I can have the tightest
network security in the world but if my daughter gives me a USB stick with
some videos of the grandkids on it and that stick is infected with a really
good virus I could end up transmitting all my user-ids and passwords up to
some nefarious site unless I have a quality antivirus installed to catch it.
Network/computer security is really quite complex. At one point in my career
I was VP of Operations and Support and Chief Security Officer for LiveVault
Corporation. That taught me that you can spend a lot of time and money on
securing your computers and Internet connected devices from all possible
threats, but you do have to consider the cost/benefit of anything you do
(cost not only being in dollars but in complexity/difficulty of doing what
you want to do on the WEB). While a bank or a credit card processing firm
will be the explicit target of many attacks, your home network and computers
are not near as at risk. Taking basic precautions is probably all most
people will need to do:
• Making sure your router and other devices are reasonably locked down
(no passwords left at default, no unnecessary ports or services open).
• Run a quality Antivirus (there are several free antivirus packages
along with the more popular commercial products, Google “best freeware
antivirus” to get a list) on all your devices that allow it.
• Follow good security practices. Don’t accept downloads from sites
you are not sure of, don’t open links you are not sure of, if you get an
email, even from someone you know, with a link or download you weren’t
already expecting, confirm separately with the person what it is. Don’t
respond to “phishing” email with any of you private information (including
user-ids and passwords, no reputable company will ask for these). Don’t use
a link given to you in an email to sign in to a financial or store account
(scammers will send you an email that looks legit and will embed a link
asking you to use it to sign in to verify some detail of your account, the
embedded link will take you to a site that looks EXACTLY like the actual site
except for a very small discrepancy in the URL; so you will go ahead and try
to sign in with with your user-id/password and - bingo - the scammer now has
you Citi Bank login credentials), instead always go to the site using your
own bookmark.
There are probably lots of other simple things you can do to make sure you
don’t fall victim to Internet fraud. If there is enough interest, maybe WBS
could host a get together to go over some of them.
Regards, Tim M
On Nov 24, 2018, at 8:26 AM, Tim Gwinn <tim@xxxxxxxxxxx> wrote:
If Brad's estimate is right and this conversion to public IPs is completed
"in a few weeks" and if you are able to hang on and muddle through until
then, I would not see a need to sign up for a VPN.
wonder if all devices used (say computer plus phone or ipad work all work
seamlessly with a vpn.
If you do use need to get a VPN app, they install like any other program.
E.g., I installed my proXPN phone app from Google Play store, and it looks
like the Apple store has VPN apps as well. The app should be free since it is
a service you are paying to subscribe to, not the app per se.
Once the app is installed, and you have signed up with the VPN service
provider, all you need to do usually is just to log into the app with your
VPN subscriber login. Then, there is usually just a simple ON/OFF or
ENABLE/DISABLE setting which turns the VPN routing on or off. From then on,
the app runs in the background and it should be seamless for all your
activity on the computer or device. So, its quite simple in most cases.
There are typically more options to play with, such as selecting which VPN
server location to use, but by default it should choose the geographically
nearest one. Some offer to enable the VPN on startup, so you don't have to
remember to do it. Things like that. The rest of the more advanced options
can usually be left at default.
I personally dislike software that tries to act like multiple things, such as
a VPN+antivirus+buzzwordthis+buzzwordthat. Often those packages do everything
only so-so, rather than one thing well. It's also added complexity to setup
and maintain. So, I just want a VPN software that is ONLY a VPN, and nothing
else. That's just my bias.
I agree with TimM - setting up a VPN at the router level is not the preferred
way to go. It is an option so I wanted to mention it, but its more costly,
and more complex. And again, if we can hold out a few weeks, then this
situation should ameliorate without making hardware changes.
Of course, with great power comes great responsibility. Once we each have our
own IP on the internet then every malicious actor on the internet will be
able to target our IP addresses directly. So, your router is you main line of
defense. Having a router is not enough, it needs to be secure. There have
been some routers with vulnerabiltiies int their firmware, which actually
make them insecure, and allow bad guys to get into your network or take over
the router and have it become part of a botnet. E.g.,:
https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mikrotik-routers-send-traffic-to-attackers/
So, a few things to check are:
• Change the factory default router login password to something unique.
(Although its not best practice, since we are concerned about remote
attackers, and not someone in your home, then you can write the password on a
piece of tape and stick it to the bottom of the router to make it easier to
find in case you forget it.)
• Update the router firmware. (On some newer routers, you can check for
the latest firmware from the router menu, or it may automatically check
periodically, or can even be configured to do the updates automatically. On
older routers, you need to go to the manufacturers website, find the support
page for that router, look for the latest firmware, compare that version to
your current running version, download the new firmware if needed, then
upload it from your device to your router.)
• Disable remote administration. (Remote administration allows
accessing your router setup login from anywhere in the world. Unless you
absolutely need it, disable remote administration of the router. That
prevents bad guys from breaking into router via that avenue of attack.)
• Disable uPNP. (Unless you have a device/program that you know needs
it, disable it. Unfortunately, too many routers ship with it enabled by
default.)
• Disable all inbound ports & port-mapping. (Again, unless you have a
device/program that you know needs it, disable inbound ports. This disallows
inbound traffic from initiating from outside our router; we only want inbound
traffic to be as a result of something we initiate from our devices in the
internal side of our router (e.g., a webserver only sends a webpage to us as
a result of us initiating a request for that page). This -should- be the
default in all modern routers. It's just something to verify.)
• Make sure the WBS connection is plugged into the WAN or INTERNET port
on your router. It should be the ONLY thing plugged into the WAN/INTERNET
port. That's the outward-facing port, so no other devices should be on that
side. All our devices should be connected over wifi or the ethernet jacks
labeled LAN.
• By default, your devices will get their DNS server from your router,
DNS is how devices send a lookup request to convert a sitename like
www.google.com to an IP address. Consider setting your DNS in your router to
9.9.9.9. This is a free DNS service called Quad9 that it blocks known-bad IP
addresses. So if someone in your home accidentally clicks on a malicious
link, when it tries to convert evildomain.com (say) to an IP address by
performing a DNS request, Quad9 will not respond with an IP address if it
knows that is a malicious site. So, it prevents the user from ever getting
redirected to the bad site. Quad9 also doesn't retain any
personally-identifiable info. See: https://www.quad9.net/
Unfortunately, each router manufacturer has wildly different router menus,
different firmware update methods, different features and abilities, etc., so
there's no way to create a universal step-by-step guide for router
configuration.
Regards,
TimG
On Fri, Nov 23, 2018, at 8:11 PM, ear@xxxxxxxxxxx wrote:
Hi Tim, Thanks for this info. Many of us in town may end up scrambling to
do this... I'm wondering if there could be some kind of short mini-workshop
to talk folks thru setting up a VPN ; and wonder if all devices used (say
computer plus phone or ipad work all work seamlessly with a vpn. Or is there
a utube you could recommend ?
On Thursday 22/11/2018 at 11:58 am, Tim Gwinn wrote:
FYI -
One temporary workaround is to use a VPN (virtual private network) app on
your device, which will create an encrypted "tunnel" connection between your
device and a VPN server (which is not in the WBS IP range) somewhere else on
the internet. In short, it gives your device an entirely non-WBS IP address
on the internet, so that services that block or challenge you based on your
IP address will see this non-WBS IP address and thus not block nor pester you
with challenges.
There are many VPN services like this out there. Some are free, most have a
monthly fee. I happen to use proXPN, which is around $7/mo. It supports
Windows, Mac, Android.
https://secure.proxpn.com/index.php
Here is a very recent review comparison of VPNs by PC Mag:
https://www.pcmag.com/article2/0,2817,2403388,00.asp
These apps run in the background of your device, so once it is set up and
enabled, its transparent, and doesn't interfere with your normal activity.
Issues that can occur are some restricted bandwidth (but generally, WBS
bandwidth is the limiting facotr), and some services like Netflix may or may
not allow connection over a VPN, since VPNs are sometimes used to get around
region/country specific pricing or availability, and so services like Netflix
may be wary of customers signing in via VPNs.
Regards,
Tim Gwinn
On Wed, Nov 21, 2018, at 10:42 PM, Mari Rovang wrote:
Jim,
We are having the same I’m not a robot phenomenon any time we try to access
a website, or even use the online dictionary. Says it’s detecting unqualified
activity. Doesn’t happen in other locations. Also, the photos are hazy and
hard to interpret.
Mari
On Wed, Nov 21, 2018 at 7:34 PM Jim McRae <jimmcraejim@xxxxxxxxx> wrote:
Yes Rick. I also don't know what my "credentials" are. Sorry to be so dense.
I'm sure it's obvious to a whole lot of folks.
Also, several news locations ask me to confirm that I'm not a robot. That
has come up so frequently lately that I don't trust anyone enough to click
anything on command. What do folks know about that happening now. Any
manipulative requests around this?
On Tue, Nov 13, 2018 at 5:21 PM David Young <coordinator@xxxxxxxxxxxxxxxxxx>
wrote:
Warwick Broadband have an IP blacklist problem. We almost cured it last month
and now it is very much back. We need everyone to change their email
credentials and run antivirus protection.
We believe the blacklisting is caused by SPAM being sent from one or more
subscriber computers. But, it may be IP spoofing, using our customer’s email
credentials from a remote site. Fixing this requires running antivirus
software on your computers and keeping the protection current.
If this is happening remotely (meaning: not on our network) the fix is for
folks to change their email passwords. That way a remote server can’t
successfully pretend to be one of us.
Studying this today added another element to ponder: are websites blocking
our IPs because they see too many connections coming from it?
Options we are considering include implementation of carrier class network
address translation where customers are assigned to a unique port range which
means we can track down offenders with some snooping; using public IP4
addresses; or implementing public IP6 with support IP4). The advantage of the
public IP address use will be that only the “offender” will be impacted by
blacklisting.
David Young
Administrative Coordinator
Town of Warwick
978-729-3224 (mobile)
978-544-6315 (Selectboard office)
413-676-9544 (Broadband service)
From: warwicklist-bounce@xxxxxxxxxxxxx <warwicklist-bounce@xxxxxxxxxxxxx> On
Behalf Of narguimbau
Sent: Tuesday, November 13, 2018 2:35 PM
To: WarwickList@xxxxxxxxxxxxx
Subject: [The-L] Re: - 10/27
My incoming email has been blocked since October 27. Don’t know why. Trying
to fix it.
Nick Arguimbau
Sent from Mail for Windows 10
____________________________________________________________
Gut Doctor "I Beg Americans To Throw Out This Vegetable Now"
food-frauds.com
http://thirdpartyoffers.netzero.net/TGL3242/5bf9b5e5c9c1b35e55c60st03duc
