Hi Steve,
Yes, Hughesnet does offer Hughesnet Voice, but that is their own proprietary
VOIP service that uses a separate dedicated side band to help minimize latency
and uses additional technology (such as echo suppression) to minimize
detectable voice delay. Non Hughesnet VOIP devices (such as my Verizon Network
Extender or my AT&T Microcell) are not able to make use of their proprietary
side band channel or other special VOIP optimizations. And their VOIP
enhancements do nothing to address the latency issues with Remote Desktop
software and gaming.
As I said, there is any number of folks for which either Hughesnet or Exede is
a perfectly good Internet solution so it does not surprise me that you are
happy with your service.
In my case, I generally require low latency connections and simply can’t use
the satellite based services. It’s a matter of physics. The satellites are in
geosynchronous orbits about 22,000 miles above the earth. So any round trip
has to go from your dish to the satellite, then down from the satellite to its
ground station, out over the normal Internet and back to the ground station,
back up to the satellite then back down to your dish. Since the satellite is
over 22,000 miles above the earth those four trips to/from the satellite add up
to over 88,000 miles (not doing the actual trig here to keep things simple but
you are not actually directly under the satillite so the distances would be
greater). Now the speed of light is 186,000 miles per second so the radio
signal can not exceed this on its bouncing path. So 88000/186000 gives you an
absolute minimum latency of 473ms, which doesn’t include any of the switching
overhead or land based traffic time. This is not acceptable for my usage, but
again your milage my vary.
Regards, Tim M
On Nov 24, 2018, at 8:27 PM, Stephen Ruggiero (Redacted sender "steverug43"
for DMARC) <dmarc-noreply@xxxxxxxxxxxxx> wrote:
Not sure if you have used the new gen5 hughesnet but i have phone service
with it as well and am on the phone all day on business and have no problem
with delay . I also have never had service problems and am happy with my
speeds downloading and uploading. Have had it for 9 years and never missed
any work days and yes WBS has no limit on downloads, when it's working. You
get what you pay for.
Steve R
On Saturday, November 24, 2018, 7:01:35 PM EST, Timothy Millunzi
<tjmillunzi@xxxxxxxxx> wrote:
Hughesnet (and its competitor Exede) can be viable alternatives for rural
Internet access, but satellite based internet services come with several
caveats.
First, if you do anything that requires a low latency network, you will
generally be unhappy with satellite based internet. Latency refers to the
time it takes to make a round trip from your computer/device to the
computer/device you're talking to and then back again. Satellite networks
have very high latency of around 600–800ms ( or 0.6-0.8 seconds) which is
caused by the long distance your data has to cross wirelessly — around 88,000
miles for the round trip between your home, the satellite, the source of your
data and back again. WBS latency is normally around 60-80ms, one tenth that
of satellite.
An example of how this is important is if you want to use something like the
Verizon Wireless Network Extender, which gives you a small box that uses
your internet connection to provide localized cell phone coverage at your
home. With a satellite connection, you’ll be getting almost a one second
delay in your phone signal. So when you say “Hi” you won’t hear the
answering “Hi” for over a second. What’s even worse, instead of hearing your
own echo over the phone in just 60ms (so short of a time you won’t even
notice that you are hearing your echo) you'll hear it a half second or more
after you've finished speaking.
High latency also makes most high-end Internet gaming impossible, since your
response times will (relative to low latency connections) be ridiculously
slow. High latency also makes using a Remote Desktop connection very
frustrating (e.g your mouse lags a good second behind where you are actually
pointing it, ask me how I know).
Second, both satellite based service providers come with strict data limits
that control how much data you can download each month. When you exceed
these limits, you’ll still be able to download data, but the download speeds
will be very slow. For example, Hughesnet offers plans of 10GB, 20GB, 30GB
and 50GB per month. To put this in more understandable terms these would
correspond to 5 hours, 10 hours, 15 hours and 25 hours of HD video downloaded
per month. So the 20GB plan would let you watch 4 or 5 HD movies each month.
Note, you do get an extra “free” 50GB of downloads during the off-peak time
of 2am-8am, so if you know how to schedule your downloads you can take
advantage of this extra data or if you’re willing to bing watch Castle Rock
on Hulu at 4:00 am. WBS gives you unlimited downloads.
Third, satellite providers achieve some of their speed by using very
sophisticated data compression technologies. Some data, like email, is very
compressible, other data like MP4 video is already compressed to some extent
and is therefore less compressible. The absolute worst data to try and
compress is VPN (Virtual Private Network) encrypted traffic. Since a good
VPN will make the data look like perfectly random white noise, the result of
trying to compress it will actually end up making the data volume bigger and
slowing the connection down rather than speeding it up. If your need to use
a VPN to access your corporate network from home (or you just want the extra
security that using a VPN provides) you will find that you’ll get less than
expected performance from your satellite network when using the VPN.
So you can see there are several “gotcha’s” when using a satellite internet
service provider. That being said, if you are just using email and doing
some web browsing, not doing a lot of video streaming, not into high-end
gaming, not using any type of VOIP (Voice Over Internet Protocol, such as the
above Verizon Network Extender) and not required to use a VPN, then Hughesnet
or Exede may work for you. Since I do most of the above (I’m not much of a
“gamer”), I’ve found that WBS better meets my needs. And it costs less.
Tim M
On Nov 24, 2018, at 3:33 PM, Barbara & Cary Noel <cbnoel_1@xxxxxxxxxxx
<mailto:cbnoel_1@xxxxxxxxxxx>> wrote:
I love Hughesnet for my internet servie - never down.
---------- Original Message ----------
From: Timothy Millunzi <tjmillunzi@xxxxxxxxx <mailto:tjmillunzi@xxxxxxxxx>>
To: WarwickList@xxxxxxxxxxxxx <mailto:WarwickList@xxxxxxxxxxxxx>
Subject: [The-L] Re: email and web blocking WBS
Date: Sat, 24 Nov 2018 12:11:55 -0500
Hi All,
Tim G. Makes some very good points, particularly about securing your router,
the first of your devices on your internet connection and the one generally
providing you with protection against outside malicious attacks.
But just to be clear, this thread has morphed a bit from its original
question. The original question was what can be done about WBS shared IP
addresses being blacklisted due to one or more Warwick users of that shared
IP address having malware on one or more of their devices and that malware
is using the device to perform prohibited network activity (generally email
spamming).
First, we could all just make sure that we were all following best security
practices (such as locking down our routers as Tim G. explained and running
a quality antivirus on all our Apple, Windows and Android devices and never
clicking on an unknown link or loading a file from an unknown source, among
other things). For this to be effective everyone would have to also scan
their devices for any malware currently present and then remove that
software before continuing on with good security practices to ensure no new
malware is introduced. Once our shared IP addresses were no longer the
source of “bad” Internet behavior, we could get them removed from the
blacklists and, as long as we stayed “clean”, that would be the end of it.
Second, WBS can move to dedicated IP addresses, where each user will get
their own unique IP address. This will not eliminate the actual security
issues where people are allowing their devices to be “infected”, but it will
isolate the negative impact to that one user.
Third, you can use a Proxy or VPN service to provide you with a different
external facing IP address (one that is not part of the WBS shared address
structure and thus not subject to the blacklisting).
Only the first of these options actually addresses the overall security of
your home network and the devices attached to it. I can have the tightest
network security in the world but if my daughter gives me a USB stick with
some videos of the grandkids on it and that stick is infected with a really
good virus I could end up transmitting all my user-ids and passwords up to
some nefarious site unless I have a quality antivirus installed to catch it.
Network/computer security is really quite complex. At one point in my
career I was VP of Operations and Support and Chief Security Officer for
LiveVault Corporation. That taught me that you can spend a lot of time and
money on securing your computers and Internet connected devices from all
possible threats, but you do have to consider the cost/benefit of anything
you do (cost not only being in dollars but in complexity/difficulty of doing
what you want to do on the WEB). While a bank or a credit card processing
firm will be the explicit target of many attacks, your home network and
computers are not near as at risk. Taking basic precautions is probably all
most people will need to do:
• Making sure your router and other devices are reasonably locked down
(no passwords left at default, no unnecessary ports or services open).
• Run a quality Antivirus (there are several free antivirus packages
along with the more popular commercial products, Google “best freeware
antivirus” to get a list) on all your devices that allow it.
• Follow good security practices. Don’t accept downloads from sites
you are not sure of, don’t open links you are not sure of, if you get an
email, even from someone you know, with a link or download you weren’t
already expecting, confirm separately with the person what it is. Don’t
respond to “phishing” email with any of you private information (including
user-ids and passwords, no reputable company will ask for these). Don’t use
a link given to you in an email to sign in to a financial or store account
(scammers will send you an email that looks legit and will embed a link
asking you to use it to sign in to verify some detail of your account, the
embedded link will take you to a site that looks EXACTLY like the actual
site except for a very small discrepancy in the URL; so you will go ahead
and try to sign in with with your user-id/password and - bingo - the scammer
now has you Citi Bank login credentials), instead always go to the site
using your own bookmark.
There are probably lots of other simple things you can do to make sure you
don’t fall victim to Internet fraud. If there is enough interest, maybe WBS
could host a get together to go over some of them.
Regards, Tim M
On Nov 24, 2018, at 8:26 AM, Tim Gwinn <tim@xxxxxxxxxxx
<mailto:tim@xxxxxxxxxxx>> wrote:
If Brad's estimate is right and this conversion to public IPs is completed
"in a few weeks" and if you are able to hang on and muddle through until
then, I would not see a need to sign up for a VPN.
wonder if all devices used (say computer plus phone or ipad work all work
seamlessly with a vpn.
If you do use need to get a VPN app, they install like any other program.
E.g., I installed my proXPN phone app from Google Play store, and it looks
like the Apple store has VPN apps as well. The app should be free since it
is a service you are paying to subscribe to, not the app per se.
Once the app is installed, and you have signed up with the VPN service
provider, all you need to do usually is just to log into the app with your
VPN subscriber login. Then, there is usually just a simple ON/OFF or
ENABLE/DISABLE setting which turns the VPN routing on or off. From then on,
the app runs in the background and it should be seamless for all your
activity on the computer or device. So, its quite simple in most cases.
There are typically more options to play with, such as selecting which VPN
server location to use, but by default it should choose the geographically
nearest one. Some offer to enable the VPN on startup, so you don't have to
remember to do it. Things like that. The rest of the more advanced options
can usually be left at default.
I personally dislike software that tries to act like multiple things, such
as a VPN+antivirus+buzzwordthis+buzzwordthat. Often those packages do
everything only so-so, rather than one thing well. It's also added
complexity to setup and maintain. So, I just want a VPN software that is
ONLY a VPN, and nothing else. That's just my bias.
I agree with TimM - setting up a VPN at the router level is not the
preferred way to go. It is an option so I wanted to mention it, but its more
costly, and more complex. And again, if we can hold out a few weeks, then
this situation should ameliorate without making hardware changes.
Of course, with great power comes great responsibility. Once we each have
our own IP on the internet then every malicious actor on the internet will
be able to target our IP addresses directly. So, your router is you main
line of defense. Having a router is not enough, it needs to be secure. There
have been some routers with vulnerabiltiies int their firmware, which
actually make them insecure, and allow bad guys to get into your network or
take over the router and have it become part of a botnet. E.g.,:
https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mikrotik-routers-send-traffic-to-attackers/
So, a few things to check are:
• Change the factory default router login password to something unique.
(Although its not best practice, since we are concerned about remote
attackers, and not someone in your home, then you can write the password on
a piece of tape and stick it to the bottom of the router to make it easier
to find in case you forget it.)
• Update the router firmware. (On some newer routers, you can check for
the latest firmware from the router menu, or it may automatically check
periodically, or can even be configured to do the updates automatically. On
older routers, you need to go to the manufacturers website, find the support
page for that router, look for the latest firmware, compare that version to
your current running version, download the new firmware if needed, then
upload it from your device to your router.)
• Disable remote administration. (Remote administration allows
accessing your router setup login from anywhere in the world. Unless you
absolutely need it, disable remote administration of the router. That
prevents bad guys from breaking into router via that avenue of attack.)
• Disable uPNP. (Unless you have a device/program that you know needs
it, disable it. Unfortunately, too many routers ship with it enabled by
default.)
• Disable all inbound ports & port-mapping. (Again, unless you have a
device/program that you know needs it, disable inbound ports. This disallows
inbound traffic from initiating from outside our router; we only want
inbound traffic to be as a result of something we initiate from our devices
in the internal side of our router (e.g., a webserver only sends a webpage
to us as a result of us initiating a request for that page). This -should-
be the default in all modern routers. It's just something to verify.)
• Make sure the WBS connection is plugged into the WAN or INTERNET port
on your router. It should be the ONLY thing plugged into the WAN/INTERNET
port. That's the outward-facing port, so no other devices should be on that
side. All our devices should be connected over wifi or the ethernet jacks
labeled LAN.
• By default, your devices will get their DNS server from your router,
DNS is how devices send a lookup request to convert a sitename like
www.google.com to an IP address. Consider setting your DNS in your router to
9.9.9.9. This is a free DNS service called Quad9 that it blocks known-bad IP
addresses. So if someone in your home accidentally clicks on a malicious
link, when it tries to convert evildomain.com (say) to an IP address by
performing a DNS request, Quad9 will not respond with an IP address if it
knows that is a malicious site. So, it prevents the user from ever getting
redirected to the bad site. Quad9 also doesn't retain any
personally-identifiable info. See: https://www.quad9.net/
Unfortunately, each router manufacturer has wildly different router menus,
different firmware update methods, different features and abilities, etc.,
so there's no way to create a universal step-by-step guide for router
configuration.
Regards,
TimG
On Fri, Nov 23, 2018, at 8:11 PM, ear@xxxxxxxxxxx wrote:
Hi Tim, Thanks for this info. Many of us in town may end up scrambling to
do this... I'm wondering if there could be some kind of short mini-workshop
to talk folks thru setting up a VPN ; and wonder if all devices used (say
computer plus phone or ipad work all work seamlessly with a vpn. Or is there
a utube you could recommend ?
On Thursday 22/11/2018 at 11:58 am, Tim Gwinn wrote:
FYI -
One temporary workaround is to use a VPN (virtual private network) app on
your device, which will create an encrypted "tunnel" connection between
your device and a VPN server (which is not in the WBS IP range) somewhere
else on the internet. In short, it gives your device an entirely non-WBS IP
address on the internet, so that services that block or challenge you based
on your IP address will see this non-WBS IP address and thus not block nor
pester you with challenges.
There are many VPN services like this out there. Some are free, most have a
monthly fee. I happen to use proXPN, which is around $7/mo. It supports
Windows, Mac, Android.
https://secure.proxpn.com/index.php
Here is a very recent review comparison of VPNs by PC Mag:
https://www.pcmag.com/article2/0,2817,2403388,00.asp
These apps run in the background of your device, so once it is set up and
enabled, its transparent, and doesn't interfere with your normal activity.
Issues that can occur are some restricted bandwidth (but generally, WBS
bandwidth is the limiting facotr), and some services like Netflix may or may
not allow connection over a VPN, since VPNs are sometimes used to get around
region/country specific pricing or availability, and so services like
Netflix may be wary of customers signing in via VPNs.
Regards,
Tim Gwinn
On Wed, Nov 21, 2018, at 10:42 PM, Mari Rovang wrote:
Jim,
We are having the same I’m not a robot phenomenon any time we try to access
a website, or even use the online dictionary. Says it’s detecting
unqualified activity. Doesn’t happen in other locations. Also, the photos
are hazy and hard to interpret.
Mari
On Wed, Nov 21, 2018 at 7:34 PM Jim McRae <jimmcraejim@xxxxxxxxx> wrote:
Yes Rick. I also don't know what my "credentials" are. Sorry to be so
dense. I'm sure it's obvious to a whole lot of folks.
Also, several news locations ask me to confirm that I'm not a robot. That
has come up so frequently lately that I don't trust anyone enough to click
anything on command. What do folks know about that happening now. Any
manipulative requests around this?
On Tue, Nov 13, 2018 at 5:21 PM David Young <coordinator@xxxxxxxxxxxxxxxxxx>
wrote:
Warwick Broadband have an IP blacklist problem. We almost cured it last
month and now it is very much back. We need everyone to change their email
credentials and run antivirus protection.
We believe the blacklisting is caused by SPAM being sent from one or more
subscriber computers. But, it may be IP spoofing, using our customer’s email
credentials from a remote site. Fixing this requires running antivirus
software on your computers and keeping the protection current.
If this is happening remotely (meaning: not on our network) the fix is for
folks to change their email passwords. That way a remote server can’t
successfully pretend to be one of us.
Studying this today added another element to ponder: are websites blocking
our IPs because they see too many connections coming from it?
Options we are considering include implementation of carrier class network
address translation where customers are assigned to a unique port range
which means we can track down offenders with some snooping; using public IP4
addresses; or implementing public IP6 with support IP4). The advantage of
the public IP address use will be that only the “offender” will be impacted
by blacklisting.
David Young
Administrative Coordinator
Town of Warwick
978-729-3224 (mobile)
978-544-6315 (Selectboard office)
413-676-9544 (Broadband service)
From: warwicklist-bounce@xxxxxxxxxxxxx <warwicklist-bounce@xxxxxxxxxxxxx> On
Behalf Of narguimbau
Sent: Tuesday, November 13, 2018 2:35 PM
To: WarwickList@xxxxxxxxxxxxx
Subject: [The-L] Re: - 10/27
My incoming email has been blocked since October 27. Don’t know why.
Trying to fix it.
Nick Arguimbau
Sent from Mail for Windows 10
____________________________________________________________
Gut Doctor "I Beg Americans To Throw Out This Vegetable Now"
food-frauds.com
http://thirdpartyoffers.netzero.net/TGL3242/5bf9b5e5c9c1b35e55c60st03duc
