artphoto by splunge
artphoto by TheophileEscargot
artphoto by Kronos_to_Earth
artphoto by ethylene





Mecha Wiki

Metachat Eye


IRC Channels



Comment Feed:


25 June 2005

Ask MeatChat Advanced cable modem home self defense:
First, please feel free to welcome me back to teh intarweb after a long week of moving heavy boxes of books and blinky things. Or if so moved, boo and throw poop, whichever.

It's been a long week - the longest I've gone without regular access to broadband in 4-5 years or so. Well, I've gone longer by choice on trips and quests and whatnot, but even then I always knew that somewhere at home or near home there was at least a slightly plump pipe and a box of blinkenlights happily packeting away, just waiting to be commanded and tickled and massaged and otherwise ordered around.

Having already chosen the apartment for reasons of economics, palatial size and location, and bizarrely finding myself more than 18k feet from my new and highly disreputable switching-house of overpriced twisted copper strands and dialtone-service, I've had to bite the bullet and make with the schlub-schlub noises on the Cox, what with the coaxial wanging and the most hateful avoidance of purchasing these needless extra features like useless "teevee" channels and the shared local loop-de-looping and the extra-extreme insecurity and Trojaning.

This is the first time I've been unable to get DSL or even low speed PPPoE aDSL.

After a great deal of tracing cables around the roof and eves of the new hovel in extreme heat, lightning and unseasonally early moonsoon weather, after making the hideous mistake of calling Cox support from a payphone on a 110 degree Friday night and holding for (literally) 45 minutes just to get the entirely unrequired "master account username and password" that only is used for their useless spyware and IE browser hijacking, I finally got a solid link and connected my poor, naked, and unpatched Win2K fileserver box to the cable modem and recieved three Windows Messaging popups and a browser hijack before I could manage to download FireFox and ZoneAlarm and gouge my own brain out with a rusty backplane cover.

Normally, this box (and all others) runs behind a (yet to be unpacked and installed) consumer hardware firewall and on a DSL line, so you can imagine my panic when I finally got an IP and spoke aloud the words "D'oH! FIREWALL! CABLE MODEM! UNPATCHED WINDOWS! SWEET, SASSY JESUS ON A DOGSHIT-TRAMPOLINE IN A PETTICOAT!"

Anyway, my question: Please bless me with your cable-modem self defense tips at your leisure. Cox sucks, but not as badly as no broadband at all.

Linux is an option - but not a permanent one, as I have a buncha audio and visual creative-type wares that have no Linux counterparts. What ports do you block? What should I do that I wouldn't normally do on a DSL?

Also, how do I deal with customer "service" if and when in the future they start bandwidth capping me and blocking my perfectly legitimate ports for things like Creative Commons torrents, or soulseek transfers? SSH? (s)FTP? My Terms of Service actually forbids VPN, WTF? Are they going to start blocking SSH as well if/when I tunnel through it?

Should I just kiss any illusions of ever having any sort of real internet experience ever again goodbye?

Many, many thanks in advance.

Also, feel free to just generally whinge about cable modems and share horror stories. And I hope you had as much fun reading some of this as I had writing it. My fingers have been itchy, they like typing.
Oh, I will say one nice thing for Cox, it's sure fast coming down the stream, but then they have yet to discover I could probably pull down a gig a month in text alone, not to mention shoutcast streams and whatever else. Haven't tried sending anything up yet
posted by loquacious 25 June | 04:46
I'd head over to speed guide and nab tcp optimizer and the registry tweak they have there, that'll increase your upload speed a tad. I've been using both since I got online with cable and it does make a difference. There is also the tests and tools at dsl reports.

ps: I looooove the speed I get with cable but don't get me started about the neighbour who sucked the life out of my cable connection while running a server and dumb 1-800 support that couldn't figure their way out of a wet paper bag.
posted by squeak 25 June | 05:04
posted by quonsar 25 June | 08:24
The easiest way to keep yourself safe from the various worms that scan netblocks is to plunk $40 down for one of those wireless gateways/firewalls that assign you a private IP address. Even if you only have one machine, it'll make things considerably safer.

I've had very few problems with my Comcast cable. It doesn't die on me, I'm able to have several VPN tunnels up simultaneously, they don't noticibly cap their bandwidth, nor do they block any ports (except, hopefully, port 25). But I guess it helps that I appear to be the only customer on my particular cable loop in my neighbourhood.
posted by cmonkey 25 June | 10:15
AdMuncher costs a few bucks but makes life on the intarweb much more pleasant with ANY browser.
posted by arse_hat 25 June | 12:13
isn't MeatChat the bareback site that Andrew Sullivan used to like?
posted by matteo 26 June | 08:56
What ports do you block?

Every damn port that I don't use. Is this hard to do on a wintel machine?
posted by dabitch 26 June | 09:06
MeatChat: Marinate? Yes or no?
posted by arse_hat 26 June | 10:41
Every damn port that I don't use. Is this hard to do on a wintel machine?

I've never heard of or discovered any sort of built in firewalling or port-blocking functionality in Windows 95/98/me/2k. XP SP2 might have something like it.

I do have a linksys ethernet/wifi router/gateway that has some pretty nice firewall functionality. Generally I just block whatever I'm not using, turn off WAN-side administration of the linksys box and turn off WAN-side ping.

That should be just about enough. But these consumer router/gateways have known vulnerabilities and weaknesses. But I'd imagine if you compared it to a nice, solid FreeBSD or NetBSD firewall on a box, it'd be like comparing a cheap ACE Hardware deadbolt on a hollowcore dore to a Medeco security lock on a steel firedoor.

I don't really know enough to set up an average-security unix/linux firewall, but I could probably figure it out with a few pots of coffee and some time.

My question was more about if there's anything different I should do on a cable modem, because I've just heard about horror stories with cable modems as compared to DSL lines.

I guess I'm more secure than most, but it just worries the crap out of me that I'm on some kind of shared local loop that behaves like a LAN with god knows who next door, plus the fact it just seems easier to target cable modem IPs.
posted by loquacious 26 June | 11:16
loquacious: I would just like to add you are fortunate to have been on a quest - what was it?
posted by mlis 26 June | 17:47
There Are Bad Times Just Around the Corner, || Misinformation.