Become your own ISP for fun, or because Ajit Pai gets his way

Subject: General Tech | November 21, 2017 - 02:03 PM |
Tagged: isp, networking, Internet, net neutrality, Autonomous System

If you are reading this from the US you probably have an opinion about the news out of the FCC today and should probably express that opinion to your various congress critters, even though Ajit Pai has stated he won't listen.  As a backup plan you might want to take a read through this article over at Hack a Day which describes how you can set yourself up as your own ISP, aka an Autonomous System.  The process is nowhere near as simple as setting up a home internet connection and you will need some dedicated equipment you may or may not have lying around.  Those who live outside the USA should still take a look as there is some very interesting learning material in the article.

2017-11-08 17.54.29_clean.jpg

"It was during the purchase of data centre rack space that [Kenneth]’s challenge was laid down by a friend. Rather then simply rely on the connection provided by the data centre, they would instead rely on forging their own connection to the ‘net, essentially becoming their own Internet Service Provider."

Here is some more Tech News from around the web:

Tech Talk

Source: Hack a Day

AmpliFi Announces Teleport, a Zero-Config VPN For Travelers

Subject: Networking | November 7, 2017 - 10:00 PM |
Tagged: wi-fi, vpn, ubiquiti, networking, mesh, Amplifi HD, amplifi

Earlier this year we took a look at the AmpliFi HD Home Wi-Fi System as part of our review of mesh wireless network devices. AmpliFi is the consumer-targeted brand of enterprise-focused Ubiquiti Networks, and while we preferred the eero Mesh Wi-Fi System in our initial look, the AmpliFi HD still offered great performance and some unique features. Today, AmpliFi is introducing a new member of its networking family called AmpliFi Teleport, a "plug-and-play" device that provides a secure connection to users' home networks from anywhere.

amplifi-teleport-front-back.jpg

Essentially a zero-configuration hardware-based VPN, the Teleport is linked with a user's AmpliFi account, which automatically creates a secure connection to the user's AmpliFi HD Wi-Fi System at home. Users take the small (75.85mm x 43mm x 39mm) Teleport device with them on the road, plug it in and connect it to the public Wi-Fi or Ethernet, and then connect their personal devices to the Teleport.

amplifi-specs.jpg

This provides a secure connection for private Internet traffic, but also allows access to local resources on the home network, including NAS devices, file shares, and home automation products. AmpliFi also touts that this would allow users to view their local streaming content even in locations where it would otherwise be unavailable -- e.g., watching U.S. Netflix shows while overseas, or streaming your favorite sports team while in a city where the game is blacked out.

In addition to traveling, AmpliFi notes that those with multiple homes or a vacation cottage could also benefit from Teleport, as it would allow you to share the same network resources and media streaming access regardless of location. In any case, a device like Teleport is still reliant on the speed and quality of your home and remote Internet connections, so there may be cases where network speeds are so low that it makes the device useless. That, of course, is a factor that would plague any network-dependent service or device, so while it's not a mark against the Teleport, it's something to keep in mind.

Teleport's features, while incredibly useful, are of course familiar to those experienced with VPNs and other secure remote connection methods. In terms of overall functionality, the AmpliFi Teleport isn't offering anything new here. The benefit, therefore, is its simple setup and configuration. Users don't need to setup and run a VPN on their home hardware, subscribe to a third party VPN service, or know anything about encryption protocols, firewall configuration, or network tunneling. They simply need to plug the Teleport into power, follow the connection guide, and that's it -- they're up and running with a secure connection to their home network.

amplifi-teleport-package.jpg

You'll pay for this convenience, however, as the Teleport isn't cheap. It's launching today on Kickstarter with "early bird" pricing of $199, which will get you the Teleport device and the required AmpliFi HD router. A second round of early purchasers will see that price increase to $229, while final pricing is $269. Again, that's just for the Teleport and the router. A kit including two AmpliFi mesh access points is $399. There's no word on standalone pricing for the Teleport device only for those who already have an AmpliFi mesh network at home.

Regardless of the package, once you have the hardware there's no extra cost or subscription fee to use the Teleport, so frequent travelers might find the system worth it when compared to some other subscription-based VPN services.

The AmpliFi Teleport is expected to ship to early purchasers in December. We don't have the hardware in hand yet for performance testing, but AmpliFi has promised to loan us review samples as the product gets closer to shipping. Check out the Teleport Kickstarter page and AmpliFi's website for more information.

Source: Kickstarter
Author:
Subject: Networking
Manufacturer: Ubiquiti Networks

Ubiquiti Upgrade

For longtime readers, it should come as no surprise the robustness of our internal network at the PC Perspective offices isn't necessarily our primary focus. We spend a lot of time here dealing with misbehaving hardware and software, so when something works, we tend to stick with it—especially when our day-to-day workflow depends on it.
 
However, I have recently taken it upon myself to make some changes. The main impetus for this project was our desire to move to a mostly 10 Gigabit-enabled network. With the release of lower cost NICs such as the ASUS XG-C100C, it finally started to seem like the right time to 
upgrade our network.
 
7585220640.jpeg
 
Previously—and try not to laugh too hard—the backbone of our production network was the Zyxel Gateway included with our Gigabit fiber service from our ISP. Honestly, this piece of hardware worked surprisingly well. We were able to get full Gigabit download speeds (our upload speed is restricted at the ISP level to about 300Mbps), and it worked without much of a fuss. The router interface was fairly awful, and confusing at times, but it worked. Additionally, we were using an ASUS RT-AC66U as an access point, not the built-in wireless from the Zyxel.
 
In the past few months, we started to see some odd performance issues with our network and streaming video. While we could do standard file transfers and HTTP traffic at the full 300Mbps upload speed, video streaming from applications like Plex seemed to stop working at about 4 or 5 Mbps. After diagnosing our internal network performance, we started to place blame on the ISP-provided Zyxel gateway.
 
After talking to a few friends who are invested into the HomeLab communities and doing some additional research, I decided that while roll-your-own solutions like pfSense are compelling and have come a long way, they weren't quite right for us. We were looking for more of a turnkey solution that remained flexible, but would also require less initial setup.
 
unifi-SDN.png
 

ICANN not update the root KSK system on schedule

Subject: General Tech | September 29, 2017 - 12:53 PM |
Tagged: icann, bind, dns, ksk, networking, security

ICANN have had to delay their planned upgrade to the root key signing keys used by DNS thanks to between 5-8% of key validators lacking the new KSK key.  If a validator only possess the 2010 key, they would no longer be able to resolve DNS properly and the vast majority of the internet would disappear for stuck on the old system.  The Register points out that the problem will actually be much larger as ICANN assumed that everyone has updated to the newest version of BIND DNS database, and only scanned those validators using the newest version. 

The reason for the update is to increase the length of the root KSK that DNS depends on, which will greatly increase the security of anyone surfing the net and to help move this forward ICANN will be publishing a list of those out of date validators in the hopes publicity will spur them to upgrade.  As with IPv6, we will wait and see.

dnskeyen.PNG

"A multi-year effort to update the internet's overall security has been put on hold just days before it was due to be introduced, over fears that as many as 60 million people could be forced offline."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Linksys Announces WRT32X Gaming Router with Killer Prioritization Engine

Subject: General Tech | August 22, 2017 - 12:00 AM |
Tagged: WRT32X, router, networking, linksys, Killer Prioritization Engine, Killer Networking, gaming, AC3200

Linksys has announced a router that they say is 'built purely for gaming' with the WRT32X, an AC3200 router with a 1.8 GHz dual-core processor and built-in Killer Prioritization Engine.

WRT32X.jpg

"The WRT32X takes gaming to the next level. The router built purely for gaming features AC3200 speed and the Killer Prioritization Engine. The Killer Prioritization Engine identifies, prioritizes and accelerates gaming network traffic above all other devices in your home to deliver a faster, superior gaming experience. The Killer-enabled WRT32X also synchronizes with Killer-enabled PCs to give gaming traffic the highest priority on your network. Turning the Killer Engine on protects from extreme lag spikes and reduces lag by 77%, delivering consistent and superior reaction time during intense gaming scenarios."

Linksys lists the features of the WRT32X as follows:

  • 1.8 GHz CPU: Dual-Core promotes simultaneous high-speed data processing.
  • Pro-grade Gigabit Ethernet Switch: Gigabit (10/100/1000) is 10X faster than Fast Ethernet.
  • Dual-Band (2.4 + 5 GHz): N600 + AC2600 Mbps.
  • Killer Prioritization Engine: The first router that prioritizes gaming.
  • Advanced Security: WPA2 encryption and SPI rewall help keep your network safely connected.
  • Customized Gaming Interface: Custom-built interface and firmware for gaming traffic control.
  • 256MB Flash and 512MB of RAM Memory: Handle more without delay for optimal performance.
  • 4 High-Performance Antennas: Engineered to enhance dual-band communication; four external, adjustable antennas ensure supreme Wi-Fi signal strength.
  • eSATA, USB 3.0, and USB 2.0 Ports: Share content via an external storage device with ultra-fast data transfer speeds. USB 3.0 delivers enhanced performance over USB 2.0; eSATA delivers optimal data transfer speeds from external SATA drives and accommodates USB 2.0.

WRT32X_2.jpg

The WRT32X carries an MSRP of $329.99, with availability TBA.

Source: Linksys

Samba Developers Release Patch For Remote Code Execution Vulnerability (CVE-2017-7494)

Subject: General Tech | May 28, 2017 - 07:10 PM |
Tagged: samba, linux, ransomware, security, networking

Last week, the development team behind Samba – popular software suite used on Linux and Unix clients and servers that uses TCP/IP protocol for file and print sharing to SMB/CIFS clients (including Microsoft Windows) – released a security advisory along with patches for a remote code execution hole that has been present in Samba for seven years since the release of Samba 3.5.0 in March 2010. The vulnerability, classified under CVE-2017-7494, allows an attacker to upload malicious code to a Samba server and get the server to run the code by sending a malformed IPC request that references the local file path. The Samba server will run the code in the malicious shared library (.so) file even though it is from an untrusted remote source.

Samba logo.jpg

The bad news is that this is a fairly serious flaw that could lead to an attacker successfully holding a business or home user’s files (including backups!) at ransom, stealing data, or using the now owned file server to attack other network resources that trust the file server. If not securely configured (e.g. allowing anonymous writes), the attack could even be wormable which would allow it to self-replicate across the network or Internet. Further, while various security firms have slightly different numbers, they all seem to agree that around 100,000 Internet-accessible machines are running vulnerable versions of Samba.

It is not all bad news though, and in some respects this vulnerability is not as big of an issue as the WannaCry ransomware and EternalBlue SMB vulnerability because in order to successfully exploit the Samba flaw an attacker needs to obtain credentials to upload the malicious code to the file share(s) which need to be writeable in the first place and not running as noexec under a SELinux policy. Also, attackers need to know or guess the local path name of the files on the file share to send the malformed IPC request. More importantly, the Samba team released three security releases (4.6.4, 4.5.10, and 4.4.14) for the newer branches and is working with OS distributions on providing patches for older Samba versions. For systems that cannot be updated or patched, there is also a workaround that can be implemented by modifying the global Samba config file to contain the setting “nt pipe support = no”. While this will break some expected Windows functionality (mainly machines will not be able to access null shares and will need to use the specific share path rather than just the server path), it will make it so that Samba will not accept the malicious requests.

Perhaps the most worrying aspect of this vulnerability is that security researchers estimate that up to 90% of the vulnerable Internet-connected Samba endpoints do not have a direct patch or update available yet and may not ever get one. While the enterprise hardware and even bigger consumer and SMB hardware providers will provide support for this in the form of patches or firmware updates, there is a sea of home routers, NAS boxes, file and print servers, and IoT devices running on home networks that are not open to user updates and may not ever get firmware updates. The best thing to do in this scenario according to the security advisory (if you can’t just not use it or replace it with different hardware that can be patched or isn’t affected of course) is to not expose it to the Internet. There would still be a risk of it being exploited should someone get a virus on a client machine through email, malicious downloads, or social engineering though. Considering these home NAS devices are usually used as destinations for backups, the risk of ransomware not only infecting client machines but also the main file share and network backups is scary. I have always been a fan of offline and/or cloud backups and in these modern times they are more important than ever with the rise of ransomware and other profit motivated viruses.

If you are not sure if your network is affected, there are tools being made available (including a Metasploit module, nmap scripts, and Internet scans) to help you determine that and reduce your attack surface using that information by updating to the latest security release, applying patches, updating, using SELinux policies to prevent the server from executing files itself, and preventing them from communicating with the Internet in order of effectiveness.

All that is to say don’t panic, stay vigilant, and make sure your important data is properly backed up and secured as much as possible!

Source: Samba.org
Author:
Subject: Networking
Manufacturer: Various

Introduction

Back in February we took a quick initial look at the eero Home Wi-Fi System, one of several new entrants in the burgeoning Mesh Networking industry. Like its competitors, eero's goal is to increase home Wi-Fi performance and coverage by switching from a system based upon a powerful standalone router to one which utilizes multiple lower power wireless base stations positioned throughout a home.

mesh-wifi-feat-img.jpg

The idea is that these multiple wireless access points, which are configured to communicate with each other automatically via proprietary software, can not only increase the range of your home Wi-Fi network, but also reduce the burden of our ever-increasing number of wireless devices on any one single access point.

mesh-network-amplifi.jpg

There are a number of mesh Wi-Fi systems already available from both established networking companies as well as industry newcomers, with more set for release this year. We don't have every system ready to test just yet, but join us as we take a look at three popular options to see if mesh networking performance lives up to the hype.

Continue reading our review of eero, Google Wifi, and AmpliFi!

Why the world of WiFi is as murky as the HiFi market

Subject: General Tech | March 6, 2017 - 01:42 PM |
Tagged: wifi, networking

Our own Sebastian Peak has delved into the nightmare world of testing WiFi, specifically MU-MIMO and explained some of the difficulties you encounter when testing wireless networks.  It is now Ars Technica's turn to try to explain why your 2.4GHz router never delivers the advertised 1,000 Mbps as well as how to test your actual performance.  As with many products, the marketing team has little interest in what the engineers are saying, they simply want phrases they can stick on their packaging and PR materials.  While the engineers are still pointing out that even the best case scenarios involving a single user less than 10 feet away, with clear line of sight will not reach the theoretical performance peak, the PR with that high number has already been emailed and packages are printing. 

Drop by Ars Technica for a look at how the current state of WiFi has evolved into this mess, as well as a dive into how the new technologies work and what performance you can actually expect from them.

TP-Link Talon AD7200.jpg

"802.11n was introduced to the consumer public around 2010, promising six hundred Mbps. Wow! Okay, so it's not as fast as the gigabit wired Ethernet that just started getting affordable around the same time, but six times faster than wired Fast Ethernet, right? Once again, a reasonable real-life expectation was around a tenth of that. Maybe. On a good day. To a single device."

Here is some more Tech News from around the web:

Tech Talk

Source: Ars Technica

CES 2017: Netgear Shows Off Nighthawk S8000 Semi-Managed Switch

Subject: General Tech | January 8, 2017 - 11:58 AM |
Tagged: networking, netgear, CES 2017, CES

Netgear introduced a new semi-managed switch under its Nighthawk brand called the Nighthawk S8000. The new gigabit switch offers eight ports and a GUI web management interface.

s7_image.png

The Nighthawk S8000 keeps the stealth bomber design aesthetic of its larger router brethren with clean lines, sharp angles, and a dark zinc alloy housing. The one downside to this design is that these switches are not stackable but if you need that many ports you are probably looking at a bigger single switch anyway.

Exact specifications are not yet available, but the Layer 2 GS808E switch reportedly offers per-port prioritization and QoS (Quality of Service), DoS (Denial of Service) protection, and IGMP snooping (they don't list which version though so I can't say if this would work well with AT&T Uverse and running TV and PCs on). There are reportedly three pre-set modes and two user customizable profiles that can be set for each port depending on usage: gaming, media streaming, and standard LAN. Further, there are four (Netgear’s site lists 3 in some places) levels of prioritization.

The gigabit switch does support link aggregation (port trunking) up to 4 ports for a single 4Gbps connection to devices that also support link aggregation. This can be configured as a single 4Gbps connection or as redundancy in case one port or cable fails. The use case for something like this would be multiple PCs sending and receiving large amounts of data from a NAS at the same time where the wider connection back to the switch can be meaningfully utilized.

The Nighthawk S8000 comes with a 3 year warranty and will be available in March for $99.99.

There may be better options, especially at $99.99 but fans of Netgear’s Nighthawk wireless routers might be interested. It is hard to say if it is worth the price yet as independent reviews are not out yet. For those interested, PC Gamer has more photos of the switch.

Coverage of CES 2017 is brought to you by NVIDIA!

PC Perspective's CES 2017 coverage is sponsored by NVIDIA.

Follow all of our coverage of the show at https://pcper.com/ces!

Source: Netgear

Rivet Networks Announces Killer E2500 Gigabit Ethernet Controller

Subject: Networking | September 15, 2016 - 04:42 PM |
Tagged: Rivet Networks, NiC, networking, Killer Networking, Killer E2500, Ethernet, controller

Rivet Networks have announced the new Killer E2500 Gigabit Ethernet controller, and they are partnering with MSI and GIGABYTE to bring the new controller to consumer gaming motherboards.

hero-e2500-Multipurpose_831c21c9461fd22a813a2ed4012dee1f.jpg

“The Killer E2500 delivers powerful networking technology to gamers and performance users, including significant new enhancements to its Advanced Stream Detect 2.0 Technology and the all new Killer Control Center. In addition to detecting and optimally prioritizing your games, video, and voice applications with Advanced Stream Detect 2.0 Technology, the Killer E2500 also detects and manages 500+ of the top global websites.”

The networking performance is said to be improved considerably with the new controller and software, with "Lag and Latency Reduction Technology":

KillerE2500_NetworkingPerformanceChart.jpg

“Through its patented technology, Killer is able to get network packets to your applications and web browsers up to 25% faster than the competition during single application usage, and potentially by more than 10x faster when multitasking.”

As I quickly realized when reviewing the Killer Wireless-AC 1535 last year, the software is just as important as the hardware with a Killer adapter. For the new E2500, the Killer Control Center has been re-designed, to provide “users full control of all aspects of their system’s networking performance”.

KillerE2500_GamingPerformance.jpg

Rivet Networks describes the functionality of this Killer Control Center software, which allows users to control:

  • The priority of each application and popular website
  • The bandwidth used by each application and popular website
  • The Killer interface that each application is going over
  • The total bandwidth being used by system

I found that enabling the Killer Software bandwidth management to significantly affect latency when gaming (which you can see here, again revisiting the AC 1535 review), and Rivet Networks is confident that this new system will offer even better performance. We’ll know exactly how this new controller and software performs once we have one of the new motherboards featuring this E2500 controller onboard.