From: Digest <deadmail>
To: "OS/2GenAu Digest"<deadmail>
Date: Thu, 4 Sep 2008 00:01:16 EST-10EDT,10,1,0,7200,4,1,0,7200,3600
Subject: [os2genau_digest] No. 1700
Reply-To: <deadmail>
X-List-Unsubscribe: www.os2site.com/list/

**************************************************
Wednesday 03 September 2008
 Number  1700
**************************************************

Subjects for today
 
1   Web page blocked : Dennis Nolan <dennis at jeg-og dot com>
2  Re:  Web page blocked : Ed Durrant <edurrant at durrant dot mine dot nu>
3   Web page blocking sorted out. : Dennis Nolan <dennis at jeg-og dot com>
4  Re:  Web page blocked : Ed Durrant <edurrant at durrant dot mine dot nu>
5  Re:  Web page blocked : Ian Manners" <deadmail>
6  Re:  Web page blocked : Ed Durrant <edurrant at durrant dot mine dot nu>
7  Re:  Web page blocked : Ian Manners" <deadmail>
8  Re:  Web page blocked : Paul Smedley" <paul at smedley dot id dot au>
9  Re:  Web page blocked : Ed Durrant <edurrant at durrant dot mine dot nu>
10  Re:  Web page blocked : Dennis Nolan <dennis at jeg-og dot com>
11  Re:  USB Modems and eCS : John Angelico" <talldad at kepl dot com dot au>

**= Email   1 ==========================**

Date:  Wed, 03 Sep 2008 09:14:35 +1000
From:  Dennis Nolan <dennis at jeg-og dot com>
Subject:   Web page blocked

Hi everyone,

I'm having a problem accessing the Australian Photographic Society web site.

Yesterday afternoon to all intents and purposes it went off the air.

This morning it was still off the air.

I now find out it is up and running.

The extract below is an excerpt from the event log of my broadband router.




Sep 03 09:00:29 home.gateway:firewall:info: 1243300.784 Blocked Prot=6, 
202.60.78.25:80 > 202.164.203.195:50353, AS Seq=41393978, Ack=2122514980 
-Black List Defense

Can anyone enlighten me as to the cause, and point me to enlightenment?

Regards

Dennis.

----------------------------------------------------------------------------------
 

**= Email   2 ==========================**

Date:  Wed, 03 Sep 2008 09:37:25 +1000
From:  Ed Durrant <edurrant at durrant dot mine dot nu>
Subject:  Re:  Web page blocked

Dennis Nolan wrote:
> Hi everyone,
>
> I'm having a problem accessing the Australian Photographic Society web 
> site.
>
> Yesterday afternoon to all intents and purposes it went off the air.
>
> This morning it was still off the air.
>
> I now find out it is up and running.
>
> The extract below is an excerpt from the event log of my broadband 
> router.
>
>
>
>
> Sep 03 09:00:29 home.gateway:firewall:info: 1243300.784 Blocked 
> Prot=6, 202.60.78.25:80 > 202.164.203.195:50353, AS Seq=41393978, 
> Ack=2122514980 -Black List Defense
>
> Can anyone enlighten me as to the cause, and point me to enlightenment?
>
> Regards
>
> Dennis.
>
That IP address (and hence site) has been blocked as it is listed as a 
site that distributes virus / spam infected code. BUT it appears that a 
complete range of addresses have been blocked - sounds like a dodgy 
piece of software in your router. I would disable it personally and have 
the protection on the individual Windoze machines attached to it.

Cheers/2

Ed.
----------------------------------------------------------------------------------
 

**= Email   3 ==========================**

Date:  Wed, 03 Sep 2008 09:41:17 +1000
From:  Dennis Nolan <dennis at jeg-og dot com>
Subject:   Web page blocking sorted out.

Hi all

It seems that my broadband router has what they call sophisticated 
intrusion detection which automatically blacklists sites which the modem 
considers to be attacking it.

No warning to the user, just do it and the site disappears forever from 
your computer.

Regards

Dennis.
----------------------------------------------------------------------------------
 

**= Email   4 ==========================**

Date:  Wed, 03 Sep 2008 09:44:48 +1000
From:  Ed Durrant <edurrant at durrant dot mine dot nu>
Subject:  Re:  Web page blocked

Ed Durrant wrote:
> Dennis Nolan wrote:
>> Hi everyone,
>>
>> I'm having a problem accessing the Australian Photographic Society 
>> web site.
>>
>> Yesterday afternoon to all intents and purposes it went off the air.
>>
>> This morning it was still off the air.
>>
>> I now find out it is up and running.
>>
>> The extract below is an excerpt from the event log of my broadband 
>> router.
>>
>>
>>
>>
>> Sep 03 09:00:29 home.gateway:firewall:info: 1243300.784 Blocked 
>> Prot=6, 202.60.78.25:80 > 202.164.203.195:50353, AS Seq=41393978, 
>> Ack=2122514980 -Black List Defense
>>
>> Can anyone enlighten me as to the cause, and point me to enlightenment?
>>
>> Regards
>>
>> Dennis.
>>
> That IP address (and hence site) has been blocked as it is listed as a 
> site that distributes virus / spam infected code. BUT it appears that 
> a complete range of addresses have been blocked - sounds like a dodgy 
> piece of software in your router. I would disable it personally and 
> have the protection on the individual Windoze machines attached to it.
>
> Cheers/2
>
> Ed.
Forgot to ask, is this broadband router managed by your Telco/ISP and if 
so who is that?
If so, you may not be able to disable this feature and you should call 
them and complain strongly about there removal of a contracted service 
etc. etc. - in some cases they will rebate some of your monthly fees as 
an apology for their error.

Cheers/2

Ed.
----------------------------------------------------------------------------------
 

**= Email   5 ==========================**

Date:  Wed, 03 Sep 2008 10:27:04 +1000 (EST)
From:  "Ian Manners" <deadmail>
Subject:  Re:  Web page blocked

Hi Ed,

>That IP address (and hence site) has been blocked as it is listed as a 
>site that distributes virus / spam infected code. BUT it appears that a 
>complete range of addresses have been blocked - sounds like a dodgy 
>piece of software in your router. I would disable it personally and have 
>the protection on the individual Windoze machines attached to it.

I would leave it enabled.

You might be surprised at the large number of websites with iFrame
exploits out there, there were almost a 40 .gov.au websites a couple
of weeks ago there were using iframes to redirect people to download
virus/worm/bot software.

Cheers
Ian Manners
http://www.os2site dot com/

----------------------------------------------------------------------------------
 
**= Email   6 ==========================**

Date:  Wed, 03 Sep 2008 12:37:54 +1000
From:  Ed Durrant <edurrant at durrant dot mine dot nu>
Subject:  Re:  Web page blocked

Ian Manners wrote:
> Hi Ed,
>
>   
>> That IP address (and hence site) has been blocked as it is listed as a 
>> site that distributes virus / spam infected code. BUT it appears that a 
>> complete range of addresses have been blocked - sounds like a dodgy 
>> piece of software in your router. I would disable it personally and have 
>> the protection on the individual Windoze machines attached to it.
>>     
>
> I would leave it enabled.
>
> You might be surprised at the large number of websites with iFrame
> exploits out there, there were almost a 40 .gov.au websites a couple
> of weeks ago there were using iframes to redirect people to download
> virus/worm/bot software.
>
> Cheers
> Ian Manners
> http://www.os2site dot com/
>
>   
It needs to be a balance however. As Denis's ISP (most likely through an 
error) blocked content from not just one website, but if I interpreted 
the data correctly a VERY large range of IP addresses - hos access to 
many parts of the internet would have been turned off.

My guess would be that this was done in error, however I am not happy 
with fact that it is technically possible - it is akin to the political 
censorship on the Chinese access to the Internet. What if an ISP were to 
block access to their competitors site when they have a special online 
only offer on trying to win the business.

I'd prefer to have control over this - for all I know, I may be in the 
same situation with my Telstra two wire (that's name of the 
manufacturer) ADSL modem/router.

Cheers/2

Ed.
----------------------------------------------------------------------------------
 

**= Email   7 ==========================**

Date:  Wed, 03 Sep 2008 12:53:36 +1000 (EST)
From:  "Ian Manners" <deadmail>
Subject:  Re:  Web page blocked

Hi Ed,

>It needs to be a balance however. As Denis's ISP (most likely through an 
>error) blocked content from not just one website, but if I interpreted 
>the data correctly a VERY large range of IP addresses - hos access to 
>many parts of the internet would have been turned off.

Looks like the router is doing it, not the ISP.

If it was the ISP, it was probably a Border Router problem, and
accidental,
happens every now and then.

I tend to not think of ">" as meaning "to" as all the routers that have
intellegence firewalls BL only the originating IP address.

[C:\]host 202.60.78.25
25.78.60.202.IN-ADDR.ARPA domain name pointer austphotosoc.a-p-s dot org dot au

[C:\]host 202.164.203.195
195.203.164.202.IN-ADDR.ARPA domain name pointer
202.164.203.195.dynamic.rev.aan
et dot com dot au

>My guess would be that this was done in error, however I am not happy 
>with fact that it is technically possible - it is akin to the political 
>censorship on the Chinese access to the Internet. What if an ISP were to 
>block access to their competitors site when they have a special online 
>only offer on trying to win the business.

Different, its the router thats doing it, not the ISP. I would only
be concerned if it was causing a lot more browsing/communications
problems.

>I'd prefer to have control over this - for all I know, I may be in the 
>same situation with my Telstra two wire (that's name of the 
>manufacturer) ADSL modem/router.

Telstra go for the cheapest options and the one with less support
required so I'd hazard a guess that if you ADSL modem/router
has the capability, it would be turned off as a default :-)

Cheers
Ian Manners
http://www.os2site dot com/

----------------------------------------------------------------------------------
 
**= Email   8 ==========================**

Date:  Wed, 03 Sep 2008 14:35:15 +0930
From:  "Paul Smedley" <paul at smedley dot id dot au>
Subject:  Re:  Web page blocked

Hi Ed,

On Wed, 03 Sep 2008 12:37:54 +1000
  Ed Durrant <edurrant at durrant dot mine dot nu> wrote:
> It needs to be a balance however. As Denis's ISP (most 
>likely through an error) blocked content from not just 
>one website, but if I interpreted the data correctly a 
>VERY large range of IP addresses - hos access to many 
>parts of the internet would have been turned off.
> 
> My guess would be that this was done in error, however I 
>am not happy with fact that it is technically possible - 
>it is akin to the political censorship on the Chinese 
>access to the Internet. What if an ISP were to block 
>access to their competitors site when they have a special 
>online only offer on trying to win the business.
> 
> I'd prefer to have control over this - for all I know, I 
>may be in the same situation with my Telstra two wire 
>(that's name of the manufacturer) ADSL modem/router.

I doubt it's anything to do with the ISP.... Most (all?) 
Billion routers for example come with SPI (Stateful Packet 
Intrusion) that can be enabled or disabled by the user, 
but can easily end up blocking IP ranges......
----------------------------------------------------------------------------------
 

**= Email   9 ==========================**

Date:  Wed, 03 Sep 2008 15:48:24 +1000
From:  Ed Durrant <edurrant at durrant dot mine dot nu>
Subject:  Re:  Web page blocked

Ian Manners wrote:
> Hi Ed,
>
>   
>> It needs to be a balance however. As Denis's ISP (most likely through an 
>> error) blocked content from not just one website, but if I interpreted 
>> the data correctly a VERY large range of IP addresses - hos access to 
>> many parts of the internet would have been turned off.
>>     
>
> Looks like the router is doing it, not the ISP.
>
>   
So how did it get changed ? Do routers "call home" for such blocking 
actions ? Can routers access web based blacklists ?

I'm sure Denis didn't change this setting.

Cheers/2

Ed.
----------------------------------------------------------------------------------
 

**= Email   10 ==========================**

Date:  Wed, 03 Sep 2008 17:30:20 +1000
From:  Dennis Nolan <dennis at jeg-og dot com>
Subject:  Re:  Web page blocked

Hi all

It was the router.

Yesterday afternoon I was accessing the APS web site when it suddenly 
started to give Network timeout errors.

I checked other web sites and had no problems and so assumed that the 
APS site was down, as sites sometimes do.

I went out last night and so this morning tried to go to the APS site 
and got the same Network timeout message.

I made inquiries and was informed that the APS site was up and running.

I then started to investigate the event log of the modem and thought the 
  Black List Defense notation was worth investigating, and began 
investigating the message.

I found some messages about it via Google and it seemed to indicate that 
it could be cleared up in the modem configuration.

I found the place which allows the Blacklist to be cleared and the APS 
site is now accessible.

I just feel for those others who purchase this router that are unable to 
find out about this "Feature". After all it is a consumer product.

In my opinion the router should get conformation from the user before 
permenately blocking a site, or at least report that the firewall is 
blocking the request instead of doing nothing and having the web browser 
report a Network timeout.

Regards
Dennis.



Ed Durrant wrote:
> Ian Manners wrote:
>> Hi Ed,
>>
>>  
>>> It needs to be a balance however. As Denis's ISP (most likely through 
>>> an error) blocked content from not just one website, but if I 
>>> interpreted the data correctly a VERY large range of IP addresses - 
>>> hos access to many parts of the internet would have been turned off.
>>>     
>>
>> Looks like the router is doing it, not the ISP.
>>
>>   
> So how did it get changed ? Do routers "call home" for such blocking 
> actions ? Can routers access web based blacklists ?
> 
> I'm sure Denis didn't change this setting.
> 
> Cheers/2
> 
> Ed.
 
> 
> 

----------------------------------------------------------------------------------
 

**= Email   11 ==========================**

Date:  Wed, 03 Sep 2008 23:22:10 +1000 (AEST)
From:  "John Angelico" <talldad at kepl dot com dot au>
Subject:  Re:  USB Modems and eCS

On Tue, 02 Sep 2008 07:04:25 +1000, Ed Durrant wrote:

>
>Hi John,

Hi Ed.

>  I'm afraid this will have to be a trial and error process, but I think 
>we should be able to make this work.
>
>A few questions / suggestions:
>
> What do you get if you do a "Mode Com8"  at the command line ?? Has it 
>"taken" the parameters you have set.
>
[C:\DESKTOP]mode com8
SYS0020: The system cannot find the device specified.

After fixing the COM.SYS line to what is shown below, I get:
[C:\DESKTOP]mode com2
SYS0021: The drive is not ready.

[C:\DESKTOP]

> Have you get the initialisation string documented somewhere (it may not 
>be *99#). This is the most likely problem.
>

ATZ (simple reset) or ATF (reset to factory defaults)

> Does the modem need to have its networkID set (this will be different 
>dependent upon the Telco. Three for example is '3netaccess' where 
>Vodaphone is 'vfinternet", I think optus is "internet" and so on.

Don't know - can't tell.

>Some telcos also require you to send a userid/password. some dont. (But 
>I don't think we are that far as yet).

I agree we aren't that far yet.

> As you have this working under windoze - can you see any parameters 
>defined there in its set up.

Not many to show but we have them.

>There is some useful background on the device in Wikipedia;  
>http://en.wikipedia dot org/wiki/Huawei_E220
>
>Also has coincidence would have it - I got my regular advert from 
>Netgear yesterday and they feature a 3G router that you can either plug 
>a PCMCIA or 3G USB modem (this one included) into, to be able to share 
>your 3G network connection with multiple PCs, either wirelessly or via 
>cabled ethernet - it has a table of network specific codes:
>
>I will find that link if I can and send you it later today.
>
>Whoops forgot - can you also post your com port set up lines from 
>config.sys please ?

I think this is where we are deficient.
We have:
DEVICE=C:\AMouse\AMOUSE.SYS
DEVICE=C:\OS2\BOOT\COM.SYS /F
DEVICE=C:\OS2\MDOS\VCOM.SYS

We probably need
DEVICE=C:\OS2\BOOT\COM.SYS (2,2f8,3)
and need to use COM2 for this exercise

Now set those into CONFIG.SYS and the error message changes (above) but ZOC
still says "Can't open com2"

Small progress :-(.





Best regards
John Angelico
OS/2 SIG
os2 at melbpc dot org dot au or 
talldad at kepl dot com dot au
___________________
----------------------------------------------------------------------------------
 

