Monday, June 22, 2015

A fun story

Gather 'round, it's story time with XT.  Hey wait, where are you going?  GET BACK HERE!  THERE AREN'T ANY SNACKS OUT THERE!

Anyway.

So for the longest time, we'd been using glorious Windows Internet Connection Sharing so that all the computers in the house could use our internet connection.  This would have been fine, except for the following:
  • The computer running ICS was set to auto-update at 3AM
  • This meant all internet activity experienced a hiccup shortly thereafter while it rebooted
  • This computer also crashed all the time and was generally unstable as fuck, mostly due to all the shit my parents had loaded onto it
  • ICS is annoying to configure for port forwarding and port translation
At some point, my dad brought home a shitty Netgear WGT624 router, "to play around with".  He had no intention of using it in place of Internet Connection Sharing, whatsoever.  His playing around with it eventually led to the ICS computer deciding "you know what?  Fuck being a DHCP server!" and eventually all the DHCP leases expired and nothing had an IP address anymore.  My dad, not being a network administrator despite steadfastly claiming "I RUN OUR NETWORK YOU DON'T CHANGE ANYTHING WITHOUT MY PERMISSION", had absolutely zero clue why he suddenly couldn't do anything on the network.

Apparently the 169.254.x.x link-local IP address he had didn't set off any flags despite his claims of network administratorship.

I realized what was going on when I noticed that my server was still responding to requests from the internet.  This only happened because rather than obtaining an IP address via DHCP, it expressly said "hey motherfucker this is my IP address deal with it".  I looked around on the internet from work (this was back in 2013 when I had the contract job at Silverchair) and found the freakishly simple way to fix it: netsh winsock reset, and reboot the machine.  Done.

Anyway, remember that wireless router I mentioned, and the fact that the ICS computer was unstable as fuck?  Well, yeah.  It completely died and my dad had to order a new motherboard and boot drive, and then borrow my OEM copy of Windows 7 Professional (that I should really get around to installing, so I can reserve a Windows 10 upgrade).  It was going to take a while for the parts he ordered off the internet to arrive, and I needed an interim solution so I could use the internet.

I grabbed the router, did a little pre-configuring by plugging its uplink directly into my computer and setting my IP address to be on its default subnet, and then it was go time.  Set it up with the uplink plugged into the cable modem, plugged the rest of the network into it, and reset the cable modem so it'd learn a new MAC address.  Internet was back, with the added bonus of having a wireless network, which I'd secured the crap out of.  We ended up keeping this setup around after he rebuilt the computer.

As time went on, this router began repeatedly proving its shittiness.  Here to explain what I mean, is another bullet point rant.
  • It didn't support IPv6.
  • While it supported having more than 10 port forwarding entries, it would only show the first 10 on the config page.
  • No button to reboot the router from the web interface.
  • Periodically it would forget that it was a wireless router, and the wireless interface would just turn off.
  • It would randomly balk at doing more than simple web browsing over the wireless interface, to the point that if I wanted to watch YouTube over it, I had to unplug it and plug it back in to reset it, or face 10 minutes of buffering every 4-5 minutes.  It got so bad that I ended up having to do this every night.
  • Strangely, the wired network was rock solid during all of this.
"Just flash it with dd-wrt!", you say?  Well... I tried.  I'm not an idiot, so I checked the compatibility list first.  The list has the WGT624v1, v2 listed as works in progress, and v4 is listed as compatible, but guess what.  GUESS WHAT.  Yeah, you guessed it.  We had the WGT624v3, which is known incompatible with dd-wrt.  Because I can't easily link you to this, have a screenshot.


Yeah, that fucking sucks.

Well, I coped until recently when my dad got a new modem from Comcast, one of their "all-in-one" things.  Because he likes overpaying for hardware, he leases from them.  Anyway.  The modem and built-in router isn't actually all that bad, save for a completely stupid firewall, which one might argue makes it horrible.  Anyway.  It's leaps and bounds ahead of a Netgear WGT624v3, and that's all that matters.

My dad got around to hooking it up yesterday.  In the meantime, Comcast was doing some things that seriously scared me.  They started EDITING WEB PAGES THAT I REQUESTED to have a note in them saying "lol wtf we sent you a modem and you're not using it".  This prompted me to finally get off my ass and install HTTPS Everywhere.  Anyway.

He activated the router and left configuration to me, ceding to the fact that I've actually been a network administrator and therefore I know my shit.  Because Comcast, I had to search the internet to find the default login information for its web interface because none of the setup materials Comcast had sent us contained it.  I'm guessing a lot of people just hook it up and go, without knowing about the web interface, which is scary considering the default login for the web interface is admin/password.  Dead serious.  That was the first thing I changed, and in doing so, discovered another fail: it only permits alphanumeric passwords.  So I made a long as fuck alphanumeric password.  I also changed the SSID and authentication key so that neither is what's printed on the side of the modem.  Last but not least, I swapped it back to the LAN subnet we'd been using, 192.168.0.0/24, because for some strange reason it defaults to 10.0.0.0/24.

So, one final bullet-point rant, about the modem that Comcast sent us:
  • Shitty firewall options, that only allow for blocking specific incoming ports that so happen to include everything I want to use while not blocking anything else
  • The password for the web interface can only be alphanumeric, so no symbols or spaces.
  • I'm fine with the default SSID and authentication key being printed on the side of the modem, but the giant piece of paper with the activation process on it (which pretty much just says "plug everything in, go to comcast.com/activate, follow the instructions lol") should continue on into setup and direct you to change that shit.  Also, it should have you change the admin password, while it's at it.  The web interface even has a wizard that does this, so it's not like it's overly difficult to explain.
  • Has port forwarding, but no port translation.  This means I can't tell it "listen on this external port and send everything to a local host on this other port" and have easy smoke and mirrors for my web server and SSH, and anything else I want to be accessible that they might want to block.
  • It has port triggering, which is not at all what I want.
  • It has support for dynamic DNS services, but... only for dyndns.org.  No no-ip.com lol what?
  • Comcast is doing this "xfinity wifi hotspot" thing lately that piggybacks on MY internet connection, using MY bandwidth and MY IP address.  Without paying me anything for hosting their shit, or giving me any guarantee that if someone uses the hotspot on my connection for nefarious deeds, that the FBI won't come and take all my shit and send me to prison instead of the guilty party.  And apparently this is opt-out only, but they sneakily turn it back on when you're not looking.  Public Enemy #1: Comcast.
So, yeah.  No more shitty Netgear router that I have to reset once every 24 hours, but... Comcast.

No comments:

Post a Comment

I moderate comments because when Blogger originally implemented a spam filter it wouldn't work without comment moderation enabled. So if your comment doesn't show up right away, that would be why.