From: Digest To: "OS/2GenAu Digest" Date: Thu, 4 Sep 2008 00:01:16 EST-10EDT,10,1,0,7200,4,1,0,7200,3600 Subject: [os2genau_digest] No. 1700 Reply-To: X-List-Unsubscribe: www.os2site.com/list/ ************************************************** Wednesday 03 September 2008 Number 1700 ************************************************** Subjects for today 1 Web page blocked : Dennis Nolan 2 Re: Web page blocked : Ed Durrant 3 Web page blocking sorted out. : Dennis Nolan 4 Re: Web page blocked : Ed Durrant 5 Re: Web page blocked : Ian Manners" 6 Re: Web page blocked : Ed Durrant 7 Re: Web page blocked : Ian Manners" 8 Re: Web page blocked : Paul Smedley" 9 Re: Web page blocked : Ed Durrant 10 Re: Web page blocked : Dennis Nolan 11 Re: USB Modems and eCS : John Angelico" **= Email 1 ==========================** Date: Wed, 03 Sep 2008 09:14:35 +1000 From: Dennis Nolan Subject: Web page blocked Hi everyone, I'm having a problem accessing the Australian Photographic Society web site. Yesterday afternoon to all intents and purposes it went off the air. This morning it was still off the air. I now find out it is up and running. The extract below is an excerpt from the event log of my broadband router. Sep 03 09:00:29 home.gateway:firewall:info: 1243300.784 Blocked Prot=6, 202.60.78.25:80 > 202.164.203.195:50353, AS Seq=41393978, Ack=2122514980 -Black List Defense Can anyone enlighten me as to the cause, and point me to enlightenment? Regards Dennis. ---------------------------------------------------------------------------------- **= Email 2 ==========================** Date: Wed, 03 Sep 2008 09:37:25 +1000 From: Ed Durrant Subject: Re: Web page blocked Dennis Nolan wrote: > Hi everyone, > > I'm having a problem accessing the Australian Photographic Society web > site. > > Yesterday afternoon to all intents and purposes it went off the air. > > This morning it was still off the air. > > I now find out it is up and running. > > The extract below is an excerpt from the event log of my broadband > router. > > > > > Sep 03 09:00:29 home.gateway:firewall:info: 1243300.784 Blocked > Prot=6, 202.60.78.25:80 > 202.164.203.195:50353, AS Seq=41393978, > Ack=2122514980 -Black List Defense > > Can anyone enlighten me as to the cause, and point me to enlightenment? > > Regards > > Dennis. > That IP address (and hence site) has been blocked as it is listed as a site that distributes virus / spam infected code. BUT it appears that a complete range of addresses have been blocked - sounds like a dodgy piece of software in your router. I would disable it personally and have the protection on the individual Windoze machines attached to it. Cheers/2 Ed. ---------------------------------------------------------------------------------- **= Email 3 ==========================** Date: Wed, 03 Sep 2008 09:41:17 +1000 From: Dennis Nolan Subject: Web page blocking sorted out. Hi all It seems that my broadband router has what they call sophisticated intrusion detection which automatically blacklists sites which the modem considers to be attacking it. No warning to the user, just do it and the site disappears forever from your computer. Regards Dennis. ---------------------------------------------------------------------------------- **= Email 4 ==========================** Date: Wed, 03 Sep 2008 09:44:48 +1000 From: Ed Durrant Subject: Re: Web page blocked Ed Durrant wrote: > Dennis Nolan wrote: >> Hi everyone, >> >> I'm having a problem accessing the Australian Photographic Society >> web site. >> >> Yesterday afternoon to all intents and purposes it went off the air. >> >> This morning it was still off the air. >> >> I now find out it is up and running. >> >> The extract below is an excerpt from the event log of my broadband >> router. >> >> >> >> >> Sep 03 09:00:29 home.gateway:firewall:info: 1243300.784 Blocked >> Prot=6, 202.60.78.25:80 > 202.164.203.195:50353, AS Seq=41393978, >> Ack=2122514980 -Black List Defense >> >> Can anyone enlighten me as to the cause, and point me to enlightenment? >> >> Regards >> >> Dennis. >> > That IP address (and hence site) has been blocked as it is listed as a > site that distributes virus / spam infected code. BUT it appears that > a complete range of addresses have been blocked - sounds like a dodgy > piece of software in your router. I would disable it personally and > have the protection on the individual Windoze machines attached to it. > > Cheers/2 > > Ed. Forgot to ask, is this broadband router managed by your Telco/ISP and if so who is that? If so, you may not be able to disable this feature and you should call them and complain strongly about there removal of a contracted service etc. etc. - in some cases they will rebate some of your monthly fees as an apology for their error. Cheers/2 Ed. ---------------------------------------------------------------------------------- **= Email 5 ==========================** Date: Wed, 03 Sep 2008 10:27:04 +1000 (EST) From: "Ian Manners" Subject: Re: Web page blocked Hi Ed, >That IP address (and hence site) has been blocked as it is listed as a >site that distributes virus / spam infected code. BUT it appears that a >complete range of addresses have been blocked - sounds like a dodgy >piece of software in your router. I would disable it personally and have >the protection on the individual Windoze machines attached to it. I would leave it enabled. You might be surprised at the large number of websites with iFrame exploits out there, there were almost a 40 .gov.au websites a couple of weeks ago there were using iframes to redirect people to download virus/worm/bot software. Cheers Ian Manners http://www.os2site dot com/ ---------------------------------------------------------------------------------- **= Email 6 ==========================** Date: Wed, 03 Sep 2008 12:37:54 +1000 From: Ed Durrant Subject: Re: Web page blocked Ian Manners wrote: > Hi Ed, > > >> That IP address (and hence site) has been blocked as it is listed as a >> site that distributes virus / spam infected code. BUT it appears that a >> complete range of addresses have been blocked - sounds like a dodgy >> piece of software in your router. I would disable it personally and have >> the protection on the individual Windoze machines attached to it. >> > > I would leave it enabled. > > You might be surprised at the large number of websites with iFrame > exploits out there, there were almost a 40 .gov.au websites a couple > of weeks ago there were using iframes to redirect people to download > virus/worm/bot software. > > Cheers > Ian Manners > http://www.os2site dot com/ > > It needs to be a balance however. As Denis's ISP (most likely through an error) blocked content from not just one website, but if I interpreted the data correctly a VERY large range of IP addresses - hos access to many parts of the internet would have been turned off. My guess would be that this was done in error, however I am not happy with fact that it is technically possible - it is akin to the political censorship on the Chinese access to the Internet. What if an ISP were to block access to their competitors site when they have a special online only offer on trying to win the business. I'd prefer to have control over this - for all I know, I may be in the same situation with my Telstra two wire (that's name of the manufacturer) ADSL modem/router. Cheers/2 Ed. ---------------------------------------------------------------------------------- **= Email 7 ==========================** Date: Wed, 03 Sep 2008 12:53:36 +1000 (EST) From: "Ian Manners" Subject: Re: Web page blocked Hi Ed, >It needs to be a balance however. As Denis's ISP (most likely through an >error) blocked content from not just one website, but if I interpreted >the data correctly a VERY large range of IP addresses - hos access to >many parts of the internet would have been turned off. Looks like the router is doing it, not the ISP. If it was the ISP, it was probably a Border Router problem, and accidental, happens every now and then. I tend to not think of ">" as meaning "to" as all the routers that have intellegence firewalls BL only the originating IP address. [C:\]host 202.60.78.25 25.78.60.202.IN-ADDR.ARPA domain name pointer austphotosoc.a-p-s dot org dot au [C:\]host 202.164.203.195 195.203.164.202.IN-ADDR.ARPA domain name pointer 202.164.203.195.dynamic.rev.aan et dot com dot au >My guess would be that this was done in error, however I am not happy >with fact that it is technically possible - it is akin to the political >censorship on the Chinese access to the Internet. What if an ISP were to >block access to their competitors site when they have a special online >only offer on trying to win the business. Different, its the router thats doing it, not the ISP. I would only be concerned if it was causing a lot more browsing/communications problems. >I'd prefer to have control over this - for all I know, I may be in the >same situation with my Telstra two wire (that's name of the >manufacturer) ADSL modem/router. Telstra go for the cheapest options and the one with less support required so I'd hazard a guess that if you ADSL modem/router has the capability, it would be turned off as a default :-) Cheers Ian Manners http://www.os2site dot com/ ---------------------------------------------------------------------------------- **= Email 8 ==========================** Date: Wed, 03 Sep 2008 14:35:15 +0930 From: "Paul Smedley" Subject: Re: Web page blocked Hi Ed, On Wed, 03 Sep 2008 12:37:54 +1000 Ed Durrant wrote: > It needs to be a balance however. As Denis's ISP (most >likely through an error) blocked content from not just >one website, but if I interpreted the data correctly a >VERY large range of IP addresses - hos access to many >parts of the internet would have been turned off. > > My guess would be that this was done in error, however I >am not happy with fact that it is technically possible - >it is akin to the political censorship on the Chinese >access to the Internet. What if an ISP were to block >access to their competitors site when they have a special >online only offer on trying to win the business. > > I'd prefer to have control over this - for all I know, I >may be in the same situation with my Telstra two wire >(that's name of the manufacturer) ADSL modem/router. I doubt it's anything to do with the ISP.... Most (all?) Billion routers for example come with SPI (Stateful Packet Intrusion) that can be enabled or disabled by the user, but can easily end up blocking IP ranges...... ---------------------------------------------------------------------------------- **= Email 9 ==========================** Date: Wed, 03 Sep 2008 15:48:24 +1000 From: Ed Durrant Subject: Re: Web page blocked Ian Manners wrote: > Hi Ed, > > >> It needs to be a balance however. As Denis's ISP (most likely through an >> error) blocked content from not just one website, but if I interpreted >> the data correctly a VERY large range of IP addresses - hos access to >> many parts of the internet would have been turned off. >> > > Looks like the router is doing it, not the ISP. > > So how did it get changed ? Do routers "call home" for such blocking actions ? Can routers access web based blacklists ? I'm sure Denis didn't change this setting. Cheers/2 Ed. ---------------------------------------------------------------------------------- **= Email 10 ==========================** Date: Wed, 03 Sep 2008 17:30:20 +1000 From: Dennis Nolan Subject: Re: Web page blocked Hi all It was the router. Yesterday afternoon I was accessing the APS web site when it suddenly started to give Network timeout errors. I checked other web sites and had no problems and so assumed that the APS site was down, as sites sometimes do. I went out last night and so this morning tried to go to the APS site and got the same Network timeout message. I made inquiries and was informed that the APS site was up and running. I then started to investigate the event log of the modem and thought the Black List Defense notation was worth investigating, and began investigating the message. I found some messages about it via Google and it seemed to indicate that it could be cleared up in the modem configuration. I found the place which allows the Blacklist to be cleared and the APS site is now accessible. I just feel for those others who purchase this router that are unable to find out about this "Feature". After all it is a consumer product. In my opinion the router should get conformation from the user before permenately blocking a site, or at least report that the firewall is blocking the request instead of doing nothing and having the web browser report a Network timeout. Regards Dennis. Ed Durrant wrote: > Ian Manners wrote: >> Hi Ed, >> >> >>> It needs to be a balance however. As Denis's ISP (most likely through >>> an error) blocked content from not just one website, but if I >>> interpreted the data correctly a VERY large range of IP addresses - >>> hos access to many parts of the internet would have been turned off. >>> >> >> Looks like the router is doing it, not the ISP. >> >> > So how did it get changed ? Do routers "call home" for such blocking > actions ? Can routers access web based blacklists ? > > I'm sure Denis didn't change this setting. > > Cheers/2 > > Ed. > > ---------------------------------------------------------------------------------- **= Email 11 ==========================** Date: Wed, 03 Sep 2008 23:22:10 +1000 (AEST) From: "John Angelico" Subject: Re: USB Modems and eCS On Tue, 02 Sep 2008 07:04:25 +1000, Ed Durrant wrote: > >Hi John, Hi Ed. > I'm afraid this will have to be a trial and error process, but I think >we should be able to make this work. > >A few questions / suggestions: > > What do you get if you do a "Mode Com8" at the command line ?? Has it >"taken" the parameters you have set. > [C:\DESKTOP]mode com8 SYS0020: The system cannot find the device specified. After fixing the COM.SYS line to what is shown below, I get: [C:\DESKTOP]mode com2 SYS0021: The drive is not ready. [C:\DESKTOP] > Have you get the initialisation string documented somewhere (it may not >be *99#). This is the most likely problem. > ATZ (simple reset) or ATF (reset to factory defaults) > Does the modem need to have its networkID set (this will be different >dependent upon the Telco. Three for example is '3netaccess' where >Vodaphone is 'vfinternet", I think optus is "internet" and so on. Don't know - can't tell. >Some telcos also require you to send a userid/password. some dont. (But >I don't think we are that far as yet). I agree we aren't that far yet. > As you have this working under windoze - can you see any parameters >defined there in its set up. Not many to show but we have them. >There is some useful background on the device in Wikipedia; >http://en.wikipedia dot org/wiki/Huawei_E220 > >Also has coincidence would have it - I got my regular advert from >Netgear yesterday and they feature a 3G router that you can either plug >a PCMCIA or 3G USB modem (this one included) into, to be able to share >your 3G network connection with multiple PCs, either wirelessly or via >cabled ethernet - it has a table of network specific codes: > >I will find that link if I can and send you it later today. > >Whoops forgot - can you also post your com port set up lines from >config.sys please ? I think this is where we are deficient. We have: DEVICE=C:\AMouse\AMOUSE.SYS DEVICE=C:\OS2\BOOT\COM.SYS /F DEVICE=C:\OS2\MDOS\VCOM.SYS We probably need DEVICE=C:\OS2\BOOT\COM.SYS (2,2f8,3) and need to use COM2 for this exercise Now set those into CONFIG.SYS and the error message changes (above) but ZOC still says "Can't open com2" Small progress :-(. Best regards John Angelico OS/2 SIG os2 at melbpc dot org dot au or talldad at kepl dot com dot au ___________________ ----------------------------------------------------------------------------------