One remote IP. My attempts to determine the netblock owner come up with VPN-CONSUMER-NETWORK and AS32181 GigeNET, if I’m reading the info correctly.
If I block that src/dst combination at the tower router, after a short time another pops up to replace it. Until that happens, all Internet in the house ceases to work. This is one of several cases that seem to be getting more prevalent as the COVID thing drags on, customer has teenage or adult sons who are doing stuff the dad doesn’t understand but factor into his complaints to his ISP. Usually the kids are gamers. In this case, it’s not just the kids traffic, everything in the house also goes over this UDP tunnel, whatever it is. The dad complains about things like poor YouTube video quality and taking a long time to buffer, or problems with his Firestick. But I don’t see that traffic as normal HTTPS or even TCP, just this one UDP connection. I’ve had other customer calls that lead me to believe the kids are doing things like using QoS on the router to deprioritize other family members, or block their MAC address, or changing the WiFi password, along with stuff I have no problem with like snaking a long Ethernet cable down the hallway from the router to their bedroom. All in the name of gaming superiority. From: AF <af-boun...@af.afmug.com> On Behalf Of Colin Stanners Sent: Monday, June 22, 2020 11:31 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Subject: Re: [AFMUG] VPN? To how many different hosts is the traffic going? That'll give you an idea if it's VPN or something like TOR. Usually if customers are doing something weird and complaining about performance, we first say to stop that weird activity so that our benchmarks (speed / ping / MTR tests) work. On Mon, Jun 22, 2020, 7:27 PM Ken Hohhof <af...@kwisp.com <mailto:af...@kwisp.com> > wrote: What does it mean if 100% of a customer’s traffic is UDP between high numbered ports? Does this mean they have configured a VPN service using their router? If so, would you still troubleshoot any weird complaints of Internet performance, or make them turn it off first? Or does this mean something different that I’m not thinking of? -- AF mailing list AF@af.afmug.com <mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
