Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
Ugh, I had to deal with this almost daily at $large_metered_us_carrier. We have WiFi hotspots and USB modems and inevitably the customers who usually use <2GB and have plans based on that usage got slapped with huge Windows 10 overages. Explaining that no, your "geebee" meter isn't broken, Microsoft just shafted you got so tiring, especially when they don't have the faintest clue what Windows Update or data or anything of the sort mean, just barely enough to sign into their AOL account and check the weather. The bad part is how aggressively Microsoft is downloading it to your HD even if you don't accept it. (See Windows.BT folder, &c) I am "eagerly" awaiting the next wave of update renaming/repushing. > On Jan 9, 2016 2:57 PM, wrote: >> >> On Sat, 09 Jan 2016 11:12:16 -0600, Mike Hammett said: >> > Bytes uploaded and\or downloaded. That's all that should matter. Initiated by >> > you or not. >> >> You want to be the one explaining to your customer that the reason they >> got charged for 20G of unexpected transfer was because their 3 Windows 8 >> machines each downloaded Windows 10 without telling them?
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
For the sake of security of all internet connected hosts - especially in this new era of even more IOT junk , security updates, firmware and new OS updates should be granted libre data rates so that users who keep their devices updated are not penalised. as for carriers pipes...will, if multicast was seriously taken up then eg OS updates could be streamed out on regular updates alan
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
On Sun, Jan 10, 2016 at 9:04 AM, Alan Buxey wrote: > For the sake of security of all internet connected hosts - especially in this > new era of even more IOT junk , security updates, firmware and new OS > updates should be granted libre data rates so that users who keep their > devices updated are not penalised. so, just for the sake of the discussion, how would you do this? Keep in mind that you probably can't (as a carrier) prefer one 'os' over another, and you will likely have to deal with everything from Windows to gentoo and all the tiny raspbian/etc in the middle. How would a carrier identify and track over time the sources of this traffic? (note that a 'registry of update sources' probably also won't fly) > as for carriers pipes...will, if multicast was seriously taken up then eg OS > updates could be streamed out on regular updates multicast, yes, of course. So... it hasn't worked yet in the last ~20 yrs of the internet, it'll work now because?
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
On Sun, 10 Jan 2016 14:04:13 +, Alan Buxey said: > as for carriers pipes...will, if multicast was seriously taken up then eg OS > updates could be streamed out on regular updates You can multicast the Super Bowl, because to a rather high rate of accuracy you can assume that everybody who wants to watch the Super Bowl in real time is tuned in and catching the stream. It doesn't work as well for software updates, because while I know I'm in a "No cellular coverage" area hiking the south side of Mt Rogers during the Super Bowl, and I don't care because I'm no a big pro football fan, my cell phone may care if it misses an update because of it. Actually - it probably *won't*, because I'll likely be hiking long enough that my phone will *never notice* that it missed an update. So now you need to find a way to make *reverse* multicast work, so that the update server doesn't get pounded with several million requests once an hour asking "Did I miss an update?: pgpWQb3jMFKB8.pgp Description: PGP signature
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
(chewing my pop-corn) Eh... I would like to have that kind of problems! Here we sell a residental 1Gbps for $5/mo with really unlimited traffic, and have a lot of complaint calls if there is slightly less than 1Gbps for that particular users. THAT is how the high competitive market works! ;) On 09.01.16 16:06, Mike Hammett wrote: > Valid points. > > The best solution for everybody is the solution most consumers are adverse > to, which is usage based billing. Granted, many times the providers have shot > themselves in the foot by making the charges punitive instead of based on > cost plus margin. Reasonable $/gig for everybody! :-) > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > - Original Message - > > From: "Alan Buxey" > To: "Mike Hammett" > Cc: "North American Network Operators' Group" > Sent: Saturday, January 9, 2016 4:38:58 AM > Subject: Re: Binge On! - get your umbrellas out, stuff's hitting the fan. > > You're assuming that people are only using phones with their SIM - those that > use a mifi dongle and thus view content on a tablet or laptop will notice > > We could rate limit traffic from YouTube to 1.5mbps and let the adaptive > streaming knock the steam to 480p bit our users with 100mbit connections > might wonder why they cannot view 720p or 1080p - and why spicy they view > such content - its like putting back the web and online video services 5 > years. Where does it stop? 320x240 ? > > Bulk data and background update processes are things that could possibly by > throttled - after all, that's pretty much what QoS does. Most of my phone > data is google play software updates and on woes phone ios and itunes store > updates - it doesn't matter if the update ticks along in the background. > Audio and video need to be good. > > alan >
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
>> as for carriers pipes...will, if multicast was seriously taken up then eg OS >> updates could be streamed out on regular updates Given that a lot of these updates are happening in the background without any interaction with the users, I'd think they'd be ideal for network-un-neutral traffic shaping, throttle them when people are doing something else, open them up at 3 AM. In a more reasonable world, I agree that multicasting Windows Update would make sense, but that would require a whole lot of agreements from people who aren't inclined to agree. Also remember that multicasting only gets you so far, and I would be surprised if you could multicast over the wireless last mile more efficiently than unicasting. R's, John
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
>>> as for carriers pipes...will, if multicast was seriously taken up >>> then eg OS updates could be streamed out on regular updates > > Given that a lot of these updates are happening in the background > without any interaction with the users maybe for your customers, but not so true for our user base or others with which i have experience. wise folk want control of patching. and it's not only IT departments, but end users. cheeringly, even end users are becoming more cautious, at least those who have survived :) otoh, smart devices may tilt this over time. the security aspects of this are an amusing and horrifying subject of discussion in the opsec and other communities. randy
Anonymous Threats
Our local community has recently had threats where the user has a FaceBook profile and is threatening the schools, and several surrounding schools, saying he is going to shoot everyone and blow them up... This is an investigation, but it is getting out of hand. Several police/FBI raids, but yielded no results, and/or did not catch the right person. He/she is taunting them, local and federal. I would ASSUME he is using some sort of proxy/anonymizer such as TOR or something similar. Is there any way to sniff for that type of traffic on my network? I want to make sure that they are not using us as the source. Any thoughts on how to catch this person? Even if it isn't us, and it is somewhere else I would like to put a stop to it. Preferably off-list if you do respond... Thanks in advance. Eric Rogers www.pdsconnect.me (317) 831-3000 x200
Re: Anonymous Threats
Even if you find somebody running TOR, you can't see inside it. They also could simply be running an exit node, or $reason. On Jan 10, 2016 5:02 PM, "Eric Rogers" wrote: > Our local community has recently had threats where the user has a > FaceBook profile and is threatening the schools, and several surrounding > schools, saying he is going to shoot everyone and blow them up... This > is an investigation, but it is getting out of hand. Several police/FBI > raids, but yielded no results, and/or did not catch the right person. > He/she is taunting them, local and federal. > > > > I would ASSUME he is using some sort of proxy/anonymizer such as TOR or > something similar. Is there any way to sniff for that type of traffic > on my network? I want to make sure that they are not using us as the > source. > > > > Any thoughts on how to catch this person? Even if it isn't us, and it > is somewhere else I would like to put a stop to it. Preferably off-list > if you do respond... > > > > Thanks in advance. > > > > Eric Rogers > > > > > > www.pdsconnect.me > > (317) 831-3000 x200 > > > >
Re: Anonymous Threats
I'll keep a look out On Sun, Jan 10, 2016, 5:02 PM Eric Rogers wrote: > Our local community has recently had threats where the user has a > FaceBook profile and is threatening the schools, and several surrounding > schools, saying he is going to shoot everyone and blow them up... This > is an investigation, but it is getting out of hand. Several police/FBI > raids, but yielded no results, and/or did not catch the right person. > He/she is taunting them, local and federal. > > > > I would ASSUME he is using some sort of proxy/anonymizer such as TOR or > something similar. Is there any way to sniff for that type of traffic > on my network? I want to make sure that they are not using us as the > source. > > > > Any thoughts on how to catch this person? Even if it isn't us, and it > is somewhere else I would like to put a stop to it. Preferably off-list > if you do respond... > > > > Thanks in advance. > > > > Eric Rogers > > > > > > www.pdsconnect.me > > (317) 831-3000 x200 > > > >
Re: Anonymous Threats
I’m pretty sure that is what TOR was designed to prevent. While your intent may be altruistic, technologically speaking, there is no difference between that and say Iran or China sniffing out traffic. > On Jan 10, 2016, at 3:59 PM, Eric Rogers wrote: > > Is there any way to sniff for that type of traffic > on my network? signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Anonymous Threats
I think if the FBI wants your help, they'll let you know. In the meantime, I would probably avoid anything that looked like you are spying on your customers, especially if you are explicitly targeting customers who are attempting to anonymize their traffic (for whatever reason). No matter how well intentioned. I can see a number of downsides... But in simple terms, if its Facebook, its HTTPS, and seems you are basically done there. Regardless what anonymous transport they use, you wouldn't be able to see what they are up to... On Jan 10, 2016 6:14 PM, "Josh Reynolds" wrote: > Even if you find somebody running TOR, you can't see inside it. They also > could simply be running an exit node, or $reason. > On Jan 10, 2016 5:02 PM, "Eric Rogers" wrote: > > > Our local community has recently had threats where the user has a > > FaceBook profile and is threatening the schools, and several surrounding > > schools, saying he is going to shoot everyone and blow them up... This > > is an investigation, but it is getting out of hand. Several police/FBI > > raids, but yielded no results, and/or did not catch the right person. > > He/she is taunting them, local and federal. > > > > > > > > I would ASSUME he is using some sort of proxy/anonymizer such as TOR or > > something similar. Is there any way to sniff for that type of traffic > > on my network? I want to make sure that they are not using us as the > > source. > > > > > > > > Any thoughts on how to catch this person? Even if it isn't us, and it > > is somewhere else I would like to put a stop to it. Preferably off-list > > if you do respond... > > > > > > > > Thanks in advance. > > > > > > > > Eric Rogers > > > > > > > > > > > > www.pdsconnect.me > > > > (317) 831-3000 x200 > > > > > > > > >
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
John Doe end user doesn't even know what updating is, much less wants to control it or even do it. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: "Randy Bush" To: "John Levine" Cc: "North American Network Operators' Group" Sent: Sunday, January 10, 2016 4:54:34 PM Subject: Re: Binge On! - get your umbrellas out, stuff's hitting the fan. >>> as for carriers pipes...will, if multicast was seriously taken up >>> then eg OS updates could be streamed out on regular updates > > Given that a lot of these updates are happening in the background > without any interaction with the users maybe for your customers, but not so true for our user base or others with which i have experience. wise folk want control of patching. and it's not only IT departments, but end users. cheeringly, even end users are becoming more cautious, at least those who have survived :) otoh, smart devices may tilt this over time. the security aspects of this are an amusing and horrifying subject of discussion in the opsec and other communities. randy
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
Given that a lot of these updates are happening in the background without any interaction with the users maybe for your customers, but not so true for our user base or others with which i have experience. wise folk want control of patching. and it's not only IT departments, but end users. The Windows 10 stuff generally downloads in the background, then it pops up and tells you how wonderful it is. Most of the end users I know have Windows Update set to do its thing automatically, and even if it's not installed automatically it'll often download and then ask whether you want to install it. otoh, smart devices may tilt this over time. the security aspects of this are an amusing and horrifying subject of discussion in the opsec and other communities. No kidding. R's, John
Re: Anonymous Threats
Report it to the authorities and trust that they can handle it,..no matter how difficult that is. Remember your place that you are just the admin/operator and not the hero. If they need your help, law enforcement will ask for it. Sucks but what would you do if you found his IP address? Go to his house? No matter what, law enforcement needs to own the problem. Thanks, Scott On Sunday, January 10, 2016, Notmatt Pleaseignore wrote: > I think if the FBI wants your help, they'll let you know. > > In the meantime, I would probably avoid anything that looked like you are > spying on your customers, especially if you are explicitly targeting > customers who are attempting to anonymize their traffic (for whatever > reason). No matter how well intentioned. I can see a number of downsides... > > But in simple terms, if its Facebook, its HTTPS, and seems you are > basically done there. Regardless what anonymous transport they use, you > wouldn't be able to see what they are up to... > On Jan 10, 2016 6:14 PM, "Josh Reynolds" > wrote: > > > Even if you find somebody running TOR, you can't see inside it. They also > > could simply be running an exit node, or $reason. > > On Jan 10, 2016 5:02 PM, "Eric Rogers" > wrote: > > > > > Our local community has recently had threats where the user has a > > > FaceBook profile and is threatening the schools, and several > surrounding > > > schools, saying he is going to shoot everyone and blow them up... This > > > is an investigation, but it is getting out of hand. Several police/FBI > > > raids, but yielded no results, and/or did not catch the right person. > > > He/she is taunting them, local and federal. > > > > > > > > > > > > I would ASSUME he is using some sort of proxy/anonymizer such as TOR or > > > something similar. Is there any way to sniff for that type of traffic > > > on my network? I want to make sure that they are not using us as the > > > source. > > > > > > > > > > > > Any thoughts on how to catch this person? Even if it isn't us, and it > > > is somewhere else I would like to put a stop to it. Preferably > off-list > > > if you do respond... > > > > > > > > > > > > Thanks in advance. > > > > > > > > > > > > Eric Rogers > > > > > > > > > > > > > > > > > > www.pdsconnect.me > > > > > > (317) 831-3000 x200 > > > > > > > > > > > > > > > -- Scott
RE: Anonymous Threats
Thank you for all that have responded, and this response has been the majority, to leave well enough alone. I guess I was hoping that maybe I could offer a new way to help narrow this search down. It has been extremely frustrating to see someone so blatantly cocky in how he is taunting the authorities, yet threaten people's lives...this person is taking pictures of "intended targets" and their young children saying "maybe they won't make it home tonight" and much, much worse...I have reached out to local authorities to offer any help, and I haven't had any response, so at this point I am not going to do anything to slow or interfere with any investigation... this person needs caught. As a secondary, I was thinking that by looking at the type of traffic, by using a sniffer/IDS or some mechanism to generate a list of possible users so if authorities came knocking I could help them ask for the correct information for a warrant. My personal guess is that they are not from this area, possibly overseas from the US and using proxies that are nearby the target community. That means any looking into my network won't do any good except find any "exit nodes" in the TOR world, but there are several other ways to do the same thing, and too many to keep up. Eric Rogers PDS Connect www.pdsconnect.me (317) 831-3000 x200 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Fisher Sent: Sunday, January 10, 2016 8:30 PM To: Notmatt Pleaseignore Cc: NANOG Subject: Re: Anonymous Threats Report it to the authorities and trust that they can handle it,..no matter how difficult that is. Remember your place that you are just the admin/operator and not the hero. If they need your help, law enforcement will ask for it. Sucks but what would you do if you found his IP address? Go to his house? No matter what, law enforcement needs to own the problem. Thanks, Scott On Sunday, January 10, 2016, Notmatt Pleaseignore wrote: > I think if the FBI wants your help, they'll let you know. > > In the meantime, I would probably avoid anything that looked like you > are spying on your customers, especially if you are explicitly > targeting customers who are attempting to anonymize their traffic (for > whatever reason). No matter how well intentioned. I can see a number of > downsides... > > But in simple terms, if its Facebook, its HTTPS, and seems you are > basically done there. Regardless what anonymous transport they use, > you wouldn't be able to see what they are up to... > On Jan 10, 2016 6:14 PM, "Josh Reynolds" > wrote: > > > Even if you find somebody running TOR, you can't see inside it. They > > also could simply be running an exit node, or $reason. > > On Jan 10, 2016 5:02 PM, "Eric Rogers" > wrote: > > > > > Our local community has recently had threats where the user has a > > > FaceBook profile and is threatening the schools, and several > surrounding > > > schools, saying he is going to shoot everyone and blow them up... > > > This is an investigation, but it is getting out of hand. Several > > > police/FBI raids, but yielded no results, and/or did not catch the right > > > person. > > > He/she is taunting them, local and federal. > > > > > > > > > > > > I would ASSUME he is using some sort of proxy/anonymizer such as > > > TOR or something similar. Is there any way to sniff for that type > > > of traffic on my network? I want to make sure that they are not > > > using us as the source. > > > > > > > > > > > > Any thoughts on how to catch this person? Even if it isn't us, > > > and it is somewhere else I would like to put a stop to it. > > > Preferably > off-list > > > if you do respond... > > > > > > > > > > > > Thanks in advance. > > > > > > > > > > > > Eric Rogers > > > > > > > > > > > > > > > > > > www.pdsconnect.me > > > > > > (317) 831-3000 x200 > > > > > > > > > > > > > > > -- Scott
Re: Anonymous Threats
On Sun, 10 Jan 2016 20:45:25 -0500, "Eric Rogers" said: > Thank you for all that have responded, and this response has been the > majority, to leave well enough alone. I guess I was hoping that maybe I could > offer a new way to help narrow this search down. The only thing that's more likely to get you into trouble that acting "under color of law" (meaning doing it at the express request of law enforcement) is taking the same actions *not* under color of law (at which point it's your problem, not law enforcement's, if you break any laws). pgpaHCNYMfFa6.pgp Description: PGP signature
Re: Anonymous Threats
I have an idea. Indianapolis Cybercrime should stop playing politics and treat people like me who are willing to help, and were hugely successful with respect, and not like a mob informant. That said, post Snowden, I doubt I would go back... even with Brian Kils bullshit. Andrew D Kirch. On Sunday, January 10, 2016, Eric Rogers wrote: > Our local community has recently had threats where the user has a > FaceBook profile and is threatening the schools, and several surrounding > schools, saying he is going to shoot everyone and blow them up... This > is an investigation, but it is getting out of hand. Several police/FBI > raids, but yielded no results, and/or did not catch the right person. > He/she is taunting them, local and federal. > > > > I would ASSUME he is using some sort of proxy/anonymizer such as TOR or > something similar. Is there any way to sniff for that type of traffic > on my network? I want to make sure that they are not using us as the > source. > > > > Any thoughts on how to catch this person? Even if it isn't us, and it > is somewhere else I would like to put a stop to it. Preferably off-list > if you do respond... > > > > Thanks in advance. > > > > Eric Rogers > > > > > > www.pdsconnect.me > > (317) 831-3000 x200 > > > >
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
> On Jan 9, 2016, at 08:01 , Jeremy Austin wrote: > > On Sat, Jan 9, 2016 at 5:06 AM, Mike Hammett wrote: > >> >> The best solution for everybody is the solution most consumers are adverse >> to, which is usage based billing. Granted, many times the providers have >> shot themselves in the foot by making the charges punitive instead of based >> on cost plus margin. Reasonable $/gig for everybody! :-) > > > I'm tempted to make an analogy to health care, insurance, and universal > coverage, but I'll abstain. > > Usage based billing alters the typical hockey stick graph: the 10% of users > using 80% of the bandwidth are otherwise subsidized by the long tail. > > As an ISP, usage-based billing is more sensible, because I would no longer > have to stress about oversubscription ratios and keeping the long tail > happy. But usage-based models are more stressful for the consumer; I think > I disagree that it's the best model for everybody. As much as I love to criticize T-Mo for what they do wrong (and there’s plenty), this is one area where I think T-Mo has actually done something admirable. They have (sort of) usage-based billing. For $x/month you get Y GB of LTE speed data and after that you drop to 128kbps. You don’t pay an overage charge, but your data slows way down. If you want to make it fast again, you can for $reasonable purchase additional data within that month on a one-time basis. I would like to encourage other carriers to adopt this model, actually. If Verizon had a model like this, I would probably switch tomorrow assuming their prices weren’t too far out of line compared to T-Mo. > Let me be a consumer advocate for a moment. One of the reasons consumers > are averse to usage-based billing is that the tech industry has not put > good tools into their hands. While it is possible to disable automatic > updates, set Windows 10's network settings to "metered", and micromanage > your bandwidth, in general: > > The Internet (from the non-eyeball side) is designed around a free-feeding > usage model. Can you imagine if the App store of your choice showed two > prices, one for the app and one for the download? The permission-based > model on Android would have requests like, "This app is likely to cost you > $4/week. Is this OK?” Kind of an interesting idea, but to me, the reason usage charges induce stress has ore to do with the fact that they are kind of out of control pricey first of all and second of all that you start incurring them without warning and without any real ability to say no on most networks. That’s why I actually like the T-Mo strategy here. With existing tools, the customer has full choice and control about “overage” costs even if their data usage remains somewhat opaque. > I don't know all the reasons that satellite provider Starband shut down, > but that was a usage-based billing market; and it would never have been a > 'reasonable' $/gig. I'm working to step into the hole they left, and > you're right that customers don't want a usage-based model to replace it. Because their operating costs overall exceeded the value perceived by consumers. As a result, they could not sell their product to a critical mass of consumers at a price that would allow them to continue operations. > In addition, let's say I know of an ISP that makes 10% of its revenue from > overage charges. Moving to a purely usage-based model would lower ACR, as > it would have to charge a more reasonable price/gig; that top 10% of users > won't replace the lost revenue. So even providers may have little incentive > to change models, particularly if they have a vested interest in inhibiting > the growth of video or usage in general. How can an ISP make 10% of its money from overage charges unless they are doing usage-based billing? If you’ve got an AYCE plan, you don’t have overages. If you don’t, then you have some form of usage based billing. The varieties of usage based billing that are available are a far less interesting exercise. Owen
Re: Binge On! - get your umbrellas out, stuff's hitting the fan.
On Sat, 9 Jan 2016, Jeremy Austin wrote: Let me be a consumer advocate for a moment. One of the reasons consumers are averse to usage-based billing is that the tech industry has not put good tools into their hands. While it is possible to disable automatic updates, set Windows 10's network settings to "metered", and micromanage your bandwidth, in general: I encourage people to start engaging in the IETF MIF working group, that could be one piece of the puzzle to create this toolset for the customer. It would mean one can communicate properties for different network connections. Imagine you setting the mobile connection to "metered" and that you want to keep bw usage low on this link, then your applications could be configured (hopefully they would come with this as default) so that backups won't happen over this connection, and lower video bitrate is used than what TCP could indicate to the application is available. It's of course better if the application do these choices than for the ISP to have an middle-box that tries to affect applications by means of TCP rate-adaptation trickery. -- Mikael Abrahamssonemail: swm...@swm.pp.se
