[binand]

Quote:

Originally Posted by Thad E Ginathom

Experts: if one uses the routing table on the router, would it be a good idea to use 127.0.0.1 there too?

You mean to blackhole traffic? But on badly implemented TCP/IP stacks this could lead to an infinite loop, no?

[greenhorn]

Quote:

Originally Posted by Su-47

Guys,

I'm getting fed up with additional intrusive advertising being inserted by my ISP (BSNL), and want to know if there are routers that can block such content automatically. In other words, a router that auto-updates a "block list" from some trusted server and blocks it.

Would something like this work ?
https://www.opendns.com/home-internet-security/

Stupid questiom but are you sure this is BSNL doing it? my modem used to get hacked with alternate DNS being assigned which would bring up pron sites - got it fixed after changing the default settings on the router ( changed username & pwd, disabled upnp, enabled firewall, changed the router ip etc)

[Thad E Ginathom]

Quote:

Originally Posted by binand

You mean to blackhole traffic? But on badly implemented TCP/IP stacks this could lead to an infinite loop, no?

I don't know. As a jack of all trades systems manager, my networking knowledge was practical but shallow. I did know a bit more than just what wires to plug where, but called in help when things got deep. I didn't, for example, speak Cisco. Now, I need it all in words of one syllable, spoken very slowly!

Is that a "no?"

Quote:

Originally Posted by greenhorn

Would something like this work ?
https://www.opendns.com/home-internet-security/

Stupid questiom but are you sure this is BSNL doing it?

Looking at the ads, and considering the background links, yes: this is bsnl doing it. I remember hearing about this some time back, and it was the main thing that put me off returning to BSNL (my only other choice at that time) when Airtel was giving me big problems.

I don't think there is any cure for this in using different DNS. The situation is like BSNL standing outside your house inserting stuff into your network cable. A VPN might work?

Yes: we should do all the other router security stuff you mention.

Another trick I despise, which is quite old now, is serving up a page of ads, or at least a this-domain-is-for-sale page, when a URL is mistyped. 1: use a DNS provider that does not do this DNS hijacking, and 2: set the browser just to give a simple Can't find... window instead of taking over the whole page.

[greenhorn]

Quote:

I don't think there is any cure for this in using different DNS. The situation is like BSNL standing outside your house inserting stuff into your network cable. A VPN might work?

I was not suggesting a different DNS ( in which case i would have recommended google)

Opendns have some sort of tool where they give you ip/domain filtering (similar to websense etc) for free. I have not tried it out, but it sounds like a workable solution

Another option, force https?

[binand]

Quote:

Originally Posted by Thad E Ginathom

Is that a "no?"

The thing is, if you add a static route to a host or network with a next-hop router that is the same device - either directly (as you suggest) or indirectly (out via one wire and back via same or another), then it is a routing loop and Linux out of the box has algorithms to detect it and drop the offending packets. The only two considerations are (a) whether the OEM software of your router has those algorithms enabled or not, and (b) whether the looping back over the wire in the second case causes sufficient data traffic to upset your ISP-set data transfer limits.

Quote:

Originally Posted by Thad E Ginathom

use a DNS provider that does not do this DNS hijacking...

I use Google Public DNS everywhere instead of my ISP-provided ones. They don't resort to such shenanigans.

https://developers.google.com/speed/public-dns/

[Su-47]

Thanks alto, Thad, binand and greenhorn.

Looked at OpenDNS and it looks interesting. One practical problem is that the custom filter I create is applied based on my IP address. Now, my IP is dynamically alloted, so they suggest installation of a synchronization software on my computer to sync the IP with their server. Not too sure if I want to go down this path, but if I do, will update on this thread on how it goes.

Quote:

Originally Posted by Thad E Ginathom

The situation is like BSNL standing outside your house inserting stuff into your network cable.

That's a nice visualization of the situation

[Thad E Ginathom]

Quote:

Originally Posted by binand

The thing is, if you add a static route to a host or network with a next-hop router that is the same device - either directly (as you suggest) or indirectly (out via one wire and back via same or another), then it is a routing loop and Linux out of the box has algorithms to detect it and drop the offending packets.

Thank you for the explanation. I do recall a situation at work in which we did just this: router a says, "outside world? send it out; specific location? send it back to router b on same LAN." I also recall that my consulting expert regarded it as an easy but dirty solution. It worked: but that was way back then. I suppose too, it wasn't a loop: router a was never sending traffic to itself.

Quote:

I use Google Public DNS everywhere instead of my ISP-provided ones. They don't resort to such shenanigans.

Me too. I am not sure if it is still available but I also used to use some google software that analysed one's best DNS based on usage. It also noted those that hijacked. These days, I just use google.

ISP routers usually get their IP config from upstream. Sometimes this can overwrite one's choice of DNS on the router config. I prefer static IP configuration on my machine.

[agambhandari]

Need help for a total freak issue!!

Got a new cable modem+Router from a new ISP, and the main issue I'm facing is, that one of my laptop refuses to get an IP address from the router(checked it in status), I heven tried to assign a static IP manually to that laptop, but no, that doesn't get registered in the router and there is no network access and no internet access. For some reason the same laptop doesn't even work with a Wired connection to the router.
If it helps, its Running Windows 7 and its Technicolor router. I have already triedd changing the channel of the route(It is an N router)

And to be clear, the laptop works well with other Wifi networks that i have used previously and even works right now with wifi hotspots that i tried with a couple of phones. Also, all my other devices, Android phones, iPhones, iPads, Macbooks, Windows laptops, smartwatches have no issue with this new router. Any solution to this?

[diyguy]

Quote:

Originally Posted by agambhandari

that one of my laptop refuses to get an IP address from the router(checked it in status), I heven tried to assign a static IP manually to that laptop, but no, that doesn't get registered in the router and there is no network access and no internet access. For some reason the same laptop doesn't even work with a Wired connection to the router.

did you delete existing connection information and try? Try creating a new SSID to check if a new name connects? Could be something different and the cached network connection could be causing the issue. Also by any chance is your laptop set to a static ip or has a proxy server connection property? Is it a work laptop? Could the anti-virus be blocking?

[binand]

Quote:

Originally Posted by agambhandari

Got a new cable modem+Router from a new ISP, and the main issue I'm facing is, that one of my laptop refuses to get an IP address from the router(checked it in status)

Sometimes cable ISPs restrict access to a single or specific set of devices (unlike DSL ISPs, who don't care usually). Make sure that is not happening in your case.

[linuxmanju]

Quote:

Originally Posted by agambhandari

For some reason the same laptop doesn't even work with a Wired connection to the router.
If it helps, its Running Windows 7 and its Technicolor router. I have already triedd changing the channel of the route(It is an N router)

And to be clear, the laptop works well with other Wifi networks that i have used previously and even works right now with wifi hotspots that i tried with a couple of phones. Also, all my other devices, Android phones, iPhones, iPads, Macbooks, Windows laptops, smartwatches have no issue with this new router. Any solution to this?

Looks like, your ISP is allowing connections based on the MAC address.

Couple of options for you is to configure authentication.. etc in the router so that router gets the IP and enable NAT on it for the devices connecting behind it. If you want to go with this approach, you still need to call your ISP and ask them to reset MAC to register your modem's MAC address freshly.

Alternatively, you could use a tool or utility to clone MAC address, but that's cumbersome.

[R2D2]

@agambhandari, if your ISP has tied down the connection to a particular MAC address most routers have MAC spoofing capabilities. Check your router manual to carry out this procedure.

[agambhandari]

Quote:

Originally Posted by binand

Sometimes cable ISPs restrict access to a single or specific set of devices (unlike DSL ISPs, who don't care usually). Make sure that is not happening in your case.

Quote:

Originally Posted by linuxmanju

Looks like, your ISP is allowing connections based on the MAC address.

Couple of options for you is to configure authentication.. etc in the router so that router gets the IP and enable NAT on it for the devices connecting behind it. If you want to go with this approach, you still need to call your ISP and ask them to reset MAC to register your modem's MAC address freshly.

Alternatively, you could use a tool or utility to clone MAC address, but that's cumbersome.

Quote:

Originally Posted by R2D2

@agambhandari, if your ISP has tied down the connection to a particular MAC address most routers have MAC spoofing capabilities. Check your router manual to carry out this procedure.

I thought it could be MAC limited but at the time of installation, the guy called up the HQ and told them the MAC of the router to register it, that's about the only way they sign me in, there's no Username or password in the router or the webUI. But even then the MAC filtering only works so that you can only use the one router they give, how could they control which wifi clients it connects to?

I have still not uncovered the mystery behind this, but I found a solution by putting another router to do the wireless duties by connecting it to the sole LAN port on the original router.

Though if somebody has a solution to the orginal problem, i would really appreciate even though I have found that the Technicolor router they gave is a P.O.S since it can't deliver the 50mbps bandwidth to many devices, but i used another router and voila all my devices reached the speed.

[R2D2]

Quote:

Originally Posted by agambhandari

I have still not uncovered the mystery behind this, but I found a solution by putting another router to do the wireless duties by connecting it to the sole LAN port on the original router.

Given the router (what brand and model is it, BTW?) has an issue with its wireless function attaching another router to the former's LAN port as an AP is a better way of resolving this issue.

Quote:

Though if somebody has a solution to the orginal problem, i would really appreciate even though I have found that the Technicolor router they gave is a P.O.S since it can't deliver the 50mbps bandwidth to many devices, but i used another router and voila all my devices reached the speed.

Most ISP supplied CPEs are low quality by default. Ask them if you can use another more advanced router with your connection. Which ISP is this?

[binand]

Quote:

Originally Posted by agambhandari

But even then the MAC filtering only works so that you can only use the one router they give, how could they control which wifi clients it connects to?

That is doable by setting up their CPE in bridge mode, and allowing Internet access to only the first N (N = 1 to restrict to just one device) MACs that come through. Or allow only N active MACs at a given time. All possible with existing technology.

Cable ISPs in India are known to do a lot of such stuff, since they price their product so low.