As Byte is now a subscription service I thought some people might enjoy reading some extracts.
After I wrote this month's column, I realized it has a theme: social engineering. Most of the really famous hackers weren't all that sophisticated at computer technology, they were good at talking people into cooperating with them to give them passwords and various other means of access to systems they wanted into.
Nearly all of last August's attacks depended on the victim's cooperation, either by opening mail attachments, or by not installing security modifications. Alas, there's no patch for the human brain.
A Worm Story
Much of this column will be about worms, viruses, and other malware, and what you can do about them. I begin with a story about the effect of malware on real people.
Richard Pournelle spent Labor Day weekend at Puerto Santo Tomas, a resort area on the Pacific side of Northern Baja California. The only Internet connection there is through DirecPC satellite. (There's no telephone line to Santo Tomas.)
Alas, the Dell computer there was connected directly to the Satellite modem; no router, and no firewall software.
In August the system was infected by the W32Blaster Worm. It came in directly, not through e mail, and the computer was infected without any cooperation from the users. After infection e mail became useless. Because they are in a remote location it took 2 weeks to recover.
A number of people sent in requests for reservations. They weren't received at the resort, so there was no way to tell people the place was full up. Thus over the weekend a number of people drove in only to find there was no place for them. The proprietors did the best they could, even renting houses from the villagers so that tourists would have some place to stay, but people were still turned away after a long drive.
They also rely on e mail via satellite for emergency services communications, and of course that didn't work for a week. Fortunately no one was hurt and there was no need for communications, but there might have been.
There are dozens of stories about small businesses harmed by the worm. This was one of them. I doubt that will cause any crisis of conscience among worm writers. I don't think the authorities will catch them, either, although it's pleasant to think of the perps spending some time in a Mexican prison.
Of course if they'd used a firewall router they wouldn't have had the problem.
Adelphia Watch
I have to report that many of the problems I previously ascribed to Adelphia Cable Modem were in fact due to the Hawking FR 24 router, which was simply unable to handle the great speed Adelphia is capable of. Some of my associates doubt this explanation and think there were other problems. In any event, removing the Hawking from the system and replacing it with another router has solved many of my connection problems.
Adelphia still has periodic halts in service, enough so that it's pretty annoying if you're playing online games, but the interruptions generally don't last more than a couple of minutes. For the most part Adelphia has been more than satisfactory.
The annoyances come when, once or twice a day (one day this was hourly), Adelphia Cable Modem service just halts for a period of a few seconds to a couple of minutes. When that happens, all connectivity is lost, including connections to online games. In every case so far, the service was restored without my having to do anything at all. Of course your online game characters may find themselves unlinked in a dangerous situation; in one case, though, I was dumped out just before everyone else in my group was killed, so that I logged back on alive and standing in a field of corpses.
There may be more to this story. A call to Adelphia technical support elicited the information that my cable modem is receiving its signal at about 11 db, which is pretty low signal strength. There are many possible remedies to this, most involving Adelphia cable guys coming out to replace components such as signal splitters with higher quality units.
It may also be possible to amplify the signal. An ordinary TV signal amplifier won't work: To be any use to a cable modem connection, the amplifier must be bi directional, and most TV signal amplifiers are not. Readers have recommended two brands that do bi directional amplification, and I have ordered one of them in hopes that it will cut down or eliminate the daily service interruptions.
I am also told that it's desirable to have a surge suppressor between the Adelphia Cable Modem and the router; I've ordered an APC PNET 1. I already have an APC Backups Pro 500 UPS powering the Adelphia Cable Modem and the router. It has a surge protector for a modem phone line, but that's not what we have here. More next month on the final setup.
Of course in most cases the proper thing to do is call the cable company and make an appointment to have their techs fix things. I'm getting the amplifier because I do these silly things so you don't have to; I really am curious as to whether it will improve connectivity. I already tried a Weingard TV amplifier: that doesn't work at all, probably because as I said, most TV signal amplifiers work in only one direction.
In any event, with the exception of the daily annoyance, Adelphia Cable Modem has proved to be the best Internet connection I have ever had, and serves half a dozen machines with crisp and speedy connections. I am canceling my Megapath iDSL service; it was satisfactory but expensive, and I don't need it any longer. I've also cancelled the DirecPC satellite Internet connection service. The satellite was a lot better than nothing, but the latency was maddening. The iDSL line was reliable but a lot slower than Adelphia Cable Modem. If you can get Cable Modem service, you will find it's good enough, inexpensive, and will serve all your needs.
You will want a good router to take advantage of cable modem speeds. The D Link DI 604 has been quite satisfactory.
D Link DI 604 Router
I have replaced the Hawking router with a D Link DI 604, which so far works perfectly. I do not advise connecting to high speed service like cable modem without a router that does Network Address Translation (NAT). Windows XP has a built in firewall program which you can turn on it's off by default and it is better than nothing, but it can be compromised, as can any firewall running on the machine it protects. If you connect a Windows system to the Internet with a high speed connection of any kind, my advice is to get a NAT router, or use a Linux box upstream of the Windows system.
Next month I will review several routers and hardware firewalls, but I am not sure I need to: so far the relatively inexpensive D Link DI 604 has been more than good enough, both as a router, and as a firewall to hide my system from attacks including worms and viruses. While many machines were attacked and infected in August stories on that later none of mine were harmed.
The DI 604 has no problems with the 2 megabit data transmissions I am getting with Adelphia Cable Modem. Setting up the DI 604 was pretty straightforward even with my needlessly complicated networking system. I am running an internal network with servers and DHCP service, so I couldn't just use the D Link default settings. The DI 604 is by default set to an IP address of 192.168.0.1 which is not in my internal network.
It was minorly tricky to readdress the DI 604 to 192.168.1.1 (which is the gateway address for my LAN) and turn off the DHCP feature. I had to turn off the DHCP feature because my LAN already has a DHCP server as part of the Active Directory service of my Windows 2000 Server system, and having two DHCP servers going at once can be painful.
For the record, DHCP service assigns an IP address to machines on your internal net. This allows them to talk to the router and to each other. The DHCP server hears a request from the machine when it starts up, gives it an address such as 192.168.0.12 (in my case, 192.168.1.12 since I am using the 192.168.1.x subnet), and remembers what machine now has that address. Clearly if you have two DHCP servers, you'll need to set rules for what each does lest they clash. It's possible to set up a network in which several machines share DHCP tasks by restricting the scope of each, but if you need to do that you'll need to know more than I can tell you here.
I did the DI 604 setup by connecting one and only one computer to the D Link, following the instructions for getting to the administrative control page, then readdressing the router and also turning off the DHCP service feature. Once I had done that, and reset both router and computer, the computer could not see the router. I had to connect both that router (with its fixed address of 192.168.1.1) and the computer I was controlling it with to my LAN, then reset the computer. The Windows 2000 Server network has a DHCP server which assigns the computer an IP address. None of this took very long, and anyone able to set up a LAN will have no trouble adding the D Link router.
If you don't have a LAN it's much simpler: connect your computer to the D Link DI 604 with an Ethernet cable and follow the instructions that come in the box. You won't need to readdress anything. Let the DI 604 take care of DHCP services (LAN IP address assignments). If you want to give more computers the ability to access the Internet and each other, just plug in up to four of them to the DI 604. It will all just work.
If you want to set up a simple network with a printer, the D Link DI 704p has all the features of the DI 604 plus a parallel printer port and Windows based print server software allowing all the machines on your LAN to share that printer. Setup is simple and it will all just work. Both the DI 604 and DI 704p are recommended.
NAT and Security
Routers like the DI 604 use Network Address Translation (NAT), readdressing and routing incoming and outgoing signal packets from the "real" (i.e. public) Internet address to a private internal address that in theory can't be accessed from outside; that is the router serves as a firewall. The practical result is that when an evil program that's trying to worm its way into your system searches for computers to infect, it won't be able to see yours hidden behind the firewall. So far as the worm is concerned, you don't exist.
Regarding those private IP addresses. When IP addressing was set up, certain address blocks, such as 192.168.x.x were reserved for internal use, and in theory Internet routers will discard any packets from or destined to those addresses. This not only enhances network security, but also cuts down on extraneous Internet traffic. However, many routers including some backbone routers have not been set to do this, and a lot of traffic bearing private addresses flows through the Internet. The reason for this is speed: Rejecting packets requires testing for rejected addresses, and that takes time. The Internet essentially leaves this task for border routers, such as the D Link DI 604 I have guarding my LAN: It won't pass those private addresses from outside into my system, or allow packets addressed to private IP addresses to go out of my LAN to the Internet. All firewalls are supposed to do this.
