[ale] The 12 Q's of Chrismas (Cable-DSL Modem Shopping)

Keith R. Watson keith.watson at gtri.gatech.edu
Thu Dec 19 17:35:51 EST 2002 

FGZ,

At 10:17 AM 12/19/2002 -0500, you wrote:
>Good morning. Long post of lots of questions follows:
>
>In prep for a cable internet hookup later this month, I
>went on a 'fact-finding mission' at Best Buy and Circuit
>City. Linksys and Seimens<sp?> to look at these things.
>Linksys and Seimens<sp?> are the two predominant
>brands at these stores, with the former seeming to have
>the most favorable reviews I've read and heard. There
>were several models of each but the salespeople didn't
>have all the answers to my cable-n00b questions, so
>knowing ALE has some of the greatest IT minds around :),
>I'm asking for info.
>
>1). Quick poll: Linksys, Seimens, or...?

I have been using a Linksys BEFSR11 on DSL for about two years with no 
problems. They work the same way with cable modems too. I've never tried 
any of the Siemens products.

Practically Networked is one of the best sites for reviews of this kind of 
equipment.
http://www.practicallynetworked.com


DSL Reports is another good site that also discuses cable modem issues:
http://www.dslreports.com/


Navas Cable Modem/DSL Tuning Guide is a great site for finding out how 
things work and performance tuning your cable/DLS connection:
http://cable-dsl.home.att.net/


The site focuses on system performance, with areas including Broadband 
Internet connections, Windows, Overclocking, all targeted towards a 
technically aware audience. A large section of SpeedGuide.net is dedicated 
to Cable Modems and DSL technology, stressing on improving TCP/IP 
performance over high speed/latency networks.
http://www.speedguide.net/


Shields Up is a site where you can request a scan of your network to see if 
you have any vulnerabilities.
http://grc.com/


Here are some cable model specific sites. I haven't used these but they 
look like they might be useful.
http://www.cable-modem.net/
http://www.cablemodemhelp.com/
http://www.catv.org/index.html
http://www.cable-modems.org/
http://www.cable-modem-internet-access.com/
http://www.cablemodeminfo.com/index.html-ssi



>2). VPNs come on some of these. Why should I care
>about VPN on a home LAN? Is there is a chance remote
>config of a SOHO LAN PC might get out on the internet?


VPNs use an encrypted data stream. Cable/DLS routers typically use NAT 
(network address translation) to allow multiple machines to share one IP 
address. This would result in the header of the encrypted packets being 
altered in such a way that the VPN perceives the packets as being 
"tainted". VPN pass through allows machines behind the NAT firewall to 
connect to your companies VPN without "tainting" the packets.

Most cable/DSL routers do not have built in VPN capability so you have to 
install VPN client software on each computer that you want to connect to 
the office. Linksys recently came out with a model that has a VPN client 
built in. This would allow any machine on your network to VPN into the 
office without having to install a client on each machine. This is a handy 
feature if your running an operating system for which there is no VPN 
client software. Other vendors have this feature too, I just don't know 
which ones, so you'll have to check the Practically Networked web site.

There is no such thing as a universal VPN client, so make sure that the 
cable/DSL router's VPN client will work with your office VPN before you buy it.




>3). Seimens mentioned 'VPN pass-through', for example,
>to my corporate VPN. What is that and why do I care
>since I run VPN client sw on my a local PC to get to
>the corp LAN from home now?


See the answer to question 2 above.



>4). Do these distribute bandwidth fractionally to each
>device on the modem, or is it on-demand bandwidth? i.e.
>will the PC casually browsing the web get less overall
>bandwidth than the PC downing a 10MB file?


To rephrase to the question - do cable/DLS routers provide bandwidth 
allocation or quality of service controls? The cheap ones share the 
connection equally, but some of the more expensive (>$500) can do some 
bandwidth allocation and/or quality of service control.




>5). Can you truly hang a hub, or maybe more properly,
>a switch (and maybe even a wireless 11MB hub), from
>one of the modem ports, and expect to get an IP
>properly assigned to each PC off the hub/switch? Does
>the bandwidth get horribly cut at the hub/switch by
>doing this?

Only if your ISP supports multiple computers at the same site. Generally 
they charge a nominal fee (typically $5) per month per machine but this 
doesn't include any type of firewall service. It is cheaper and more secure 
to use your own cable/DSL router. This would let your machines share a 
singe IP number with no additional cost per month. In addition you they 
would be protected by a firewall.

When using a cable/DSL router the bandwidth is limited on the WAN side by 
the ISP. On my DSL its 1.5Mb/s down and 256Kb/s up. The WAN connector on my 
router will handle 10Mb/s. Actual throughput tests of the Linksys BEFSR11 
show it can support about 4.5Mb/sec sustained. So the limiting factor is 
the cable/DLS line, not the router.

On the LAN side of the router they generally support 10\100Mb/s. This can 
vary from model to model, so check the fine print.



>6). Specific to Linksys: I saw four (4) 4-port models
>at $59-$99, some with firmware VPN, firewall, AV, etc.
>What do I really need for a SOHO LAN, since all PCs
>have at least AV anyway? Allegedly the modem firewalls
>allow port monitoring and blocking etc, but I'm skeptical.
>Is it best practice to run a f/w PC in front of the cable
>modem, then DHCP out to the cable modem itself?

It is a really good idea to have a firewall of some type for your systems. 
Either a hardware device or firewall software on each of your computers. 
The cable/DSL routers provide this very inexpensively. You could install a 
software firewall on each of your computers providing there is software for 
the operating system you are using. As I noted in question 2, the firmware 
VPN eliminates the need to install VPN client software on all your systems.

I haven't heard of any routers that have built-in anti-virus capability. 
That doesn't mean they don't exist, I just haven't heard of them. Check the 
Practically Networked web site.

Actually the topology is:

cable <--> cable modem <--> router/firewall <--> computers




>7). If these things are firmware (nobody knew), can
>they be flashed with an upgrade like a PC BIOS?

Most of the cable/DLS routers are flash upgradeable. Check the fine print 
before buying.




>8). Which Linksys model(s) had the web-config utility
>vulnerability? Can it/those be flashed?

I know that mine (BEFSR11) had the problem. Yes, it was flash upgradeable. 
Most models are flashable, see the answer to question 7 above.




>9). What is UPnP? Sounds like a Windows thing.

This is a new feature in some of the routers. I don't know much about it 
yet but I did read that you should disable it unless you *know* you need it.



>10). Some have PPPoE. Why, since dialup goes away? Or
>is this for direct serial connection over the internet?

PPPOE has nothing to do with serial dial-up. For some reason IPSs think 
PPPOE is the best thing since indoor plumbing. Personally I think it wastes 
valuable bandwidth. Bottom line is, if the ISP you choose uses it then you 
have no choice but to use it or pick another ISP. If your in an area that 
only has one ISP, then you take what you can get.

PPPOE has been known to cause problems with VPNs. Generally changing the 
MAX MTU on your computer fixes the problem.


>11). Modem rent is $5.00/month, yet $99 purchases one.
>Payout is obvious, yet will purchasing yield a better
>quality product and if so, should I get it before the
>installer comes to avoid any MAC changing hassles later
>and billing snafu's when the cable co says I haven't
>returned their modem? Which brand?

Don't know. I'd recommend checking the web pages in question 1.


>12). Is there any chance that a purchased modem will
>be incompatible with their line sig? If so, what do I
>look for?


Don't know. I'd recommend checking the web pages in question 1.




>The SOHO LAN will be a mixed environment of Linux,
>Win9x, Win2K, Solaris SPARC and i386, three french
>hens, two turtle doves, and a modem maybe under the
>xmas tree....

I run a rather diverse lot of equipment too. That's one of the reasons I 
like using a cable/DSL NAT router. I can bring up an older operating system 
that is vulnerable on my LAN without worrying about it getting rooted by a 
script kiddie on the Internet. The only worry then is someone on your own 
LAN hacking one of your machines. Can you trust your house mates? If so, no 
worries.


>All comments and suggestions appreciated, much
>thanks, and Merry Christmas!

Merry Christmas and Happy Networking,

keith


-------------

Keith R. Watson                        GTRI/ITD
Systems Support Specialist III         Georgia Tech Research Institute
keith.watson at gtri.gatech.edu           Atlanta, GA  30332-0816
404-894-0836

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list