First atom chips that commit Seppuku and chip sets that crap out.
FYI: You can blow Intel-powered broadband modems off the 'net with a 'trivial' packet stream
Broadband modems using Intel's bungled Puma 6 chipset can be overloaded and virtually knocked offline by a trivial trickle of packets, it is claimed. Effectively, if there's someone you don't like, and they are one of thousands upon thousands of people using a Puma 6-powered home gateway, and you know their public IP address, …
COMMENTS
-
Thursday 27th April 2017 07:38 GMT Gordon Pryra
I spoke to Virgin
And (as usual) I came away with the belief that if they did not only have BT as their competition, they would go out of business in 2 weeks. In fact, if Sky were no so pricey they could put Virgin out of the game (they wont because they are probably happy with the prices and dont want a price war)
I have asked Virgin about updates for the chipset on their superhub 3 and the "network specialist" told me to put it in modem mode and use my own router.....
Admittedly in the past I have taken the piss a bit, asking semi-trained help desk questions way outside of their levels of competence, but the response from Virgin is pathetic.
To first pretend that there is nothing wrong then to give false advise is hardly great business practice UNLESS you know your customers have no choice.
Sky understand how shit Virgin are, so their prices are ridiculous, BT are just shoddy offering sport for the idiots and "you can use now TV for the rest!!!"
-
Thursday 27th April 2017 08:35 GMT wyatt
All I would like is the option from any provider for a modem only service, I'll provide the router. It must be cheaper than a 'hub' and would reduce the number of faults they have reported? My first BT contract I had a Voyager 220v and it was great. Friend had a Modem from VM and it was also great, then they swapped it to a hub and the service went crap.
-
Thursday 27th April 2017 10:43 GMT gnasher729
I have a BT Hub Infinity Homehub 5. Somewhere in my cupboard. It was replaced with an OpenReach modem from eBay for about £3, and a pre-previous generation Apple Airport Extreme from eBay for £40. Works absolutely fine with 7 or 8 devices plus the odd visitor, unlike the BT hub which would just break down and need to be rebooted once a week. (Symptom: Sad wife saying "Why is the internet not working")
-
Thursday 27th April 2017 12:32 GMT CrazyOldCatMan
All I would like is the option from any provider for a modem only service, I'll provide the router
You can do that - it just involves picking a proper ISP rather then one in the race to the bottom category..
My current ISP (Zen) is one such ISP as was my previous ISP (IDNet). AAISP is also viable.
-
Thursday 27th April 2017 16:25 GMT Anonymous Coward
More accurately it involves picking any ISP other than Virgin and Sky.
The Virgin network requires the modem to authenticate onto the network, and it is tied to a customer account. Unless Virgin change their processes to allow you to supply your own modem, or unless they go back to offering a proper cable modem (which would *not* get around this issue if Virgin picked a Puma 6 modem to offer to customers), you are stuck with the super turd.
Sky make it extremely difficult to use third party equipment since they insist on using a unique authentication system for the router.
The rest of the big boys - BT, TalkTalk, Plusnet etc really couldn't give two hoots as to what router you use. They will want you to plug it back in if you are reporting a fault, but that's fair enough (and yes, even Zen do that - I only know too well how they kept trying to blame my equipment for their network fault - Zen never sent me a router as you had to pay full price when I signed up, and they wouldn't loan me one, so that was that)
-
-
-
Thursday 27th April 2017 19:43 GMT psychonaut
you are if you dont have a sh3.
im on the 200 / 10 and its just fine thanks. could do with a bit more upload but its ok.
there is unfortunately noone anywhere near price wise to touch virgins fibre if it has a sh2 in modem mode
then add a pair of Ubiquiti long range ac access points and i have 200mb everywhere wirelesly for my ac wireless clients. bloody lovely.
i cant tell you how good the ubiquiti gear is, and ive tried quite a few different access points in many different properties .at home i have them it in the loft, not even drilled through the upper most ceiling, just hanging from the roof in the loft. penetration to ground floor is amazing, speed is awesome. buy some
-
Thursday 27th April 2017 23:23 GMT TheVogon
"im on the 200 / 10 and its just fine thanks. could do with a bit more upload but its ok."
Setup a free broadband quality monitor at Think Broadband and you will see how bad the latency is. Also the Puma 6 drops 1% and 7% on DNS packets - and that will impact you even if you hadn't realised. Try the GRC DNS benchmark...
-
-
-
Friday 28th April 2017 07:21 GMT Ken Hagan
"Please let me know where it says that In the article?!"
Well we can start with the title: "blow ... off the net".
My point is that if your choice of ISP results in you using a modem that gets DOS-ed of the net entirely then it does not matter how fast that ISP promised to deliver bits. You are getting 0 Mb/s and any ISP that offers a better modem will deliver more bandwidth.
-
Friday 28th April 2017 23:10 GMT AlbertH
Virgin on the ridiculous
Unfortunately, Virgin cap your usage and deliberately cripple your connection if you exceed their paltry allowance. They also sell all your browsing information to "Phorm". Their DNS is poisoned, and their "service" is a joke, with week-long outages and no recompense for the abused subscriber.
-
-
-
-
-
-
Thursday 27th April 2017 09:22 GMT Anonymous Coward
The penalty for realtime imbecilitis
Well, that is the penalty you get when you implement NAT and stateful firewall in consumer grade hardware instead of using the OS one.
I used to do some CPE work in my previous life and I have observed how a couple of product directors were having a massive boner discussing the wonderful hardware offloads in the upcoming Intel CPE Cable hardware. I told them that they are out of their mind to use them. Even a measly 400-500MHz Arm or MIPS chipset can happily handle it at the rates in Cable, so there is absolutely no point to use the hardware offload. And most importantly - it is something tested by nearly 2 decades of use now, IT WORKS(tm).
It did not stick - the idiots went on to use the offload (I can bet the same happened in other places).
Stupidity is contagious, especially amidst CPE product management and especially in Cable.
-
Thursday 27th April 2017 18:15 GMT TheVogon
Re: The penalty for realtime imbecilitis
"Well, that is the penalty you get when you implement NAT and stateful firewall in consumer grade hardware instead of using the OS one."
What ever hardware you use, it runs an OS. Cheap"consumer grade" hardware - for instance the ASUS RT66 can have a firewall / QoS enabled throughput of well over 600Mbs / 30,000+ connections.
-
Thursday 27th April 2017 19:38 GMT asdf
Re: The penalty for realtime imbecilitis
>ASUS RT66 can have a firewall / QoS enabled throughput of well over 600Mbs / 30,000+ connections.
Not using Linux HTB or HFSC it can't. Perhaps with cake but 600Mbs is pushing it even with cutting edge hardware little lone an RT66. If it has QOS at that speed more than likely its garbage QOS.
-
This post has been deleted by its author
-
This post has been deleted by its author
-
Thursday 27th April 2017 22:49 GMT asdf
Re: The penalty for realtime imbecilitis
Down vote me but here you go.
https://www.bufferbloat.net/projects/attachments/150817135028_cake-battlemesh-v8.pdf
(see page 14 where even an WRT1900ACv2 can only do 300Mbps throughput even with cake, significantly less for HTB). For the record I have tried cake personally on my WNDR3800 and found it not to be stable at least with PPPoE but I'm on slow ass 20Mbps DSL with a very pathetic upload so HTB+FQ_Codel works perfect for me. Also any qdisc that doesn't do rate limiting (PIE, FQ_Codel) is by itself nearly worthless. Your router has to own where the packets get queued (own the queue) or your QOS is worthless.
-
-
Friday 28th April 2017 00:56 GMT asdf
Re: The penalty for realtime imbecilitis
Ok that's great. Now show me what qdisc you have on those interfaces. With no real QOS and offloads sure 600Mbps no problem. The claim was QOS and 600+Mbps in a cheap consumer router. Do this run say a half dozen torrents full bore (make sure download saturated) and ping 8.8.8.8. If you can't keep every ping under say 100ms (being generous here) then your QOS isn't.
-
Friday 28th April 2017 01:20 GMT asdf
Re: The penalty for realtime imbecilitis
If you are able to do it (and you truly were maxing out both your download and upload) then you should really thank your ISP because unless you are limiting your download and upload to about 90% or so of their max its your ISP equipment (or someone downstream) doing the QOS because more than likely you no longer own the queue.
-
Friday 28th April 2017 01:30 GMT asdf
Re: The penalty for realtime imbecilitis
> Now show me what qdisc
Also since virtually no consumer grade store bought routers run any of the BSDs pretty safe to request the qdisc used. If you can log into your router with telnet or ssh do a tc -s -d qdisc at the command line and post the result. More than likely it says it doesn't know the command tc which means no real QOS.
-
Friday 28th April 2017 06:10 GMT Voland's right hand
Re: The penalty for realtime imbecilitis
Now show me what qdisc
It is not the CPU grunt which is the issue in consumer hardware preventing good QoS at 600MB (I agree with several posters which said it does not work).
It is something NO consumer router has. Timer precision. The higher the bandwidth, the higher the timer precision required. MIPS hardware used in most consumer routers simply does not have the timers needed to do QoS at 600MBit. You may be able to police and traffic shape a couple of buckets with HTB with rough precision (in the 10s of MBits range), but definitely no proper QoS as required by high-end video conferencing, audio, etc.
Compared to that, the timer precision on x86 is more than sufficient to do policing and QoS down to 10s of Kbits range at 1Gbit.
Now, on offloads. The offloads DO NOT FIX THAT. They do stuff which absolutely not needed if you use a Linux software load like accelerated forwarding, firewall, nat (all of that with ridiculously small tables). They do not however, have the ability to run a proper Qdisc on that at least in most consumer hardware. The few attempts at QoS in that are just drivel produced by a Chinese firmware engineer which has no clue whatsoever how QoS works (and it, by the way, is rocket science).
-
This post has been deleted by its author
-
This post has been deleted by its author
-
-
Friday 28th April 2017 14:30 GMT asdf
Re: The penalty for realtime imbecilitis
>It is not the CPU grunt which is the issue in consumer hardware preventing good QoS at 600MB (I agree with several posters which said it does not work).
>It is something NO consumer router has. Timer precision.
Perhaps but my guess is it also has to do with the cpu not able to handle the massive amount of interrupts when dealing with network traffic at that speed even with the offloads (QOS also still has to peel apart multiple packets as well with offloads if its to be effective). As for x86 I agree that if I wasn't so cheap and actually had super fast internet I almost assuredly would be running x86 (perhaps with *BSD) for my main router (and no shitty Atom cpu for sure). But capped at 26 Mbps down and 1 up DSL, my WNDR3800 running Cerowrt with htb + fq_codel runs like a dream. Nobody in the house ever complains about anyone else using internet even when I am torrenting several large Linux isos. When I see lag in games (rare) its almost always server side.
-
-
-
Friday 28th April 2017 13:41 GMT TheVogon
Re: The penalty for realtime imbecilitis
""The claim was QOS and 600+Mbps in a cheap consumer router"
No, it was that Firewall + NAT was not realistic on consumer grade hardware. I have shown that you are wrong on that.
I then added some specifics - that are also correct - in fact I under specified what the hardware can achieve. And yes that's with QoS enabled.
How effective the QoS is - is an entirely different question and is unrelated to your original claim - which didn't mention QoS...
-
Friday 28th April 2017 13:54 GMT asdf
Re: The penalty for realtime imbecilitis
>Not using Linux HTB or HFSC it can't. Perhaps with cake but 600Mbs is pushing it even with cutting edge hardware little lone an RT66. If it has QOS at that speed more than likely its garbage QOS.
My original claim. Show me where its wrong. At this point if you are not a network guy its best to move on. Those terms I am using is how Linux does proper QOS. When you implied using stock firmware told me all I needed to know. I have not seen any consumer hardware that didn't come with DD-WRT or OpenWRT do proper QOS. If the manufacturers knew what they were talking about we wouldn't have all these articles about their security fails and general incompetence.
-
This post has been deleted by its author
-
Friday 28th April 2017 16:44 GMT asdf
Re: The penalty for realtime imbecilitis
>I then added some specifics - that are also correct - in fact I under specified what the hardware can achieve. And yes that's with QoS enabled.
Want to know something funny. I bet for most ordinary people's use cases they are much better off with properly set up QOS on a sub 100 Mbps connection, than phantom broken QOS on a much faster connection which is what they get if they are not using a proper PC to do their routing/QOS. Especially cost wise and if there is teens/20s in the house endless downloading shit no matter how fast the connection. I never see lag spikes people with these fancy expensive internet modems/service do. Must really suck paying five to ten times more for internet and then get tea bagged by me in some first person shooter because I don't lag.
-
-
-
-
-
-
-
Thursday 27th April 2017 09:46 GMT MoreBeerPlease
I almost feel sorry for VM
I too have had many conversations with VM over the previous known issue with the Puma6 using Hub3.
On one of my many calls I had a very interesting chat with a 2nd level network guy who struggled to stick to the official company line.
Although the front line call centre numpties aren't aware that there is an issue, the network guys are.
He would like to send me an old Superhub2 or Superhub 2ac but there aren't any in stock and the few they did have hanging around have all been sent out to irate gamers. So it's not that they won't send out old kit, it's that they can't.
Also and this will upset the very sensible crowd who just want a modem that does one thing well, VM want to get rid of separate Tivo/V6 and Hubs and just have one box in the house that does everything. The telephony sockets on the back of the hub3 are a sign of things to come.
So maybe I should say I do feel sorry for the few competent techies who work there.
Guess what arrived in the post yesterday, another unasked for Hub3. I'll add it to the pile. Is this the future of consumer distribution using the consumer as localized warehouses?
-
Thursday 27th April 2017 14:54 GMT AJames
Meh
We already know that these modems are defective and should be replaced by the ISPs since Intel's mitigation measures in firmware are not very effective.
Anyone is vulnerable to a targeted denial-of-service attack. This exploit, if true, makes it a little easier to kill modems with a Puma 6 chipset, but you would still need to be targeted by someone willing to keep up a significant data stream. Honestly it doesn't significantly increase your risk.
-
Thursday 27th April 2017 23:18 GMT Richard 12
Every machine on the Internet is subjected to regular probing attacks by the myriad of botnets out in the wild.
Such attacks occur very frequently as scanning the whole of IPv4 doesn't really take that long when you have a thousand compromised hosts.
A decent router/firewall will dump them and the botnet component moves on without much incident.
A bad one gets owned by one of the various attacks attempted.
These are likely to get shut down until it moves on.
Better than being taken over, but very annoying.
-
Friday 28th April 2017 16:18 GMT asdf
>A bad one gets owned by one of the various attacks attempted.
Which is why your first step after getting your internet facing router setup is to download the Kali Linux iso and get on the internet outside your router (phone internet etc). Get your router wan side ip address, boot up Kali then do the complete scan with Armitage and finally do a Hail Mary attack. Any ports open you don't recognize and especially any sessions open then best to return your hardware unless you can put LEDE on it in which case do so.
-
-
-
This post has been deleted by its author