cybersecurity road trip?

From: Rod-Lists 

----- Forwarded Message -----
From: "Optiv" 
To: "Rod-Lists" 
Sent: Monday, August 29, 2016 5:01:47 AM
Subject: Join us on September 8 for a Cyber Security Leadership Exchange

If you have trouble viewing this email, read the online version.

Join this open panel discussion and learn more about today’s modern threat landscape.         


"Cyber Security Leadership Exchange"                                                             

U.S. Secret Service Featured Speaker!
Attackers today do not just use one channel to launch their targeted attacks - they use all of them. Email, social media, networks and endpoints are all part of the modern cybercriminal's arsenal, and many of these attacks are invisible to traditional security tools. 
Join us  and learn more about today’s modern threat landscape and gain visibility into the new forms of sophisticated cybersecurity threats targeting organizations.

Thursday, September 8, 2016
11:00 AM – 1:30 PM

Registration 11:00 AM
Presentations and Lunch 11:30 AM
Q&A 1:30 PM 
Ruth’s Chris Steakhouse
8521 Leesburg Pike, Tyson’s Corner, VA 22182
Tel: 703-848-4290 

REGISTER NOW                                                                                                 

For more information, please contact Michelle Patterson at  or 214.682.8284 .                     

Connect:                                                                         Contact:                        


From: Wil Wade 
Via HN I thought this was an interesting historical tale due to the
previous discussions of Net Neutrality and Comcast/EPB.

Although I will say that it almost sounds more like Apple. However, Comcast
is one of those fighting freedom for set top boxes.

I think many/most classical liberals (i.e. free market econs) would
consider the attempts to block hush a phone to be a good place for the
government to require freedom (consumer in this case). You shouldn't be
able to tell me what to do with something I purchased as long as it is not
physically damaging to you... Hmmm.....

Slow transfer speed between offices (both on EPB)

From: David White 
This is weird.

I'm trying to transfer about 60GB worth of data between my home office to
my main office right now. Both are running on EPB 100mbps. I'm connected
via OpenVPN with all traffic routed through the VPN.

A test right now indicates I'm getting a good 70+ down, and
over 50 up.

I'm only getting about 5MB/s up when transferring files from my home office
(OpenVPN client) to my NAS in the office over SMB2. I tried increasing that
to SMB3, and that didn't make much difference.

When I upload the files using HTTPS (for those of you familiar with
Synology, that's what I have), I'm doing about 9-10MB/s.

The destination is an encrypted folder, so that may be a bit of the

However, it seems to me there's still huge room for improvement, regardless
of the protocol used, the encryption, and the hardware.

A traceroute to the destination shows what I think are reasonable results:

david@developCENTSlaptop:~$ traceroute
traceroute to (, 64 hops max
  1  11.165ms  2.789ms  8.362ms

What can I look into in order to track down the source of the slowness?

Would I get better performance if I used NFS or FTPS or rsync? I'm not
terribly familiar with NFS. I've enabled it on the NAS and have granted my
computer's VPN IP address (see attached) but continue to get an access

Correct me if I'm wrong, I get the feeling, though, that NFS isn't ideal
for this type of use case.

David White
Founder & CEO


*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at

Linux friendly landlord...

From: Mike Harrison 

Does that make it on-topic, it might? If not I apologize in advance

Finally got done enough with this office remodel to post pics and list it for rent. 

Would be a great spot for a Linux using tech-ish company.

$950 per month, 800sqft including utilities, parking and internet (EPB)


Netflix introduces a super simple download speed test

From: Lynn Dixon 
I thought this is pretty cool.  Super simple, and it uses their CDN
networks for the payload.  And its HTTPS, so its very easy to tell if your
ISP is throttling your Netflix streams, or if your ISP is doing QoS for
speed test packets (giving full bandwidth to to make you
think your getting your advertised speed).

check it out at:

I was only able to get about 300 Mbps download, which is a bit
disappointing on my EPB 1 gig service.

Anyone else noticing slow speeds with EPB lately?

From: Lynn Dixon 
For the past few days I have not been able to get any speeds above about
100 Mbps up or down from EPB.  Was hoping it was something temporary, but
its been persistent for several days now.

Was just checking to see if anyone else is noticing any slowness.  May have
to call their support today.

Public IP Address Weirdness (I'm on EPB)

From: David White 
I'm troubleshooting why I can't seem to connect to my OpenVPN server (on
pfSense) here in my home office, and have stumbled upon something really

Numerous websites including, Google (when
I search for what is my IP), etc... indicate that I have 1 IP address.

The WAN interface on my pfSense Dashboard indicates a different IP address.

When I look at the pfSense console, I have a /20 DHCP address, and the IP
address reported by Google, What Is My IP, etc... isn't an IP that falls
into that /20.

Is this some sort of EPB misconfiguration or weirdness going on?

I'm starting to think that my OpenVPN server is *not* the reason I'm unable
to actually connect to it... Because I moved a few weeks ago, and it was
working fine before I moved!

David White
Founder & CEO


*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at

EPB Hosting

From: Mitch Tuck 
I have a client that is using EPB for their web hosting.  When posting a
form with a textarea I am getting a 504 error return.  This was working
fine yesterday.  This only happens when the textarea has nested html tags
with attributes.  I can submit fine to the same url fine as long as the
textarea is html without attributes.  Anyone had a similar problem?


Possible to use switch behind EPB hand-off?

From: David White 
I have a client who has 2 static IP addresses that are assigned to 2
separate firewalls.

The client has 2 retail stores right next to each other. Same parent
company owns the retail stores, but different IP address for each store,
and the powers that be for each retail store requires separate hardware,
and doesn't want their own firewall touching the other retail store's

They even have refused to configure one of the firewalls to act as a
passthrough to the 2nd firewall.

I talked to someone from EPB earlier today, as I wanted to get a 2nd
hand-off from the white Alcatel-Lucent Fiber-to-Copper boxes that EPB has
on-site. That box has 4 LAN ports, but only 2 are in use (1 is for phones).

I was told that to get a 3rd port activated for the 2nd IP address, that we
would have to pay for a completely separate EPB connection.

So the guy I talked to suggested getting a router instead. But each of the
corporate firewalls are configured on the public IP addresses. So if I put
in a router, I would need to get a 3rd IP address, and then have the
firewalls reconfigured to use the router's public IP address as the
gateway, right?

I asked about putting in a switch in instead, and the guy said that
wouldn't work.

But I don't see why it wouldn't work, since the firewalls are already
configured on the public IP address.

Am I missing something?

David White
Founder & CEO


*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at

EPB NOC / domain registrar

From: David White 
I'm going to call NOC here in an hour or so, but I thought I might ask here

I have a client whose domain and website is hosted on EPB's setup
(Parallels panel on

Develop CENTS is taking over the website hosting, and we'll also want to
transfer the URL into a new domain registrar account.

Any idea who I need to talk to over at at EPB to get the EPP
(Authorization) code, make sure the domain name is unlocked at the
registrar, and approve the transfer when I actually put things in motion
(hopefully later today)?

- David

David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Organizations Worldwide

tech company office space / Innovation District

From: Mike Harrison 

> On Jan 19, 2016, at 1:17 PM, Phil Sieg  wrote:
> I have been in negotiations on that South Creek property. Parking is a major issue. 

Yeah, that’s what made "Signal Base” attractive. It had decent parking.

Which, as are way off topic kinda:

In a few months (variable, currently occupied), I’ll have another office area ready for lease at 1028 Signal Mtn Road:  

750-sh sqft, with 2 small bathrooms and kitchenette, with parking, utilities including EPB 1gbps fiber for $1k per month. 

It’d be a nice office for a small technology company. 

What I’m seeing is outrageous prices for space in the Downtown “Innovation District”.  
I’d even consider making it a co-working-ish/maker/coffee space. Share it with some people that got along professionally. It could easily be configured with two lockable offices and a common space. 




Fwd: EPB inbound mails from chugalug unblocked

From: Rod-Lists 

----- Forwarded Message -----
From: "Dills, John" 
To: "Rod-Lists" 
Sent: Wednesday, January 6, 2016 3:53:46 PM
Subject: EPB inbound mails from chugalug unblocked

Hey there,

I remember responding to your support email a week or so back (and seeing your emails in the Chugalug portal). I wanted you to know that you should be able to receive inbound emails again from chugalug. Sorry about all of the inconvenience.

If you do ever need anything else, don't hesitate to reach back to me (or us).

Thanks again,
John Dills
Tech Support
[Description: Description: Description: Description: Description: cid:image001.jpg@01CC6A62.846D0BE0]

Barracuda & Chugalug & EPBFI

From: Mike Harrison 

> On Jan 6, 2016, at 8:22 AM, Rod-Lists  wrote:

Thanks. Barracuda.. Sigh.. 

I’ve already had some response from an internal EPB contact and they are checking to see if they can remove that. 

EPB blacklisted Chugalug?

From: Mike Harrison 

> On Jan 5, 2016, at 6:37 PM, Rod-Lists  wrote:
> EPB has blacklisted the lists so I don't get it my normal e-mail

Can anyone else confirm that? 

I see a lot of:

…>: 250 2.0.0 GcVSa8FhK8BIRGcVUaUNeZ mail accepted for delivery

in the mail logs

If EPB is tossing mail, I’d like to figure out why and fix that. 

local company looking for Ruby on Rails devlopers

From: Rod-Lists 
It is the company my wife works for. I hove no info other than the contact e-mail
If interested send me an e-mail directly. 
EPB has blacklisted the lists so I don't get it my normal e-mail


Question for hardware embed guys

From: "Alex Smith (K4RNT)" 
I don't know if 45W is too much power for your requirements, but look into
the Wyse WinTerm J400. It's a VIA C3 1GHz, takes SDRAM and has a PCI riser.
It's original purpose was a Windows Embedded thin client, but can easily be
repurposed with an IDE flash module.

-Seattle, WA metropolitan area

" 'With the first link, the chain is forged. The first speech censured, the
first thought forbidden, the first freedom denied, chains us all
irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and
warning... The first time any man's freedom is trodden on, we=E2=80=99re al=
damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG
episode "The Drumhead"
- Alex Smith
- Kent, Washington (metropolitan Seattle area)

On Sat, Jan 2, 2016 at 7:37 PM, Rod-Lists  wrote:

> I'm planning to build some communication servers for a use case that
> presupposes limited electrical power available.
> Think on a sailboat or an emcomm situation with the site on limited backu=
> power.
> Found this.
> Specs.

OT: Site to site IPSEC VPN speed question

From: mdquerng 
Hi all

Short question: Can anyone tell me if a site to site VPN tunnel (IPSEC in
this case) is limited in both the upstream and downstream bandwidth by the
slowest bandwidth (usually upstream) of the slowest endpoint.

Much longer explanation: I have a customer in Chattanooga that has EPB's 100
Professional service (100 down/100 up, SLA, etc.). They have a branch office
that has Comcast Business (asymmetric) service and another one that has
Charter Business (asymmetric) service (I know). I have created site to site
static VPN connections from the branch offices to the Chattanooga office
using Cisco ASA-5505 devices at each location.

The bandwidth requirements over the VPN are extreme for this particular
client. Basic internet speed testing from all the branches establishes the
following rough internet connection speeds:

Chattanooga office: (EPB speed test) 94 down/85 up
Branch office 1: (Comcast Business speed test) 91 down/11 up
Branch office 2: (Charter Business speed test) 83 down/7 up

When I do an iperf speed test across the VPN tunnel where the Chattanooga
office is the iperf server and each branch office is the client, I get the
following results:

Branch office 1: (iperf to Chattanooga) 10 down/10 up
Branch office 2: (iperf to Chattanooga) 6 down/6 up

I have never really thought about this before since my client's VPN speed
requirements have been very modest to this point. It appears that the speeds
I'm measuring over the tunnel with iperf at each branch office almost
exactly match the limited upload bandwidth at the respective branch. This
leads me to believe that IPSEC VPN tunnel bandwidth must need to be

I understand that IPSEC will certainly require some overhead on the
bandwidth available and I've also looked into tweaking TCP MTU/MSS settings,
possible interface issues, etc. However, it seems very odd to me that the up
and down bandwidth through the VPN tunnel at each branch almost exactly
matches the maximum available upload bandwidth of that branch's ISP. I've
gone so far as to test this theory with another client that has fast
symmetric bandwidth at their main office and slower asymmetric bandwidth at
their branch office and I get identical results.

Before I move forward with further troubleshooting, opening a TAC case,
investigating other/better ISP options, I thought I'd ask the Chugalug
collective brain on this one. Thoughts?


View this message in context:
Sent from the Chugalug mailing list archive at

EPB Gigabit

From: asg 
Yesterday, I upgraded my EPB account to 1Gbps instead of 100Mbps. EPB =
made the changes on their end and said they wouldn=E2=80=99t take effect =
until midnight. This morning I=E2=80=99m still running at 100Mbps. The =
tech person at EPB says the equipment is provisioned properly but that =
it is auto negotiating a 100M link with my router. I have a Ubiquiti =
EdgeRouter Lite so I know it is capable of 1Gbps. I plugged my laptop =
directly into the EPB jack in my house and the laptop negotiated a 100M =
connection as well. When I plug my laptop into my gigabit switch, it =
negotiates a 1Gbps connection. Any other things I should try before =
calling EPB back?

Stephen Haywood
Owner: ASG Consulting

Ubiquiti Networks EdgeRouter ERPOE-5

From: Eric Wolf 
Summary: The EdgeRouter is a great device. It's a true router. The web
interface leaves a lot to be desired but it can be configured at the CLI.
Don't bother with the ERPOE-5 and just get the 3-port EdgeRouter Lite. Use
the savings to buy a proper POE switch.

Folks asked about this and it seems relevant with EPB trying to push 10Gbe

A couple weeks ago, I got fiber to my house via my municipal utility. The
local utility built the network in 1997 but a state level law passed at the
urging of Comcast and Qwest (our Baby Bell, now part of CenturyLink)
prevented the city from selling internet access to customers. A local
referendum in 2012 changed this and the city has been rolling out fiber to
the home as fast as possible.

My service is 1Gbps-symmetric. I spoke with the installers and the city ran
10GB to each distribution node which serves a maximum of 8 households. So I
don't have to worry about noisy neighbors, at least in the bandwidth

Once I unplugged my DSL modem from my NetGear R6200 router and plugged in
the ONT, I was disappointed to see a maximum of about 320Mbps. Then I
plugged my laptop directly into the ONT, I got right around 930Mbps.
Evidently the problem is the NetGear R6200 can't process NAT fast enough
for a 1Gbps connection. A little Googling returned that there are two
integrated WIFI routers like the R6200 that can handle the bandwidth.

I also read about the Ubiquiti EdgeRouter Lite, which is a dedicated router
that can also handle the bandwidth. Being a geek, I ordered the 5-port
version of the EdgeRouter for $170 from Amazon. I splurged for next-day
delivery. The router itself is the size of a small switch. It has a nice
metal case and a detached power brick, not a wall-wart. The power brick has
a three-prong connector so it really feels like a serious piece of gear.

First, I upgraded the firmware on the EdgeRouter. This was fairly painless.
I had to download the binary to my desktop and then upload it via the web
interface. I wish it just had a "check for updates" button in the web
interface but that's something they can add later on.

I use static IPs for a lot of my network to help avoid conflicts with my
work network when I use the VPN. So I started by putting the NetGear (still
plugged into CenturyLink DSL) on a different subnet and configuring the
EdgeRouter for my static network.

Configuring the EdgeRouter is not at all like the NetGear or any other
consumer-oriented router. Each port on the EdgeRouter is individually
configurable. Typically port 1 would be the WAN port. I plugged this into
the ONT and set it up to grab a DHCP address. You can also designate up to
three of the ports as a switch and configure routing for a switch as a
group. You then have to write enable masquerading to get the switch to
route through the WAN port. Once that's done, you can start writing
firewall rules for each port (or the switch group). The web interface gets
clunkier and clunkier the deeper you get into configuration. I was lazy and
ended up deleting my firewall settings because I thought they were
conflicting with my new Ooma VOIP device.

I set my NetGear R6200 in AP mode and plugged it into one of the switch
ports. That will suffice until I start getting devices that want more than
802.11ac. I don't have any POE devices but I've read that the EdgeRouter
doesn't provide a standard POE voltage. UBNT makes a nice line of APs that
use their POE voltage. Once my wifi needs iterate again, I will add the
UBNT devices.

I had to rearrange my office network some. I put the NetGear in a more
central location in the house and moved my 5-port Gig-E switch closer to
the router. That last step would not have been necessary if I could have
configured the fourth port to be part of the switch group in the router. So
far there has been zero advantage to getting the 5-port EdgeRouter over the

I haven't really worked with the CLI yet. But it's a Linux box underneath.
It's pretty straightforward. But I haven't done routing and firewalls at
the CLI in 15+ years. There are wizards in the Web UI but they assume a
particular subnet and I didn't want to have to renumber all my static

Speedwise, the EdgeRouter has kept up with everything I can throw at it.
See the before/after results from Ookla on my Amazon review:

EPB Announcement (Conference, 2PM)

From: John Dills 
EPB is holding a conference at 2PM today to make an announcement. You can
watch here:

John Dills