Cable Modem and DSL (e.g., ADSL, G.lite, IDSL, SDSL) tips on increasing speed, enhancing security, fixing problems, sharing a connection, and more.

Copyright 1999-2017 The Navas Group^SM, All Rights Reserved.
Permission is granted to copy for private non-commercial use only.

Posted as <http://cable-dsl.navasgroup.com/>. 

Contents

• Quick and Easy!
• Speedup your connection
  • Before you start
  • Increasing TCP Receive Window for:
    • Microsoft Windows
      • 95/98/Me/NT/2000/XP
      • Vista (new!)
    • Apple Macintosh
  • Why TCP Receive Window matters
  • Dealing with latency, packet loss, and/or upload speed
  • Urban Myths exposed:
    • Why tweaking TTL won't increase speed
    • Why the System.ini Tweak Doesn't Work
  • How to check your connection speed
  • How to find out what's slowing you down
  • How the Upstream Cap can affect Downstream Speed
  • Microsoft's TCP/IP retransmission bug
  • Reduce DNS errors in Windows 2000/XP
• Security and Privacy
  • Security on Cable Modem or DSL (important)
    • Microsoft Windows (95/98/Me/NT/2000/XP)
    • OS/2
    • Apple Macintosh
    • Hardware Firewalls (SOHO Routers)
    • Check Your Security
  • Privacy on the Internet (important)
• PPPoE/PPPoA
  • What is PPPoE?
    • Access problems
    • Long hangs at startup or when accessing the Internet
  • What is PPPoA?
• Sharing your connection
  • Sharing Cable Modem or DSL on multiple computers
    • Wired (phoneline, powerline) networking
    • Wireless networking
  • Low-cost server for your small network
• How-to:
  • Services (servers) on dynamic IP
  • Share your files with NetBIOS over Cable Modem or DSL
    • Remote control
  • VPN/PPTP over Cable Modem or DSL
  • Use cable/DSL and dialup at the same time
  • "Bond" multiple cable/DSL and/or dial-up connections
  • Un-Cap a Cable or DSL Modem
  • Fax over Cable Modem or DSL
• What to do about poor:
  • Email service
  • News (Usenet) service
• Which is better:
  • Cable Modem or DSL?
  • Ethernet or USB or PCI?
• Cable Modem-specific issues:
  • Buy (rather than rent) a Cable Modem
  • Remove @Home proxy settings
  • Other Cable Modem Resources
• DSL-specific issues:
  • What is "Interleaved Mode?"
  • DSL over DLC (Digital Loop Carrier)
  • How to fix phone problems caused by ADSL
    • Where to buy a splitter
  • DSL problems caused by your own lighting
  • Other sources of DSL interference
  • Sync-nosurf (green light lockup) problem
  • Windows reboot problems with Alcatel SpeedTouch USB
  • Multiple security vulnerabilities in Alcatel modems (important)
  • ADSL Modem Guide (DMT issue 2)
  • What is IFITL? FTTC? FTTH?
  • Other DSL Resources
• What is "Wireless DSL?"
• Miscellaneous
  • Surge/lightning suppression for cable/DSL
  • Shopping On-line
  • TCP/IP Resources
  • Wireless Roaming
  • Other Resources
• Navas Cable Modem/DSL Sharing Guide^TM
• File and Printer Sharing (NetBIOS) Fact and Fiction

Important Notes:

• This information was compiled by the author and is provided as a public service. The author is not responsible for any errors or omissions, or for any consequential problems that might result. USE AT YOUR OWN RISK.
• Privacy Policy: This site makes no use of personal information; does not require registration; and does not use browser "cookies."
• The author does not have the time to give individual technical support, so please do not email requests for assistance.
• Email comments and suggestions to John Navas.

Quick and Easy!

1. Before you start
2. Increasing TCP Receive Window, Method 2
3. Disable File and Print Sharing (Security on Cable Modem or DSL, Case A)

[Jump to Contents]

Before you start

1. Windows Socket Update - Kernel 32
2. Dial-Up Networking 1.4 Upgrade (includes general networking fixes, not just dial-up support; also applies to Windows 98)
3. Windows Socket 2 Update
4. Microsoft DUN 1.3 and Winsock2 Year 2000 Update

[Jump to Contents]

Increasing TCP Receive Window for Microsoft Windows 95/98/Me/NT/2000/XP

A: The only Windows 95/98/Me/NT/2000/XP network setting that has any real effect on DSL or Cable Modem speed is the TCP Receive Window size, which can be controlled with the following Registry settings:

• Windows 95/98/Me: DefaultRcvWindow
• Windows NT: TcpWindowSize
• Windows 2000/XP:
  • GlobalMaxTcpWindowSize (default for all interfaces - simplest method)
  • TcpWindowSize (individual interface - overrides default)

Everything else commonly recommended (e.g., TTL) are urban myths that won't help.

To modify your TCP Receive Window size, use one of the following two methods:

Method 1

^* Latency: Check latency with 'ping' (or 'traceroute') to a number of distant hosts and use the highest typical value. (See Important Note below under "Latency") Reasonable rough rules of thumb are that low latency is below 100 ms, and high latency is above 200 ms (with normal latency in the middle).

** Removal: INF files are provided that will automatically remove these Registry entries, restoring default behavior.  Click the link to start the download; save the INF file to your desktop; right-click on it, and then choose Install to run it. The INF file can then be discarded. Reboot your system for the change to take effect.

Method 2

Important Notes:

• Reboot your system after making any change for the change to take effect!
• According to Microsoft: "Before making any modification to the Registry, be sure to make backup copies of the Registry files System.dat and User.dat. Using the Registry Editor and modifying the Registry incorrectly could cause serious problems that may require the reinstallation of Windows." See:
  • Q256419 "How to Back Up the Registry in Windows 98" (and Windows Me)
  • Q221512 "How to Manually Restore the Windows 98 Registry" (and Windows Me)
• Caching/proxy/NAT
  • If your Internet Service Provider uses caching or proxy servers to speed access, then you may not need to adjust the Receive Window.
  • If you are sharing your Internet connection with NAT, then you need to adjust the Receive Window on all computers accessing the Internet through NAT; with proxy, only the proxy server needs the adjustment. (Microsoft's Internet Connection Sharing is based on NAT.)
  • If you are using Microsoft's Internet Connection Sharing (ICS) in Windows 98 Second Edition, then you may need to change an additional Registry setting -- see Q230116 "Slow Transfer Rates with ICS and High-Bandwidth Devices". Note: This fix is now included in Method 2.
• MTU
  • If you ever used a tweaking program to improve the speed of dialup modem connections, then you should restore other network settings to their defaults, particularly MTU ("MaxMTU" in the Windows 95/98/Me Registry, "MTU" in the Windows NT/2000/XP Registry).
  • If you have DSL service using PPPoE, then your MTU may need to be set to a value in the range of 1400-1492. (See "What is PPPoE?")
  • It is not necessary to make the TCP Receive Window size an exact multiple of MTU or MSS (or any other value) to avoid performance degradation due to packet fragmentation, as is commonly claimed. That is just another urban myth.
• Latency
  • If you are running Windows 98 or Windows 2000/XP and have very high latency, you may need to increase the value above 65535 to get maximum speed (e.g., to 128000 or even 256000). This does not work with Windows 95 or Windows NT.
  • Changing the size of the Receive Window will not have any effect on latency, which is what matters most for on-line gaming. There is no setting in your computer that will help on-line game play. However, if you are on Interleaved Mode DSL, you may be able to decrease latency with a switch to Fast Mode -- see What is "Interleaved Mode?"
  • Latency and packet loss can be measured with the 'ping' command. Open a Command window and type "ping remotesite" where remotesite is the domain name or IP address of the remote server (e.g., "ping www.yahoo.com"). See also "How to find out what's slowing you down".
• Other
  • You can delete the downloaded file once the change has been made, but it might be a good idea to save it for future reference.
  • To remove this change from your Registry, use the provided INF file in Method 1, use Method 2, or use RegEdit to delete the particular Registry value that was added (i.e., DefaultRcvWindow, TcpWindowSize, or GlobalMaxTcpWindowSize), and reboot your system. (Windows will then return to the default value.)

[Jump to Contents]

TCP Receive Window in Microsoft Windows Vista (new!)

Windows Vista has a new feature called Receive Window Auto-Tuning that is supposed to adjust the TCP Receive Window size automatically. While it works properly much of the time, it can cause problems in some situations:

• It takes a very long time to download an e-mail message from a POP3 server in Outlook 2007 (KB935400) [Lists all possible values for autoTuningLevel]
• Network connectivity may fail when you try to use Windows Vista behind a firewall device (KB934430)
• Transmission throughput is less than expected for a 3G WWAN data card in Windows Vista (KB940646)
• A Web site sends data very slowly or drops the data completely when you use Windows Vista Enterprise (KB929868)
• When you copy large files to or from earlier operating systems, the copy operation may be slower than expected on some Windows Vista-based computers (KB932170)

To resolve problems with Receive Window Auto-Tuning in Windows Vista:

1. First try autoTuningLevel=restricted (as described in the first reference above)
2. Then try autoTuningLevel=highlyrestricted (as described in the first reference above)
3. Also try autoTuningLevel=disabled (as described in the first reference above)
4. It may also help to set rss=disabled (RSS stands for Receive-Side Scaling)

[Jump to Contents]

Increasing TCP Receive Window for Apple Macintosh

Caveat: The following information has not been tested by this author. USE AT YOUR OWN RISK.

TCP Receive Window can be adjusted with the "tcp_rwin_mss_multiplier" setting of the OT Advanced Tuner from Sustainable Softworks. This author suggests a starting value of 20. You may need to experiment to find your own optimum setting(s). For more information, see:

• "More on TCP/IP Tuning" (Sustainable Softworks)
• "How to Download and Browse at the Same Time" (Sustainable Softworks)

Note: This author has no connection to Sustainable Softworks.

[Jump to Contents]

Why TCP Receive Window Matters

TCP is a packet-based protocol where data is transmitted in variable-sized blocks, typically with a maximum size of 500-1500 characters (usually 1500 characters for Cable Modem or DSL). Two important characteristics of the TCP protocol:

Packet Acknowledgments

In order to insure delivery of each packet, the receiver must acknowledge successful receipt by sending a special acknowledgment packet to the sender. If the sender does not receive the acknowledgment packet within a certain time limit, it assumes the packet has been lost and retransmits it (up to a retransmission limit).

Receive Window

If each data packet had to be acknowledged before another could be sent, then performance could suffer due to the delay time needed for the data packet to reach the receiver plus the time needed for the acknowledgment packet to get back to the sender. To avoid this delay, the sender is allowed to keep transmitting data packets prior to receiving acknowledgments up to a maximum "window" size advertised by the receiver, normally large enough for several packets. The larger the window, the more packets that can be sent before needing an acknowledgment; however, larger windows can require more packets to be retransmitted when a transmission error occurs. Hence, the receive window size needs to be large enough to keep data flowing continuously, but not excessively large.

As an example, consider the case of downloading a file at 100 kilobytes per second from a remote server over a Cable Modem or DSL connection. The default TCP Receive Window of about 8K bytes will be consumed in only about 80 milliseconds, which is often less than the round-trip latency on the Internet. At this point the sender has to stop sending until an acknowledgment that data was received comes back from the receiver. With a TCP Receive Window of 32K bytes, the sender can continue for as long as 325 milliseconds without an acknowledgment, which should permit uninterrupted data flow even when latency is 100-200 milliseconds or more. (With a TCP Receive Window of 63K bytes, the sender can continue for as long as 650 milliseconds.)

See animations in TCP Receive Window Illustration.

The following table can be used to determine the minimum TCP Receive Window size needed for given (1) downlink speed (see "How to check your connection speed") and (2) latency:

This TCP Receive Window tweak is needed because Windows 95/98/Me/NT/2000/XP do not do a proper job of automatically adjusting the TCP Receive Window size to accommodate different network speeds and latencies. (Other operating systems may do a better job and not need this kind of tweaking; in this author's tests, for example, Red Hat Linux 6.0 performed as well without tweaking as Windows 98 with tweaking, even though Linux was running on much slower hardware.)

[Jump to Contents]

Dealing with latency, packet loss, and/or upload speed

Latency and packet loss can be measured with the 'ping' command. Open a Command window and type "ping remotesite" where remotesite is the domain name or IP address of the remote server (e.g., "ping www.yahoo.com"). For more information, see "How to find out what's slowing you down".

Latency

In basic terms, latency is the time needed for a round trip over the Internet between two points (e.g., your computer and remote host). Latency is usually not a problem with a proper TCP Receive Window (see "Why TCP Receive Window matters"), but high latency can adversely affect interactive applications such as on-line real-time gaming. High latency is usually caused by Internet routing and/or congestion issues. There's usually not much you can do about such issues other than complaining or even switching service providers. However, if your latency is is higher due to "interleaved mode" then it may be possible to get some improvement. See "What is 'Interleaved Mode?'"

Packet Loss

Data is transmitted over the Internet in blocks known as packets. Packets usually reach their destination, but may be lost due to such things as network congestion. When a packet is lost, it takes a significant amount of time for: the receiver to notice that a packet has been lost; the receiver to notify the sender to resend the lost packet; and packet(s) to be retransmitted. Ideally zero, packet loss should be less than 1%; packet loss over 5% is generally considered severe. There's usually not much you can do about packet loss other than complaining or even switching service providers. There is no adjustment that you can use to decrease packet loss. However, if you are suffering from packet loss, the adverse effects may be reduced by decreasing the TCP Receive Window. See "Why TCP Receive Window matters".

Upload Speed

Your upload speed (sending to a remote host) will be limited by your Internet connection, network path, and remote host. It may also be limited by capping (see "How the Upstream Cap can affect Downstream Speed"). It is not limited by settings you can adjust; i.e., there is no adjustment that you can use to increase upload speed.

[Jump to Contents]

Why tweaking TTL won't increase speed

The purpose of TTL is to guard against impossible or erroneous routing (e.g., loops where a packet would otherwise go around and around forever); for example, given an intended route from A to E:

In this case (looping between C and D) the TTL counter would run down to zero and expire, bringing an end to the loop:

The objective is to have TTL large enough that packets will always reach their destinations over valid routes even with lots of hops, but not so large that excessive resources are wasted when erroneous routing (e.g., looping) is encountered.

In Windows 95 TTL defaults to 32. In almost all cases this is sufficient, since normally the number of hops will be less than 32 (usually much less). However, if and when the number of hops does exceed 32, then packets won't reach the intended destination (and communication won't be possible at all). To guard against unusual cases where the number of hops does exceed 32, default TTL was increased to 128 in Windows 98.

The bottom line is that TTL is not a parameter that increases or decreases speed. If packets are reaching the intended destination, then increasing TTL won't have any effect at all. TTL only matters when packets aren't able to reach the intended destination over a valid route; i.e., when there is no speed at all.

You can check the number of hops on a given route in Windows by using "tracert" (Microsoft-speak for "traceroute") in a command window; e.g.,

(The trace above was performed over a dialup modem connection. The times in ms would normally be much lower on a Cable Modem or DSL connection.)

For more information on TTL, see RFC 791.

[Jump to Contents]

Why the System.ini Tweak Doesn't Work

The claim is that the tweak (IRQn=4096) improves network performance by allocating 4 megabytes of memory as a buffer for the IRQ (n) used by your network adapter. However:

• The setting has no effect on actual memory allocation.
• The setting does not actually affect network performance in carefully controlled tests. (Anecdotal reports are mixed, and unreliable due to Internet and system variabilities, particularly the effects of caching.)
• There is no apparent evidence that there even is any such setting in Microsoft documentation.
• Windows does not allocate buffer memory for IRQ's. (Buffers are the responsibility of device drivers, which allocate them by device, not by IRQ. On the PCI bus, a single IRQ can be shared by multiple devices.)

While it doesn't help, the good news is that (like TTL) this setting doesn't hurt (assuming you don't screw up your SYSTEM.INI file) -- Windows just ignores settings that it doesn't recognize.

Note: This may have gotten its start as confusion over the real SYSTEM.INI settings COMnIrq and COMnBuffer, which are used to control serial port IRQ assignment and buffering (the latter of which can help serial port throughput). But these settings pertain only to the standard Microsoft serial port driver, not to network adapters.

[Jump to Contents]

How to check your connection speed

To accurately measure the speed of your local link, download a large file (at least one million bytes) from a local server under light load (e.g., Internet software from your ISP in the wee hours) and time how long it takes. When all the various overheads are taken into account, with optimum configuration of your computer (see "Increasing TCP Receive Window") your binary FTP download speed in bytes per second will be about 1/10 of the raw link speed in bits per second (e.g., about 150 KBytes/sec over 1500 Kbits/sec link; about 38 KBytes/sec over 384 Kbits/sec link).

If you are running Windows 98, you can continuously monitor the speed at which data is being sent and received over a network adapter (commonly used to connect a cable or DSL modem) by installing Network Monitor Agent, which is located in the Windows 98 CD directory \Tools\ResKit\NetAdmin\NetMon. Once installed, you will be able to add Network Monitor Performance items to the display in System Monitor. (Network Monitor Agent is also available for Windows 95 in the Windows 95 CD directory \Admin\NetTools\NetMon, and can also be downloaded from Microsoft by HTTP or FTP. The executable files in the Windows 95 download are exactly the same as the Windows 98 CD version, so the download should also work for Windows 98, notwithstanding the warning on the Microsoft web page. It may work for Windows Me as well.) For more information see Q200910 "How to Install Network Monitor in Windows 95/98".

If you are running Windows NT/2000/XP, you can continuously monitor the speed at which data is being sent and received over a network adapter (commonly used to connect a cable or DSL modem) with Performance Monitor. The Object to use is Network Interface. (For information on Instances, see Q154535 "Multiple Instances of Network Interface in Performance Monitor".)

[Jump to Contents]

How to find out what's slowing you down

The usual symptoms of network under-capacity are high latency (the time it takes a packet to cross the network path from one end to the other) and packet loss (where transmitted data is literally lost because of insufficient network capacity). High latency has an adverse effect on interactive use; e.g., real-time gaming over the Internet. Packet loss has an adverse effect on just about everything.

The best way to pinpoint the source of a network problem is to use a standard TCP/IP network tool called 'traceroute', which measures both latency and packet loss at every network "hop" between you and your destination (remote server). Windows 95/98/Me/NT/2000/XP comes with a free version of traceroute called "tracert". It does a pretty good job, but the output can be hard to understand if you're not into networking. (See Microsoft's Q162326 "Using TRACERT to Troubleshoot TCP/IP Problems in Windows NT" [which also applies to Windows 95/98/Me])

One of the best traceroute alternatives is VisualRoute (shareware: $37.50) by Visualware, available for a variety of platforms, including Windows 95/98/Me/NT/2000/XP, Solaris, and Linux. A fully-functional 30-day demo is available for free download. It combines excellent ease of use with a high level of functionality, notably the ability to analyze the cause of network problems and display the results in English; e.g., (real example, emphasis added):

Other good traceroute alternatives include:

• Windows
  • Sam Spade (freeware)
  • NeoTrace (shareware: $30)
• Macintosh
  • AGNetTools (commercial: $50; also Windows version)
  • Anarchie (shareware: $30)
  • IP Net Monitor (trialware: $20)
  • WhatRoute (freeware; recommended)

[Jump to Contents]

How the Upstream Cap can affect Downstream Speed

Although downstream speeds are usually high (typically in the range of 768 Kbps to 1.5 Mbps), consumer-grade Cable or DSL service often has an upstream cap (artificial limit) of 128 Kbps, which is only about 4 times faster than a V.90 (56K) dial-up modem (limited to about 31 Kbps upstream), and a fraction of the downstream speed.

What is not generally well-known is that the upstream cap can also affect the downstream speed -- if the upstream is saturated by uploading (e.g., sending a large PowerPoint file to the boss, or running a Napster or other public service), the downstream will drop to about the same speed. This is due to a weakness in the basic TCP Internet protocol, not Cable or DSL per se, and not the service provider.

Cable Internet is more vulnerable to this problem than DSL. Unlike DSL, where each subscriber has a dedicated connection to the head-end (DSLAM), the Cable Internet upstream path to the head-end (CMTS) is shared by all subscribers on a given cable segment. If that upstream gets saturated, which might be caused by only a relatively few subscribers, downstream speeds take a big drop for all subscribers on that segment.

As an illustrative example, consider a DOCSIS cable segment with 4 upstream channels per downstream channel, and 1000 subscribers (a recommended maximum).

• The upstream channels can be anywhere from 160 Kbps (200 kHz QPSK) to 10 Mbps (3.2 MHz QAM 16), with 800 Khz QPSK perhaps the most common in practice, giving an upstream channel capacity of 640 Kbps.
• The downstream channel can be 27 Mbps (QAM 64) or 36 Mbps (QAM 256), with 27 Mbps (QAM 64) perhaps the most common in practice.

The aggregate upstream capacity of 4 channels would be about 2.5 Mbps, as compared to downstream capacity of 27 Mbps. If the upstream saturates, the downstream rate will drop to about the same speed, a dramatic slowdown of about 90% (2.5 Mbps as compared to 27 Mbps).

Even with cable modems capped to 128 Kbps upstream, 2.5 Mbps upstream capacity can handle only 20 (2.5 Mbps / 128 Kbps) simultaneously active modems before saturation. That's generally not a problem if cable modem usage is typically (1) infrequent, (2) downstream [e.g., web surfing], and (3) interactive [e.g., fetch-use]. The system can break down if those conditions are not met.

This makes it easier to see why certain Cable Internet providers condemn continuous use of upstream (e.g., running a popular public service) as "abuse" -- each such subscriber consumes capacity normally allocated for 1000 / 20 = 50 subscribers. Worse, there's a threshold effect: If the upstream is running at (say) 80% of capacity with typical subscribers, it takes only 4 (out of 1000) heavy upstream users at 128 Kbps to drive the upstream into saturation, thereby slowing downstream to a crawl for all subscribers on that segment. (Exact numbers, of course, depend on actual channel numbers and speeds.)

For more information, see RFC 3449 "TCP Performance Implications of Network Asymmetry".

[Jump to Contents]

Microsoft's TCP/IP retransmission bug

Microsoft has confirmed a TCP/IP retransmission bug in Windows 95, 98, and NT that can adversely affect upload (not download) throughput over "high-delay networks (for example, satellite links)." Standard Cable Modem or DSL service should not be affected by this bug; i.e., the fix is usually not needed. For more information see:

• Windows 95/98
  Q236926 "Windows 95 and Windows 98 TCP/IP May Retransmit Packets Prematurely"
• Windows NT
  Q232512 "TCP/IP May Retransmit Packets Prematurely"
  The problem is corrected in Service Pack 6. (The latest version at the time of this writing is actually Service Pack 6a, which corrects certain problems in the original Service Pack 6.)

[Jump to Contents]

Reduce DNS errors in Windows 2000/XP

Windows 2000 and Windows XP come with a "DNS Client" Service that automatically caches (temporarily saves) DNS addresses. This boosts performance by avoiding repetitive DNS lookups of the same address -- the results of a successful lookup (positive response) are saved and reused until the cache expires.

By default the DNS Client also caches negative responses (including the lack of any response from the DNS server). Unfortunately, that can prevent you from recovering from transient DNS errors for an extended period of time. If, for example, the DNS servers at your ISP are temporarily overloaded, or slow to respond due to network congestion, the DNS Client will cache the negative response. Until that cache entry expires, which can take several minutes, it won't even try to lookup that name again -- you'll just get an immediate error. That prevents you from quickly recovering from DNS errors by simply retrying, the recommended thing to do. This can lead to frustrating delays and seeming loss of connectivity problems.

The best way for the typical Internet user to deal with this issue is to disable negative caching, leaving positive caching intact. (Completely disabling the DNS Client is like throwing the baby out with the bathwater because you would then lose the benefits of positive caching.) Negative caching can be disabled by adding three Registry Values (NegativeCacheTime, NegativeSOACacheTime, and NetFailureCacheTime, all not normally present), setting them to zero. Since manual editing of the Registry is a tricky and risky business, I've provided a simple Registry script to do the job. (Click the link to start the download; save the script to your desktop; and then double-click on it to run it. When you get the "Are you sure you want to add the information..." dialog box, click Yes. The script can then be discarded.)

There is no real downside to making these changes -- just delay if you make repeated tries to an invalid Internet name. (Nevertheless, please note that you do this at your own risk, and that it's always a good idea to back up your Registry before making any change.)

To go back to Windows default behavior, simply remove the three Registry Values described above. Since manual editing of the Registry is a tricky and risky business, I've provided a simple INF script to do the removal. (Click the link to start the download; save the INF file to your desktop; right-click on it, and then choose Install to run it. The INF file can then be discarded.)

[Jump to Contents]

Security on Cable Modem or DSL for Microsoft Windows

If you are running Windows 95/98/Me, at a minimum you should make sure that the built in capability for File and Print Sharing can't be used against you over the Internet using one of the following methods:

If you are running Windows NT/2000/XP, security is considerably more complex than for Windows 95/98/Me. Start with:

• Q164882 "Practical Recommendations for Securing Internet-Connected Windows NT Systems"
• Microsoft TechNet Security
  • Security Best Practices

For more information on the real risks of Microsoft Networking, see "File and Printer Sharing (NetBIOS) Fact and Fiction".

For greater security, run a "firewall" -- special software that actively works to protect you. You can run firewall software on your own computer:

»	AnalogX PortBlocker (free, port blocking only)
»	BlackICE Defender
»	ConSeal PC Firewall (Recommended)
»	eSafe Protect Desktop
»	Internet Guard Dog
»	Internet Firewall 98 For Personal Computers
»	Internet Firewall 2000 For Personal Computers
»	LockDown 2000 (trojan scanning)
»	McAfee.com Personal Firewall (MPF) (Recommended) (formerly ConSeal Private Desktop)
»	NetWatcher 2000
»	Norton Internet Security (partially derived from WRQ AtGuard)
»	Norton Personal Firewall (partially derived from WRQ AtGuard)
»	PC Viper
»	PGP Desktop Security
»	SOS Best Defense
»	SPHINX Personal Firewall
»	Sygate Personal Firewall (free for personal use)
»	Tiny Personal Firewall (free for personal/home use; ICSA-certified technology; recommended)
»	WinRoute Pro
»	WRQ AtGuard
»	ZoneAlarm (free; recommended for those on a budget)

If you are willing to spend more money, you can get even better protection by using a separate standalone (hardware) firewall. See "Hardware Firewalls (SOHO Routers)".

Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:

• " stateful (packet) inspection" technology; and
• independent certification of effectiveness. Certification resources include:
  • CCS
  • ICSA
  • NSA/NIST

Content Filtering

If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering:

»	Hardware
	»  SonicWALL + Content Filter List Subscription (Recommended)
»	Software
	»  Cyber Patrol
	»  Cyber Sentinel
	»  Cyber Sitter
	»  Net Nanny
	»  SOS Kidproof

[Jump to Contents]

Security on Cable Modem or DSL for OS/2

For real security, run a "firewall" -- special software that actively works to protect you. You can run firewall software on your own computer:

• InJoy Firewall
• SafeFire Firewall (free)
• Zampa (configures the firewall included in TCP/IP 4.1+)

Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:

• " stateful (packet) inspection" technology; and
• independent certification of effectiveness. Certification resources include:
  • CCS
  • ICSA
  • NSA/NIST

If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering, based on either software or hardware (e.g., SonicWALL).

[Jump to Contents]

Security on Cable Modem or DSL for Apple Macintosh

For real security, run a "firewall" -- special software that actively works to protect you. You can run firewall software on your own computer:

»	DoorStop
»	NetBarrier

If you are willing to spend more money, you can get even better protection by using a separate standalone (hardware) firewall. See "Hardware Firewalls (SOHO Routers)".

Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:

• " stateful (packet) inspection" technology; and
• independent certification of effectiveness. Certification resources include:
  • CCS
  • ICSA
  • NSA/NIST

Content Filtering

If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering:

»	Hardware
	»  SonicWALL + Content Filter List Subscription (Recommended)
»	Software
	»  Cyber Patrol

[Jump to Contents]

Hardware Firewalls (SOHO Routers)

You get the best possible external protection by using a separate standalone (hardware) firewall. (Software firewalls may still provide better protection against internal attacks; e.g., trojans, spyware.) Many of these products also include NAT (network address translation, see RFC 1631) for sharing a single Cable Modem or DSL connection (see "How to run multiple computers on Cable Modem or DSL"):

»	Addtron ADR-E200P (inc. dial-in port, printer server)
	Allied Telesyn
	»  AT-AR220E Router
	»  AT-AR320 Router (inc. secure dial-in ports)
»	BeadleNet SOHO2000
»	D-Link DI-701 Residential Gateway
»	Farallon NetLINE Broadband Gateway
»	Kingston KNR7TXD Internet Access Router
	Linksys
	»  BEFSR11 EtherFast 1-Port Cable/DSL Router
	»  BEFSR41 EtherFast 4-Port Cable/DSL Router
	»  BEFSR81 EtherFast 8-Port Cable/DSL Router (QoS)
»	Macsense XRouter (NAT only*)
	MaxGate
	»  Ugate-Plus
	»  Ugate-3000
	»  Ugate-3200
»	Multi-Tech ProxyServer
	NETGEAR
	»  Gateway Router RT311 (Recommended)
	»	Cable/DSL Firewall Router FR314 (stateful inspection; IPsec VPN pass-through) (Recommended)
	»  Cable/DSL Router RT314 (Recommended)
»	Netopia Routers
	NexLand
	»  ISB2LAN (NAT only*; multi-session IPsec VPN pass-through)
	»  ISB SOHO (NAT only*; single-session IPsec VPN pass-through)
	»  ISB Processional Series (wide range of models)
»	SMC Barricade (inc. printer server)
»	SonicWALL (stateful inspection; ICSA Certified; supports IPsec VPN) (Recommended)
»	3Com OfficeConnect Internet firewall (based on SonicWALL)
»	WatchGuard SOHO
»	WebRamp 700s (private label SonicWALL)
	ZyXEL
	»  Prestige 310
	»  Prestige 312 (stateful inspection; ICSA Certified) (Recommended)
	»  Prestige 314
	»  Prestige 316 (wireless)
	»  ZyWALL 10 (stateful inspection) (Recommended)

^* Products based only on NAT are less effective than true firewalls.

See also "ADSL Modem Guide (DMT issue 2)" for products that include packet filtering or firewall.

Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:

• "stateful (packet) inspection" technology; and
• independent certification of effectiveness. Certification resources include:
  • CCS
  • ICSA
  • NSA/NIST

If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering, based on either software (e.g., NetNanny) or hardware (e.g., SonicWALL).

If you are a "power" user, you can build your own low-cost firewall with:

»	Linux e.g.,
	»  Astaro Security Linux (free for private home use)
	»  Coyote Linux (variant of Linux Router Project)
	»  FirePlug EDGE Project
	»  Freesco (successor to Ballantain)
	»  Linux Router Project
	»  NetBSD/i386 Firewall
	»  NetMAX (not free)
	»  ShareTheNet (not free)
»	FreeBSD
»	GNATBox (Recommended)
»	IPRoute
»	OpenBSD

[Jump to Contents]

Check Your Security

• Services
• Ports (and what they mean)
• Resources (information & tools)

Services

Recommended websites that offer checking services:

• HackerWhacker^TM
  Thorough but complex.
• Security Space My Security Desktop Audit
  Good solid analysis; easy to understand.
• Vulnerabilities.org
  Free; thorough but complex; may be confusing.

Not recommended websites that offer checking services:

• Online Scanner (Trojan Scanner)
  Failed to find vulnerabilities in tests by this author.
• Secure-Me (Dslreports.com)
  Often unavailable.
• Shields UP!^TM (grc.com)
  Contains dangerous misinformation.
• Symantec Security Check
  Incomplete; biased; virus scanner crashed test system.
• WebTrends Security Check
  Failed to find vulnerabilities in tests by this author.

For a review of checking services, see ZDNet "Online Security Services".

Ports (and what they mean)

• Definitions:
  • port
  • port number
  • port scan
  • spyware (See "'Spies' in Your Software?")
  • trojan (trojan horse)
• HackerWhacker^TM:
  • Commonly Probed Ports (Recommended)
  • NMAP Services (large list)
• Well Known Port Numbers (IANA)

Resources (information & tools)

• Information
  • CERT® Coordination Center
    • CERT® Advisories (Recommended)
  • Computer Security Resource Center (NIST)
    • Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (NIST 800-10, recommended)
  • Internet Security Systems (database of threats & vulnerabilities)
  • L0pht Heavy Industries (famous, run by "hackers")
    • Security Advisories
  • Microsoft Security
  • SecurityFocus
  • SecurityPortal
    • Understanding Concepts In Enterprise Network Security And Risk Management
• Tools
  • SamSpade.org (variety of on- and off-line tools)
  • SpamCop Host Tracker (find the responsible party) (Recommended)

(HackerWhacker is a claimed trademark of HackerWhacker. "Shields UP!" is a claimed trademark of Gibson Research Corporation. CERT is a registered service mark of Carnegie Mellon University.)

[Jump to Contents]

Privacy on the Internet

Although the Internet can be an incredibly valuable resource, it can also be used against your interests, often without your knowledge or consent. Businesses (and other organizations) now routinely use the Internet to gather and compile personal information profiles. All too often these profiles are traded between businesses and aggregated into even more comprehensive profiles, to which just about anyone can get access, even those with bad intentions. In addition to basic information, these profiles can include employment information, financial information (e.g., bank accounts, credit card numbers, brokerage accounts), medical information, personal habits (e.g., what you buy, what you read, what you do), and much more. Here's how this works:

• Information you provide
  When you purchase something on line, register a product, or even just register for a (free) service, you are typically providing personal information. Without explicit privacy protections, that information may be passed on to other organizations without your knowledge. Even when there is privacy protection, you might have inadvertently given "permission" for your information to be used -- often forms will have a hard-to-notice permission option that is checked by default. At other sites you have to explicitly opt out to protect your privacy. Both the need and means to do so may be obscure.
• Banner ads
  Those banner ads on many websites aren't just annoying -- they're often reporting personal information, that is received and complied by the on-line ad agency (e.g., AdForce, DoubleClick). Just the (automatic) displaying of the ad is enough to trigger the information transfer. Pieces of your information can be tied together by a unique identifier that is stored on your computer in the form of a "cookie," usually without your knowledge. Some other identifier may also be used, such as a credit card number, social security number, or even the unique hardware address of a network card.
• Cookies
  A "cookie" is a computer token that your Web browser (e.g., Netscape Navigator, Microsoft Internet Explorer, Opera) uses to maintain information related to one or more web sites. Often that information is stored and accessed without your knowledge or consent. Transient/temporary cookies are held in memory; persistent cookies are stored on your hard disk. (See "Cookie Central" for more information.)
• Trojans
  The term "trojan horse" is often just associated with malicious programs. However, the term really applies to any program that purports to do one thing while actually and surreptitiously doing another thing. Such programs can be used to compromise your privacy by sending out personal information without your knowledge or consent. (That information could be anything entered into, retrieved by, or stored on your computer.) Such programs may even come from otherwise reputable organizations (see "RealNetworks Probe Begins" and "Readers report uninvited software making itself at home on their systems").
• Related information and links
  • BrowsInfo (See what your browser says about you)
  • Data Privacy (Center For Democracy & Technology)
    • Privacy Guide
  • Electronic Frontier Foundation
  • Electronic Privacy Information Center (EPIC)
    • Surfer Beware: Personal Privacy and the Internet
    • The Cookies Page
  • Gripe Line (InfoWorld column by Ed Foster)
  • Internet Privacy: A Public Concern
  • Is there hope for Net privacy? (ZDNet)
  • Junkbusters
  • Platform for Privacy Preferences (P3P) Project
  • Privacy.net
    • Privacy Analysis of your Internet Connection (Recommended)
  • Privacy Rights Clearinghouse
    • Privacy In Cyberspace: Rules of the Road for the Information Superhighway
  • Public Workshop: On-Line Profiling (FTC)
  • "Spies" in Your Software? (PRIVACY Forum)
  • Turning 'spies' into 'assistants' (USA TODAY)
  • What are banner ads saying about us?
• What you can do
  • Ad & Cookie Blockers
    • Microsoft Windows
      • AdSubtract interMute
      • Internet Junkbuster Proxy
      • Naviscope
      • Norton Internet Security 2000
      • Proxomitron
      • WebWasher (Recommended)
    • Apple Macintosh
      • WebFree
      • WebWasher (Recommended)
    • UNIX/Linux/Other operating systems
      • AdKiller
      • Internet Junkbuster Proxy
  • Anonymizers
    • Anonymizer Inc.
    • IDZap.com
    • PrivacyX
    • Somebody Anonymizer
  • Firewall blocking (see "Security on Cable Modem or DSL")
    (Be warned that firewall blocking may not be effective against all types of assaults on privacy. Also note that firewall blocking alone may cause your browser to slow down or even hang.)
  • Opt-out
    (Be warned that some purported opt-out services, particularly those for junk email [spam], may only make things worse, because they are actually just address verification mechanisms.)
  • Spyware detection and removal
    • AD-aware

[Jump to Contents]

What is PPPoE?

Some providers are touting PPPoE ("dynamic IP") as safer than bridge/routed service, but this is a dangerous misconception -- PPPoE is not significantly safer.

PPPoE currently requires either:

Special PPPoE Software:

• Microsoft Windows:
  • NTS EnterNet
    • Frequently Asked Questions
    • Product Documentation
  • RASPPPOE for Windows 98/98SE/Me/2000/XP/2002 (free) (Recommended)
  • Wind River WinPoET
• Macintosh:
  • NTS EnterNet
    • Frequently Asked Questions
    • Product Documentation
  • Wind River MacPoET
• OS/2:
  • SafeFire PPP
• Linux:
  • EnterNet for Linux FAQ
  • HowTo:
    • "EnterNet for Linux - Installation Instructions/Dynamic DSL Registration"
      (accessible only to PacBell Internet subscribers)
    • "Mindspring PPPoE On Linux"
    • "Using Linux with Bell Atlantic Infospeed DSL"
  • "Kernel PPP over Ethernet Support" by Michal Ostrowski
  • PPPOE Implementation by Jamal Hadi Salim
  • "PPPOE On Linux User Space Client" by Grant Fischer
  • PPPoE redirector for Linux by Luke Stras
  • Roaring Penguin's PPPoE Client (Recommended)
  • SUSE Linux
  • "Using DSL Modems with Linux" by Rod Smith

Hardware with PPPoE support:

	Allied Data Technologies
	»  CopperJet 800/E
	»  CopperJet 800/USB
»	Cisco Routers
»	D-Link DI-701 Residential Gateway
	Linksys
	»  BEFSR11 EtherFast 1-Port Cable/DSL Router
	»  BEFSR41 EtherFast 4-Port Cable/DSL Router
	»  BEFSR81 EtherFast 8-Port Cable/DSL Router
»	Macsense XRouter (NAT only*)
»	MaxGate
	»  Ugate-Plus
	»  Ugate-3000
	»  Ugate-3200
	NETGEAR
	»  Gateway Router RT311 (Recommended)
	»	Cable/DSL Firewall Router FR314 (stateful inspection; IPsec VPN pass-through) (Recommended)
	»  Cable/DSL Router RT314 (Recommended)
»	Netopia Routers
	NexLand
	»   ISB2LAN (NAT only*; multi-session IPsec VPN pass-through)
	»  ISB SOHO (NAT only*; single-session IPsec VPN pass-through)
	»  ISB Processional Series (wide range of models)
»	SMC Barricade
»	SonicWALL (supports IPsec VPN) (Recommended)
	ZyXEL
	»  Prestige 310
	»  Prestige 312
	»  Prestige 314
	»  Prestige 316 (wireless)
	»  Prestige 641
	»  Prestige 642

Important Notes:

DHCP (long hangs)

If you are running PPPoE software on Windows, and your computer seems to "hang" at startup and/or at times while you are accessing the Internet, the cause may be DHCP timeout. The fix is to set a private IP address (e.g., 192.168.0.1, with a Subnet Mask of 255.255.255.0) Under Windows 95/98/Me, go to Control Panel - Network - TCP/IP pointing to something other than Dial-Up Adapter -  Properties - IP Address.

Internet Explorer "No Connection" Problem

If Internet Explorer 5.0 keeps reporting that there is "No Connection" but recovers with "Try Again" try installing Service Pack 1, or upgrade to Internet Explorer 5.5 (or above).

MTU (access problems)

Certain PPPoE implementations do not work well with an MTU setting of 1500 (the Microsoft Windows default). The work-around is to manually set MTU to a lower value in the range of 1400-1492. This problem is reportedly fixed in Enternet 1.31 for Windows and 5.09b for Macintosh.

Staying Connected

To keep Windows NT/2000/XP connected after logging off, see Q158909 "How to Keep RAS Connections Active After Logging Off".

Win98SE NDIS Problem

If you are running PPPoE software on Windows 98 Second Edition, see Q243199 "Windows 98 Second Edition Problems with NDIS Intermediate Drivers"

For vendor/provider perspectives on PPPoE, see:

• Frequently Asked Questions (Redback)
• PPP over Ethernet, A Differentiating Advantage for Internet Service Providers and Carriers (Redback)
• PPP over Ethernet, A Comparison of Alternatives for PC-to-xDSL Modem Connectivity (Redback)

For subscriber perspectives on PPPoE (particularly problems resulting from premature deployment), see:

• PPPoE FAQ by Bob Carrick
• SympaticoUsers.org

[Jump to Contents]

What is PPPoA?

Some providers are touting PPPoA ("dynamic IP") as safer than bridge/routed service, but this is a dangerous misconception -- PPPoA is not significantly safer.

• Alcatel
  • Speed Touch Home (Ethernet; uses PPTP support)
• Allied Data Technologies
  • CopperJet 800/E (Ethernet)
    NAT, DHCP, DNS Proxy, Packet Filtering, PPPoE
  • CopperJet 800/USB
    DHCP
• Aztech
  • ADSL PCI Modem (DSL300P)
  • USB ADSL Modem (DSL800U)
  • External ADSL Modem  (DSL900E)
• Cayman
  • 3220 (Ethernet)
    NAT, DHCP
• Cisco
  • 1417 (Ethernet)
    NAT, DHCP, Firewall, VPN
  • SOHO 77
    NAT, DHCP, Firewall
• Efficient Networks
  • SpeedStream 3060 (PCI)
  • SpeedStream 4060 (USB)
  • SpeedStream 5260 (Ethernet)
  • SpeedStream 5660 (Ethernet)
• Lucent InterNetworking Systems
  • CellPipe 50A
    NAT, DHCP, Firewall
• 3Com
  • HomeConnect ADSL Modem (PCI)
• ZyXEL (ZyXEL on-line store)
  • Prestige 641 (Ethernet)
    NAT, DHCP, DNS Proxy, Packet Filtering, PPPoE
  • Prestige 642 (Ethernet)
    NAT, DHCP, DNS Proxy, Packet Filtering, PPPoE

• FreeBSD (Usenet threads)
• Linux (Usenet threads)

See also:

• ATM Forum

[Jump to Contents]

Sharing Cable Modem or DSL on multiple computers

Windows 98 Second Edition and Windows 2000/XP include Internet Connection Sharing (ICS), which provides basic functionality for sharing a single Internet connection on a small peer-to-peer network. The drawback is that such sharing only works when the sharing computer ("gateway") is up and running, which can be inconvenient. Information on using ICS can be found in:

• Q234815 "Description of Internet Connection Sharing" (includes several useful links)
• Q230116 "Slow Transfer Rates with ICS and High-Bandwidth Devices" (important)
  Note: This fix is now included in Increasing TCP Receive Window, Method 2.
• "Share a Single Internet Connection Among Multiple PCs with Windows 98 Second Edition" (Microsoft Product Insider)

A third-party alternative that gets high marks for compatibility (e.g., with PPPoE) and ease of use is All Aboard! from InterNetShare.com. (Recommended)

For Apple Macintosh, similar sharing functionality is available in:

• IPNetRouter from Sustainable Softworks
• SurfDoubler from Vicomsoft

Other alternatives for sharing include:

• Standalone "SOHO Router" (Recommended)
• Your own dedicated "server" (see "Low-cost server for your small network")

Standard cabled networking hardware:

»	Intel
»	Kingston
»	NETGEAR (Recommended)
	»  FA310TX 10/100 Fast Ethernet PCI Adapter
	»  DS106 10/100 Mbps Dual Speed Hub (6 port)
	»  DB104 10/100 Mbps Ethernet Kit
»	3Com
»	Good place for network cable: Home Depot (yes, Home Depot)

Networking without having to run network cables:

Wired phoneline networking:
»  D-Link Home Phoneline Network
»  Diamond HomeFree
»  Farallon HomeLINE (Recommended)
»  Intel AnyPoint (1 Mbps or 10 Mbps)
»  Linksys HomeLink
»  NETGEAR Phoneline10X
»  3Com HomeConnect
»  Zoom HomeLAN
Wired powerline networking:
»  Intelogis PassPort
Wireless networking* (1-2 Mbps):
»  Acer WarpLink
»  Diamond HomeFree
»  Intel AnyPoint
»  Proxim Symphony
»  SOHOware CableFREE
»  WebGear Aviator
Wireless networking* (10 Mbps):
»  RadioLAN
Wireless networking* (11 Mbps IEEE802.11b DSSS; recommended):
»  Addtron Technology
»  Buffalo Technology (Recommended)
»  D-Link Wireless
»  Farallon SkyLINE
»  Linksys Instant Wireless
»  Nexland ISB WaveBase
»  ORiNOCO
»  SMC
»  Zoom ZoomAir
Standards and Technology:
Bluetooth Technology Home Phoneline Networking Alliance (HomePNA) HomeRF Working Group IEEE 802.11 Working Group for Wireless LANs (WLANs) IEEE 802.15 Working Group for Wireless PANs (WPANs) (e.g., Bluetooth) (PAN stands for Personal Area [short distance] Network) Wireless Ethernet Compatibility Alliance (WECA) ("WiFi") Wireless LAN Alliance (WLANA) Wireless LAN Interoperability Forum OpenAir Standard

* Wireless networking presents security risks -- see "Security of the WEP algorithm".

[Jump to Contents]

Low-cost server for your small network

In addition to typical server tasks (e.g., file storage, printing), a dedicated network server can also be used for sharing a Cable Modem or DSL service (e.g., network address translation, proxy) and to provide security (e.g., firewall, filtering), with the advantage that such sharing does not depend on any other computer. (See "How to run multiple computers on Cable Modem or DSL" and "Security on Cable Modem or DSL") It can also make it possible to have a more complete Internet presence by providing such services as DNS (domain name service for a custom domain), email, HTTP (World Wide Web pages), FTP, and VPN (virtual private networking, providing secure access to your local network from anywhere on the Internet -- see "VPN/PPTP over Cable Modem or DSL"). Options:

1. BSD
2. Linux
3. Solaris
4. Windows NT/2000/XP

Option 1: BSD

BSD variants provide a wealth of standard Internet tools, and are available by download and on CD at little or no cost (e.g., CheapBytes). BSD is generally regarded as being more solid than Linux. Although peer support is available on the Internet, setting up and administering BSD can be difficult for those without UNIX experience. Complete BSD distributions include:

• FreeBSD
• NetBSD
• OpenBSD (Highly regarded for quality and security; recommended)

Option 2: Linux

Linux also provides a wealth of standard Internet tools, and is available by download and on CD at little or no cost (e.g., CheapBytes). Linux is generally regarded as having a more complete feature set than BSD. Although peer support is available on the Internet, setting up and administering Linux can be difficult for those without UNIX experience. Complete Linux distributions include:

• Caldera OpenLinux
• Debian GNU/Linux
• e-smith
• Linux Mandrake
• Linux Pro
• LinuxWare
• Red Hat Linux (Recommended)
• SUSE Linux
• Slackware
• Stampede GNU/Linux 
• TurboLinux
• Yggdrasil Linux

Option 3: Solaris

Solaris from Sun Microsystems is the operating system that largely powers the Internet, excelling in both power and reliability. Sun now offers two ways to get Solaris at low cost (for media and shipping):

• Free Solaris Non-Commercial License Program
• Free Solaris Binary License Program.

Setting up and administering Solaris can be difficult for those without UNIX experience.

Option 4: Windows NT/2000/XP

Microsoft used to offer a Small Business Server 4.5 Guided Tour Evaluation Kit for only US$20 that was fully functional with no time limitation, albeit limited to 6 client access licenses. However, that offer was replaced with the Small Business Server 2000 Evaluation Kit, which is time-limited to 120 days, leaving Windows unaffordable as a home/SOHO server.

Resources (not checked for accuracy):

• DSL/Cable Webserver

[Jump to Contents]

How to run services (servers) on dynamic IP

Dynamic IP means that your Internet (IP) address changes from time to time, sometimes every few hours, sometimes at much longer intervals. (A static IP address remains the same indefinitely.) Running services (servers) on dynamic IP is not normally possible because the current address is not known to outside world. The solution is to use a "Dynamic DNS" service that tracks changes in your IP address. Dynamic DNS providers include:

• DNS Console
• DNS Wizard
• DNS2Go
• dyndns.org (free)
• DynIP
• HomePC.org
• Neustar UltraDNS (new!)
• NOLS
• ODS (free)
• TZO (Recommended)

Notes:

• Your Internet Service Provider (ISP) may prohibit servers -- check to be sure.
• See Low-cost server for your small network.
• This author has no connection to these companies and has not tested these services.

[Jump to Contents]

How to share your files with NetBIOS over Cable Modem or DSL

UPDATE (10/10/2000): Microsoft Windows 95/98/Me Share Level Password Vulnerability (bugtraq 1780) makes NetBIOS (Microsoft Networking) Share Level passwords easy to defeat if Scope ID is not used (see "Increasing NetBIOS Security with Scope ID"). If NetBIOS is not disabled (see "Security on Cable Modem or DSL"), then installing the Microsoft patch is strongly recommended!

Windows (95/98/Me/NT/2000/XP) includes the capability of sharing files and printers over a network connection by means of NetBIOS (Microsoft Networking). With "NetBIOS over TCP/IP" such sharing can take place over the Internet. Scope ID should be used to enhance NetBIOS security -- see "Increasing NetBIOS Security with Scope ID". Note that NetBIOS provides authentication, but not encryption; for greater security, use VPN/PPTP. (See "VPN/PPTP over Cable Modem or DSL")

Caveat: Some Internet Service Provider (ISP) filter (block) ports used for NetBIOS because of hysteria over NetBIOS (see "File and Printer Sharing (NetBIOS) Fact and Fiction") and/or genuine concern for subscribers that might inadvertently expose themselves to NetBIOS security risks (see "Security on Cable Modem or DSL"). In such cases it will not be possible to use NetBIOS over the Internet unless you can persuade the ISP to remove the filter (block) on your particular Cable Modem or DSL connection.

For more information on using NetBIOS sharing over the Internet, see:

• Security on Cable Modem or DSL (important)
• File and Printer Sharing (NetBIOS) Fact and Fiction

Remote Control

An excellent way to remote control your own computer over Cable Modem or DSL is with free Virtual Network Computing (VNC) software. (Recommended)

[Jump to Contents]

VPN/PPTP over Cable Modem or DSL

VPN (Virtual Private Networking) is a means of creating secure connections over the Internet between two computers and/or local area networks (LAN's). Microsoft includes a form of VPN called PPTP (Point-to-Point Tunneling Protocol) in Windows NT/2000/XP, as well as PPTP clients for/in Windows 95/98/Me.

The most robust and secure form of VPN is generally considered to be IPsec (described in Standards Track RFC 2401).

VPN resources:

• General information:
  • Virtual Private Networks: The Next Evolutionary Step
• Cable Modem/DSL-specific information:
  • Sharing data over the Internet (VPN)
  • VPN Networking Over the Internet with DSL Connections
    (also applicable to Cable Modem)
• Microsoft PPTP information:
  • Understanding Point-To-Point Tunneling Protocol
  • PPTP Provides Secure Connectivity to Your Corporate Network
  • DSL Architecture Hardware White Paper
  • Point-to-Point Tunneling Protocol (PPTP) FAQ
  • Microsoft Dial-Up Networking 1.3 Upgrade for Windows 95: FAQ
    (includes information on PPTP)
  • Dial Up Networking Release Notes
    (includes information on PPTP)
  • Troubleshooting PPTP Connectivity Issues in Windows NT 4.0
    (includes information on Windows 95/98/Me client issues)
  • Cannot Use VPN with Telephone Company-Return Cable Modem or Satellite Modem
• SOHO routers with IPsec capability:
  • NexLand ISB (multi-session IPsec VPN pass-through in some models)
  • SonicWALL

[Jump to Contents]

How to use cable/DSL and dialup at the same time

Suppose you need to use Windows 95/98/Me Dial-Up Networking (DUN) to connect to your employer's network. The usual problem is that you lose the use of your Cable Modem or DSL connection during the DUN connection. The reason that happens is that DUN automatically gets higher routing priority than your Cable Modem or DSL connection because Windows 95/98/Me can only have one default route. In other words, your Cable Modem or DSL connection is still alive, but Windows 95/98/Me won't use it.

The solution to this problem is a two-step process:

1.  Prevent DUN from getting higher routing priority.

1. Set up a DUN Connection ("connectoid") for this particular purpose.
2. Right-click on this DUN connectoid and select Properties.
3. Click on the Server Types tab.
4. Un-check any unnecessary network protocols (e.g., NetBEUI, IPX/SPX).
5. Un-check Log on to network unless it's actually needed (e.g., for your employer's network).
6. Click on TCP/IP Settings.
7. Un-check Use default gateway on remote network. (This is the critical item.)
8. Click OK to close all the dialog boxes.

Now when you connect with this particular DUN connectoid, your Cable Modem or DSL connection will still work, but the DUN connection won't. To get the DUN connection working, proceed with the second step below after you have connected.

2.  Add manual route(s) for your DUN connection.

1. Connect with the DUN connectoid created in the first step above.
2. Run the command "WINIPCFG".
3. Select "PPP Adapter" in the drop-down list.
4. Note the IP Address. (Assume it's 206.170.4.214 for illustration purposes.)
5. Close WINIPCFG.
6. Suppose the IP address you want to reach through the DUN connection is 207.200.75.200 (netscape.com). To manually add that route through your PPP Adapter (206.170.4.214 in our example), run the command:

   Syntax:	ROUTE  ADD   destination     gateway
   Example:	ROUTE  ADD  207.200.75.200  206.170.4.214

7. Now traffic to the destination you just added (207.200.75.200 in this example) will go out through DUN, and traffic to the rest of the Internet will still go out through your Cable Modem or DSL connection.
8. You can add multiple manual routes. You can also use trailing 0 values with a corresponding MASK as destination wildcards; e.g.,

   Destination	Mask	Means all destinations starting with	Example
   207.200.75.0	255.255.255.0	207.200.75.	ROUTE ADD 207.200.75.0 MASK 255.255.255.0 206.170.4.214
   207.200.0.0	255.255.0.0	207.200.	ROUTE ADD 207.200.0.0 MASK 255.255.0.0 206.170.4.214

9. When you disconnect DUN your manual routes will be lost, and the IP address of your PPP Adapter will probably change from connection to connection, so this step must be repeated after each connection. 

[Jump to Contents]

How to "bond" multiple cable/DSL and/or dial-up connections

• Nexland ISB Pro800turbo
  (load-balancing router+switch with 2 broadband ports)
• MidPoint Internet Gateway
  (load-balancing routing, not bonding)
• Vicomsoft Internet Gateway
  ("Connection Teaming" -- for more information, see "Bandwidth Aggregation, Teaming and Bonding")

Note: This author has no connection to these companies and has not tested these products.

[Jump to Contents]

How to Un-Cap a Cable or DSL Modem

"Cap" is a reference to an artificial limit on downstream and/or upstream speeds. Such caps are common on consumer-grade service. "Un-capping" is thus an attempt to remove such limits (and thereby increase speed).

However, un-capping is an urban legend (or hoax, take your pick) -- subscribers cannot un-cap cable or DSL modems:

• Cable Modem speeds are controlled by the CMTS (head-end box for Cable Internet)
• DSL speeds are controlled by the DSLAM (head-end box for DSL)

(Note that if you did somehow find a way to do it, that might be construed as theft of service, with unpleasant consequences.)

[Jump to Contents]

How to send a fax over Cable Modem or DSL

• FAQ: How can I send a fax from the Internet?
• Internet fax services:
  • Digital Mail
  • docuharbor
  • eFax.com
  • Faxaway
  • FaxMission
  • FaxPC
  • FaxWave
  • FaxWeb
  • GetMessage.com
  • JFAX.COM
  • MessageClick
  • MyFax
  • onebox.com
  • Telebot
  • uReach.com
  • web2FAX

[Jump to Contents]

Third-party email service

• AltaVista (free; powered by Mail.com)
• Bigfoot.com (free; forwarding only)
• EmailPlanet (free; web-based reading only)
• Friendly Email (free; web-based/POP3)
• IEEE (members only; forwarding only; virus scanning)
• iName (free; powered by Mail.com)
• Juno Webmail (free; web-based)
• Mail Director ($20/yr; junk filtering; web-based)
• Mail.com (junk filtering; free web-based, subscription POP3)
• MailandNews.com (free; web-based/POP3/IMAP4/wireless)
• Mailbank.com ($10/yr; POP3)
• MailCity (free; web-based)
• MollyMail (free; web-based reading only)
• MSN Hotmail (free; web-based; junk filtering)
• MyRealBox (Novell; free; web-based/POP3/IMAP4; junk filtering; recommended)
• Net@ddress (free; web-based; junk filtering)
• NetBox ($18-24/yr; POP3)
• popHost ($15/yr; POP3)
• ProntoMail (free web-based; fee POP3; junk filtering)
• WhiteICE ($20/yr; junk filtering)
• Yahoo (free)

[Jump to Contents]

Third-party news (Usenet) service

• Recommended
  • NewsgroupDirect
  • Newsguy
  • Supernews
  • ThunderNews
  • Usenet-News
  • UseNeXT
• Not recommended
  • Giganews
  • NewsDemon.com

See also

• Agent and Free Agent (news readers for Windows; recommended)
• Google (web-based Usenet archives, formerly Deja.com; recommended)
• NewsReaders.com (list of news services)

Public (free) news services

Open public news servers tend to be few and far between, and to disappear without warning, because they can easily be overwhelmed by freeloaders, and abused by spammers. Here are some ways to find one:

• Dark Demon's Open NNTP Servers List
• Doc's Open News Servers
• Free NNTP (News) servers
• NewzBot
• Public News Server Search Engine (in German)
• Rob's News Servers
• ServerSeekers.com 

[Jump to Contents]

Which is better: Cable Modem or DSL?

[Jump to Contents]

Which is better: Ethernet or USB or PCI?

Ethernet

Bottom line: Ethernet is preferred unless there is a compelling reason to use some other type. USB is better suited for low-speed devices (e.g., mice) than for Cable Modem or DSL.

[Jump to Contents]

Buy (rather than rent) a Cable Modem

»	Cable Modems:
	»  Cable/xDSL Modem Gallery
	»  DOCSIS Cable Modem Gallery
	»  DOCSIS Cable Modem Vendors
»	Where to buy:
	»  Best Data Smart One Cable Modem CMI110 (Internal)				PriceGrabber.com
	»  Best Data Smart One Cable Modem CMX110 (External)				CNET Prices
	»  3Com HomeConnect Cable Modem External (Ethernet+USB)
	»  ELSA MicroLink Cable Modem
	»  SURFboard SB2100 Cable Modem (Ethernet) (Motorola store)
	»  SURFboard SB3100 Cable Modem (Ethernet) (Motorola store)				BiggerBytes
	»  SURFboard SB4000 Cable Modem (Internal) (Motorola store)
	»  SURFboard SB4100 Cable Modem (Ethernet+USB) (Motorola store)				BiggerBytes
	»  Toshiba PCX-1100 Cable Modem (Ethernet) (Toshiba Store)				Components Direct
	»  Toshiba PCX-1100U Cable Modem (USB)
	»  ZyXEL Prestige 941 Cable Modem Bridge/Router (Ethernet, SUA/NAT)				ZyXEL Shop
	»  ZyXEL Prestige 942 DOCSIS Cable Modem Bridge (USB, SUA/NAT)				ZyXEL Shop
	»	ZyXEL Prestige 944 DOCSIS Cable Modem Bridge/Router (Ethernet, Hub, SUA/NAT)			ZyXEL Shop
	»	ZyXEL Prestige 961 Euro DOCSIS Cable Modem Bridge/Router (Euro, Ethernet, SUA/NAT)			ZyXEL Shop

[Jump to Contents]

Remove @Home proxy settings

The software distributed by @Home normally autoloads proxy settings, preventing bypass of the proxy. To remove the autoload of the @Home proxy settings under Windows: 

1. Click Start » Run.
2. Type "REGSVR32 /U AHIEHELP.DLL" (no quotes).
3. Press <Enter>.

[Jump to Contents]

Other Cable Modem Resources

• Usenet news (discussion) newsgroup: comp.dcom.modems.cable
• Websites
  • CableLabs (Cable Modem R&D)
  • DOCSIS.org ("DOCSIS info for MSO's")

[Jump to Contents]

What is "Interleaved Mode?"

Interleaved Mode

Data is spread out during ADSL transmission. This improves the ability to correct errors due to noise pulses, and can thus make the connection more reliable. However, interleaving increases latency (delay). The amount of interleaving determines the amount of spread and hence the amount of latency. Interleaved Mode is required with G.lite (because more adverse line conditions are expected).

Fast (or FastPath) Mode

Lower latency than Interleaved Mode, but more vulnerable to errors due to noise pulses.

If your "ping" time to the closest/first node (often called a "gateway") is less than 30 ms, your DMT ADSL is probably configured for Fast Mode. Otherwise, unless the physical distance to that closest/first node is unusually far, your DMT ADSL is probably configured for Interleaved Mode. (See "How to find out what's slowing you down")

For most uses the difference in latency is usually not significant, and the increase in reliability can be useful or even vital. However, the difference in latency can be important for fans of real-time gaming over the Internet. If you fall into that category; are on DMT and aren't on G.lite; aren't unusually far from the closest node; and experience latency to the closest node of more than about 30 ms, you may be able to persuade your provider to switch you from Interleaved Mode to Fast Mode if such a switch is possible. (It may not be.)

[Jump to Contents]

DSL over DLC (Digital Loop Carrier)

[Jump to Contents]

How to fix phone problems caused by ADSL

• Whine, static, or buzzing on a voice call
• Rapidly falling voice volume (the result of automatic gain control being fooled by the ADSL signal)

• Any old filter won't do. Do yourself a favor and get one that has been designed for just this problem.
• This author has no connection to Excelsus Technologies.
• If you experience problems with the older type PacBell splitter, you can ask that it be replaced with a better device (e.g., Siecor/Corning Cable Systems ADSL POTS Splitter).

• Prime Services Group (or call 800-771-1115, x623 or x616)
• Westell store

[Jump to Contents]

DSL problems caused by your own lighting 

If you experience DSL problems, particularly when those problems seem to be worse at certain times of the day, you can check for this possible cause by completely disconnecting all lighting dimmer switches and halogen lights. Putting the DSL modem on a power line RFI filter (included in many surge suppressors -- see "Surge/lightning suppression for cable/DSL") may or may not solve the problem.

If you do determine that a lighting dimmer switch is causing interference, you may be able to solve the problem by replacing it with a switch that generates less interference (i.e., a switch with better RFI filtering). Cheap switches may have little or no RFI filtering; better switches that normally have good RFI filtering may be defective. Switches with good filtering are made by a number of manufacturers, including:

• Leviton Manufacturing
  • MicroDim
• Lightolier Controls
  • Onset (Recommended)
• Lutron Electronics

For more information on dimmer switch RFI, see the Lutron FAQ (frequently asked question), "What is radio frequency interference (RFI)?"

See "Other sources of DSL interference" for similar problems caused by switching power "bricks" (external AC power adapters).

For general technical information on tracking down sources of RFI, see "Track and Solve Electrical Interference" by the ARRL (American Radio Relay League, Inc.).

[Jump to Contents]

Other sources of DSL interference 

AM radio stations

According to Nortel Networks, ADSL speeds can be cut by up to 40% by AM radio station interference, a problem that may affect up to 15% of ADSL subscribers. See "AM radio creates ADSL static".

Bridge taps

A "bridge tap" is an unconnected cable that is spliced into your telephone line, usually the remains of a connection to a different telephone subscriber. Bridge taps can cause a variety of problems. Locating and removing them can be difficult and expensive.

DAML

Digital Added Main Line (DAML) telephone line-multiplexors (used to provide more than one phone line over a single cable pair) directly interfere with ADSL and other types of modems. The symptoms with an Alcatel 1000 include ADSL drop/reconnect cycles when the analog line goes offhook, and when automated nightly C.O. line testing occurs. (See "ADSL Readiness")

Disturbers

A "disturber" is another high-speed data service (e.g., ISDN, T-1, DSL) in the same cable bundle as your DSL service. Although DSL is designed to tolerate a certain amount of disturbance, too much disturbance can cause problems, particularly when combined with other sources of interference. Common symptoms of interference from a disturber are DSL problems that occur only at certain times of the day.

MTU

The Maintenance Test Unit (MTU) is a device installed at your location, used to remotely test your phone line. Unfortunately, it can seriously interfere with data communications. Any MTU should be removed.

Power "bricks"

Old style power "bricks" (external AC power adapters) based on transformer technology are usually fine, but some poor new style power "bricks" based on switching technology generate RFI interference much like poor dimmer switches (see "DSL problems caused by your own lighting"). These new style power bricks tend to be noticeably smaller and lighter than the old style. Replacing such a switching-type power brick with a transformer-type power brick (available at electronics suppliers; e.g., Radio Shack) should solve the problem. Be sure to get the proper current capacity as well as the proper output voltage.

For more information, see "Exorcizing DSL Demons" (from Outside Plant).

Unfortunately, there is not much that a DSL subscriber can do about many of these sources of interference (except as noted) other than asking the DSL provider to try to correct any problems.

[Jump to Contents]

Sync-nosurf (green light lockup) problem

• Alcatel Speed Touch Home (reported, but not verified by this author)
• Westell WireSpeed (observed by this author)

When this happens, normal Internet connectivity is lost. Often the only way to recover is to manually remove power from the modem; wait several seconds; and then restore power, whereupon the modem reinitializes, resyncs, and resumes normal operation.

Another possible aspect of this problem is ARP (Address Resolution Protocol). It has been reported (but not verified by this author) that the Alcatel ADSL modem will substitute its own MAC address for that of the "gateway" when the DSL link is down. Since ARP entries are cached, this could result in packets not reaching the gateway for some time after the DSL link has recovered (i.e., until the bogus entry for the gateway expires from the cache). If you have a Windows machine networked directly to an Alcatel modem (i.e., not through a router), you can check your ARP cache with the "ARP -a" command, and you can delete specific entries (e.g., your gateway) from the cache with the "ARP -d" command. (Restarting your computer or your router is a clumsy but sure way to flush the entire ARP cache.)

For more technical information on this problem, see "Alcatel ADSL Modem Sync/NoSurf" by Lawrence Baldwin of myNetWatchman.com.

[Jump to Contents]

Windows reboot problems with Alcatel SpeedTouch USB

(Thanks to Bob Carter for passing this tip along.)

According to Alcatel:

Some PC's running Win98, Win98 SE or Win ME get a corrupted registry after 3 or 4 reboots or unplug-replug sequences. This causes windows to crash or a hangup while rebooting.

For a fix, see the Alcatel FAQ SpeedTouch USB, Q10 in the "Windows Drivers" section.

(This kind of problem is one of the reasons that Ethernet is preferred over USB -- see "Which is better: Ethernet or USB or PCI?".)

[Jump to Contents]

Multiple security vulnerabilities in Alcatel modems

Researchers associated with the San Diego Supercomputer Center at the University of California, San Diego have identified multiple implementation flaws in the Alcatel Speed Touch ADSL "modem" (actually an ADSL-Ethernet router/bridge). These flaws can allow an intruder to take complete control of the device, including changing its configuration, uploading new firmware, and disrupting the communications between the telephone central office providing ADSL service and the device.

For more information, see:

• SCSC Security Advisory
• SDSC's Self-Help Guide to the Alcatel Speed Touch Home ADSL modem

Important things to know:

• Unfortunately, there is no known real solution unless and until Alcatel comes up with a fix.
• Although the chance of being compromised is probably fairly low, the risk is real.
• Even if your modem is a different brand it may still be vulnerable (either due to the use of Alcatel chips or due to possible vulnerabilities in other brands).

In the meantime you can:

• Turn your modem off when not in use. The modem cannot be compromised when it's off.
• Use a firewall. Although a firewall will not protect against all forms of attack, it will provide some protection. (See "Security on Cable Modem or DSL")

[Jump to Contents]

ADSL Modem Guide (DMT issue 2)

Most ADSL deployments are based on Alcatel-compatible hardware. On such systems, you generally should be able to use any device that is compliant with (ANSI T1.413) DMT issue 2.

• Alcatel
  • 1000 (Ethernet)
  • Speed Touch Home (Ethernet)
    May be subject to the sync-nosurf (green light lockup) problem
  • Speed Touch PC (internal)
  • Speed Touch USB
  • Speed Touch Pro (Ethernet)
    NAT, DHCP, DNS Relay
• Allied Data Technologies
  • CopperJet 800/E (Ethernet)
    NAT, DHCP, DNS Proxy, Packet Filtering, PPPoE
  • CopperJet 800/USB
    DHCP
• ASUS
  • ADSL Modems (Ethernet, Internal)
• Aztech
  • ADSL PCI Modem (DSL300P)
  • PCI ADSL Modem (DSL700P)
  • External ADSL Modem  (DSL900E)
• Cayman
  • 3220 (Ethernet)
    NAT, DHCP
• Cisco ³
  • 827 ADSL Router (Ethernet)
    NAT, DHCP, Firewall, VPN
  • 1417 ADSL Router (Ethernet)
    NAT, DHCP, Firewall, VPN
  • SOHO 77
    NAT, DHCP, Firewall
• Efficient Networks
  • SpeedStream 3060 (PCI)
  • SpeedStream 4060 (USB)
  • SpeedStream 5260 (Ethernet)
  • SpeedStream 5660 (Ethernet)
    NAT, DHCP, DNS (ISP support of routing mode required)
• Infinilink
  • i200 Full Rate ADSL Modem PCI Card (PCI)
  • i500 Full Rate ADSL Bridge / Router (Ethernet)
• Lucent InterNetworking Systems
  • CellPipe 50A
    NAT, DHCP, Firewall
• 3Com
  • HomeConnect ADSL Modem (PCI) ^{1, 2}
  • HomeConnect ADSL Modem (Ethernet) ^{1, 2}
  • HomeConnect ADSL Modem Dual Link (USB & Ethernet) ^{1, 2}
  • Remote 810 (Ethernet) ^{1, 2, 4}
    NAT, DHCP, DNS Proxy, Packet Filtering
• Westell
  • WireSpeed DMT ADSL External Ethernet Modem (Recommended)
    Subject to the sync-nosurf (green light lockup) problem
  • WireSpeed ADSL Ethernet Proxy Router (NAT, DHCP, PPPoE, recommended)
    May be subject to the sync-nosurf (green light lockup) problem
• ZyXEL (ZyXEL on-line store)
  • Prestige 641 (Ethernet)
    NAT, DHCP, DNS Proxy, Packet Filtering, PPPoE
  • Prestige 642 (Ethernet)
    NAT, DHCP, DNS Proxy, Packet Filtering, PPPoE

Important notes:
¹ May be compatible with Alcatel, but no specific mention of Alcatel compatibility.
² Sold only through service providers, not directly to end users.
³ According to Cisco, the 677 is not compatible.
⁴ According to a report, the Remote 810 is not compatible.

[Jump to Contents]

What is IFITL? FTTC? FTTH?

IFITL stands for "integrated fiber in the loop," another name for "fiber in the loop" (FITL) or "fiber to the curb" (FTTC). This use of optical fiber can extend the reach and/or increase the speed of DSL by shortening the length of the final copper wire run to the home. When fiber reaches all the way to the home, the term becomes "fiber to the home" (FTTH), which can provide very high-speed service without DSL (which works only over copper wire), typically using ATM. For more information, see:

• Lighting up the last mile
• Lighting up the neighborhood

[Jump to Contents]

Other DSL Resources

• Usenet news (discussion) newsgroup: comp.dcom.xdsl
• Websites
  • ADSL Forum
  • xDSL Technology

[Jump to Contents]

What is "Wireless DSL?"

If the most common forms of broadband Internet -- Cable, DSL, and Satellite -- are unavailable and/or unattractive in your area, are you out of luck? Maybe not. Fixed terrestrial (as opposed to satellite) wireless, sometimes called "Wireless DSL," is a group of newer technologies that are starting to be deployed in some areas. Here's a quick guide to this type of service:

1. "Wireless DSL" is not really DSL
   Fixed terrestrial wireless is capable of providing a broadband experience comparable to DSL, which is why it's sometimes called "Wireless DSL." However, the term DSL (Digital Subscriber Line) properly refers only to data service over standard copper telephone lines. In addition, there are important technical differences between fixed terrestrial wireless and DSL. Hence the term "Wireless DSL" is descriptive but not really accurate.
2. There's more than one flavor of fixed terrestrial wireless
   Some of the principal technologies:
   1. BroadLink is based on local transceivers with relatively short range (about 4 miles) using the same 11 Mbps IEEE 802.11b technology used in wireless local area networking. The service is somewhat similar to cellular data, and is sold only through ISPs (not direct from BroadLink). Service is currently available in Santa Rosa, California (Sonic.net), Stockton, California (InReach), and is undergoing market trials in Atlanta, Georgia.
   2. Sprint Broadband Direct (no longer available).
   3. WaveRider has both line-of-sight and non-line-of-sight products.

   Service in the first two cases is available only to those with direct line-of-sight to a transceiver, although the technology used by BroadLink tends to provide more complete coverage (less line-of-sight interference) and to be more scalable (fewer subscribers per transceiver). The balance of this section will focus on the technology used by BroadLink.

3. Like Satellite Internet, you need an external antenna
   The BroadLink antenna is about 14.5 inches square. Although it must be mounted with direct line-of-sight to the local transceiver, alignment is less critical than for Satellite Internet. Currently the necessary electronics are mounted in a separate box located near the antenna [picture]; in the next generation the electronics will be smaller and mounted on the back of the antenna. Connection to the subscriber's computer is by standard Category 5 network cable, which carries data as well as power for the electronics.
4. Like Cable Internet, the service is shared
   Unlike true DSL, where each subscriber has a dedicated connection, but like Cable Internet, Wireless DSL subscribers share the capacity of a given transceiver. Hence, it is possible for the service to slow down during periods of high usage if the capacity has been oversubscribed. Nevertheless, like Cable Internet, performance is usually very good. Like typical DSL, the service objective is 1.5 Mbps (down, 128 Kbps up).
5. It's not really 11 Mbps
   Only one transmitter can be sending at any one time on a given segment (serviced by a given local transceiver). Since data cannot flow in both directions (up and down) at the same time, real throughput is much less the raw 11 Mbps transmission speed -- on the order of about 6 Mbps. Nevertheless, that's still enough capacity (augmented by "fairness" algorithms in the network) to provide good service to dozens of typical subscribers on a given segment.
6. Latency is much better than satellite
   Although the other principal form of wireless broadband, Satellite Internet, suffers from very high latency (due to the long round trip that signals must travel) that can adversely affect certain types of Internet use (e.g., real-time gaming), Wireless DSL has latency ("ping" time) comparable to Cable Internet and DSL (typically on the order of 40 ms or less).
7. Premium service
   BroadLink service is available with static IP, either bridged or routed. This means that, for example, you can easily run your own server.
8. Good security
   The basic security of IEEE 802.11b networking (used by BroadLink) is based on WEP (Wired Equivalent Privacy). The bad news is that WEP has been shown to be not terribly secure. The good news is that BroadLink has implemented additional security that keeps subscribers from snooping the traffic of other subscribers.
9. How to get the most out of Wireless DSL
   Because it's so similar to Cable Internet and to DSL, Wireless DSL can be easily optimized using the methods described in this document.
10. Another wireless Internet option
    Metricom's Ricochet service, which has been deployed in a number of areas, provides a different tradeoff for wireless Internet access, the benefit of roaming mobile service (rather than fixed point) at the expense of speed (128 Kbps versus 1.5 Mbps). Unfortunately, Metricom has filed for Chapter 11 bankruptcy protection, and the future of the Ricochet service is uncertain.

[Jump to Contents]

Surge/lightning suppression for cable/DSL

• CITEL
  • MJ8-2-T1 (DSL)
  • P8AX-09-N (F/F) (Cable Modem)
• Comm-Omni International (dealer)
  • EDCO TS-1200 (Cable Modem & ADSL compatibility confirmed)
• Ditek
• EDCO
  • TS-1200 (Cable Modem & ADSL compatibility confirmed)
• Electronic Specialists (provisional listing)
  • Cable Master (Cable Modem)
  • PDS-isdn (ADSL)
• Innovative Technology
• Peradata
• PolyPhaser
• Sutton Designs

• Brick Wall
• New Frontier Electronics
• ZeroSurge

Power line surge suppressor standards

At a minimum, make sure that any point of use surge suppressor is UL 1449 Second Edition listed/recognized at a suppressed voltage rating (SVR) of 330 volts. For endurance, the surge suppressor should also be Classified in Accordance with ANSI/IEEE C62.41-1991, Recommended Practices. UL 1449 listed products are not necessarily classified for endurance.

Telecommunications network suppressor standards

At a minimum, make sure that any point of use surge suppressor is UL 497 listed/recognized.

[Jump to Contents]

Shopping On-line

All products are not the same -- cheaper products may not be such a bargain when you take into account functionality, quality, and support. Even on the same product, the best price may not be the best deal -- consider also:

Recommended on-line merchants (for value and service):

• buy.com (low prices, wide selection)
• PC Connection (overnight shipping even on late orders, very good service)
• Provantage.com (oldie but a goodie, wide selection)

Auctions:

You may find a great deal, or you may actually wind up paying more than retail. The seller might be reputable, or a fly-by-night con artist. Be careful! Auctions:

AuctionWatch (multiple sites at once) eBay (by far the biggest)

Excite Yahoo

How do you know you will actually get what you won and paid for? You can lower your risk with an on-line payment/escrow service:

i-Escrow (escrow) Internet Clearing Corporation (escrow)

PayPal (pay by credit card, fraud protection) WebTradeInsure (auction and/or shipping insurance)

Not recommended on-line merchants:

[Jump to Contents]

TCP/IP Resources

• Request For Comment (RFC, official Internet documents)
  • RFC 791 "Internet Protocol" (IP)
  • RFC 793 "Transmission Control Protocol" (TCP)
  • RFC 1122 "Requirements for Internet Hosts -- Communication Layers"
  • RFC 1323 "TCP Extensions for High Performance"
  • RFC 1631 "Network Address Translator" (NAT)
  • RFC 2364 "PPP Over AAL5" (PPPoA)
  • RFC 2516 "Transmitting PPP Over Ethernet" (PPPoE)
  • RFC 3449 "TCP Performance Implications of Network Asymmetry"
• Microsoft
  • Windows 95
  • Networking
  • Windows 98
    • Windows 98 Registry (TCP/IP Registry Key Entries)
  • Windows NT
    • Q120642 "TCP/IP & NBT Configuration Parameters for Windows NT"
  • Windows 2000 and Windows XP
    • MS Windows 2000 TCP/IP Implementation Details

[Jump to Contents]

Wireless Roaming

As wireless networking based on IEEE802.11b becomes ever more popular, retail businesses, groups, and even individuals are starting to provide wireless Internet access to the public, often at no cost (at least for now). All you need is a notebook computer or PDA with a "WiFi" transceiver card. For more information see:

• AirWave (San Francisco Bay Area)
• Bay Area Wireless User Group (BAWUG) (San Francisco Bay Area)
• Colorado Wireless Exchange Cooperative
• CONSUME
• FreeNetworks
• MobileStar
• "Neighborhood Area Networks" (TechTV)
• PDX Wireless (Portland, Oregon)
• SeattleWireless
• SFLan (San Francisco)
• SOHO Wireless (San Francisco Bay Area)
• Surf and Sip
• Wayport
• Wireless Communities (worldwide links)

See also:

• Hyperlink Technologies (hardware for wireless NANs and WANs)

[Jump to Contents]

Other Resources

Caveat: The following information has not been verified by this author. USE AT YOUR OWN RISK.

• Overcoming Problems with Home Networks using a 3Com HomeConnect Dual Link ADSL Modem

[Jump to Contents]

[The Navas Group home page]

Protect children while protecting free speech on the Internet.

Trademarks belong to their respective owners.