Re ACS

First of all I should mention that most of my experience with DSL
service was through Custom CPU. I started out on ACS but after about two
weeks the connection died. I was told that a tech had to be sent out and
we would have to pay for that. The tech support person was telling me
the problem was at my end not theirs.

I know the problem wasn't at my end. I switched to Custom CPU and
everything worked. Well, I could surf the net. Email didn't work. I have
my own domain and email/website is hosted by a third party. I could
download email but I couldn't send. It took me a while to figure out
that I needed to switch my outgoing SMTP server setting to that of
Custom CPU's mail server.

As you can see I haven't had much luck with ACS Internet service.

One of my clients had ACS DSL service. They had a strange problem that I
can't explain. One day their Internet stops working. They tell me they
called tech support and was told the problem was not ACS. I called 3 or
4 times. We traced it back to the Linksys router which was supplied by
ACS. The client was a little concerned because this was the second or
thered time they had to replace it.

I can't say if this is an ACS issue or a Linksys issue. However, I have
never herd of a Linksys dieing. In this case we have three dead.

I also noticed other issues with the wiring job the ACS techs did. Not
good if you ask me.

This is the same client that had the SSH problem. Couldn't connect. I've
had someone else tell me they were having this problem as well. That
makes two cases. Both cases are connections from GCI and ACS. In my case
I was going from GCI to my clients connection on ACS.

I'm not trying to put down ACS. These are just my experiences. I've herd
others complain about GCI.

On Mon, 2005-03-21 at 18:44 -0900, Royce Williams wrote:
> On Mon, 21 Mar 2005, damien hull wrote:
>
> > The filtering that ACS has is to restrictive for me. GCI gives you
an
> > Internet connection to do with as you pleas. If I want I can put up
my
> > own mail server. You can't do that on ACS.
>
> Again, speaking for myself only (this is always true, even if I don't
> disclaim it as such):
>
> May I ask you to clarify what you mean by "can't"?
>
> I'm not aware of anything that currently prohibits inbound port 25
> traffic to any of our space. IIRC (#include disclaimer.h), ACS
> recommends that folks get a static or other business-grade
> connectivity to run server stuff, but there's nothing that prevents
> Joe Dynamic from doing low-volume SSH, SMTP, "Hey, hit my Gallery at
> dyndns.example.net:8080," or something similar. ACS probably does
not
> guarantee anywhere that such things will always work (I don't know),
> but it works today.
>
>
> > There also seems to be filtering of SSH. I tried to connect to a
clients
> > server and wasn't able to connect. I'm on GCI and they are on ACS.
>
> I've never had any problem SSHing to/from any system anywhere, with
> ACS space as either as the client or server. I'm pretty sure that
ACS
> is not touching SSH in any way.
>
>
> > I've also had to change my email settings. I had Internet though
Custom
> > CPU which is just reselling ACS DSL. I was unable to send email
through
> > my mail server on the net. I had to use Custom CPU's mail server.
>
> Again, I'd have to get more specifics, but I'm intimately familiar
> with the ACS mail setup, since I built and maintain the servers that
> handle our mail, and was the sole person working the abuse queue for
> six months in 2001.
>
> I'm personally interested in getting to the bottom of this. If one
is
> coming from ACS IP space, one should be able to use ACS mail servers.
> Find me some IP space that ACS "owns" that can't relay, and I'll find
> out why and fix it on the ACS side, if that's where the problem lies.
>
> In other words, put your packets where your mouth is. :) Give the
> AKLUG list the specifics instead of a generalized "ACS is filtering
> some stuff" claim. Let's see if others can reproduce the same
> behavior that you're seeing. If it's something borked on the ACS
> side, I'll direct the information to the appropriate people.
>
>
> > For most users the filters that ACS has in place won't matter. They
just
> > want to surf the net and check email. However, filtering of any kind
> > could block things that clients want access to.
>
> True. It's a trade-off. I believe that ACS has done a fair job of
> blocking only the things that reasonably informed people would want
to
> have blocked anyway.
>
>
> > In my case I need to port scan and connect through SSH. I can't seem
to
> > do that on ACS. This would indicate to me that a lot more is being
> > filtered then what you are suggesting or something is configured
wrong.
> > I think most of the blame should go to ACS but the Internet's a big
> > place. It could be getting filtered before I even get to the ACS
> > network.
> >
> > SSH is on port 22 hint, hint...
>
> Yeah, I'm familiar. Show me an SSH session that's breaking, and I'll
> show you that it's not due to deliberate filtering on the ACS side
(or
> find out why no one told me about it), and work with you until we
> determine where the problem lies -- and I'm strongly suspecting that
> such a failure has a non-ACS reason.
>
>
> > Keeping the ACS network secure should not effect what clients can
do
> > on the Internet.
>
> > If ACS wants to keep their servers safe they should put them behind
> > a firewall and leave the rest of the network wide open.
>
> We're not just talking about servers here. In today's world, there
are
> ISPs who have 20K+ zombified botnet-enslaved customers. The problem
is
> getting so bad that ISPs are starting to have to block entire
> superblocks (bigger than /24) to protect themselves from other ISPs
> who cannot sufficiently stop their own spewing. It's only getting
> worse.
>
> I personally would love to return to the days when everyone ran an
> open relay, but it's no longer feasible, IMO.
>
>
> > If filtering the Internet is something they feel they need to do it
> > should be stated in the service plan.
>
> It's reasonable for ACS to act to protect the integrity of its
systems
> and its other customers. According to dshield.org at this writing,
> the expected survival time before infection of an unpatched Windows
> box on the Internet is 28 minutes. I've seen it as low as 12.
>
> What's more, an ISP's entire network -- not just a couple of /24s but
> an entire ARIN allotment, affecting every customer that we have --
can
> be blackholed in such an environment because of the infection of just
> a few well-connected customers. As the botnet problem grows, this is
> happening more and more often, shifting the burden over to the ISPs
to
> more vigorously police what comes out of their own networks.
>
> In that light, I think that ACS has tried to balance the need to
> protect their own infrastructure with customer usability.
>
> And just so everyone knows ... I have Mondays off. :)
>
> -royce
>
>
> --
> Royce D. Williams - IP Engineering,
ACS
> personal: [first]@alaska.net - PGP:
3FC087DB/1776A531
> work: [first.last]@acsalaska.net -
http://www.tycho.org/royce/
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Mar 22 00:39:54 2005