this post was submitted on 30 Dec 2023
346 points (94.6% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54716 readers
197 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
346
Me vs my ISP (lemmy.dbzer0.com)
submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]
 

So I was looking into getting port forwarding set up and I realized just how closed-off the internet has gotten since the early days. It's concerning. It used to be you would buy your own router and connect it to the internet, and that router would control port-forwarding and what-have-you.

Now, your ISP provides your router, which runs their firmware, which (in my case) doesn't even have the option to enable port forwarding.

It gets worse - because ISPs are choosing NATs over IPv6, so even if you install a custom firmware on your router without it getting blacklisted by your ISP, you still can't expose your server to the internet because the NAT refuses to forward traffic your way. They even devise special NAT schemes like symmetric NAT to thwart hole punching.

Basically this all means that I have to purchase my web hosting separately. Or relay all the traffic through an unnecessary third party, introducing a point of failure.

It's frustrating.

I like to control my stuff. I don't like to depend on other people or be in a position where I have to trust someone not to fuck with my shit. Like, if the only thing outside my apartment that mattered to my website was a DNS record, I'd be really happy with that.

Edit: TIL ISPs in the US don't have NATs

Edit 2: OMG so much advice. My knowledge about computers is SO clearly outdated, I have a lot of things to read up on.

Edit 3: There's definitely a CGNAT involved since the WAN ip in the router config is not the same as the one I get when I use a website that echos my IP address. Far as I can tell ~~my devices don't get unique IPv6 addresses either~~. (funnily enough, if I check my IP address on my phone using roaming data, there's no IPv6 address at all). It's a router/modem combo, at least I think since there's only one device in my apartment (maybe there's a modem managing the whole complex or something?). And it doesn't have a bridge mode, except for OTT. Might try plugging my own router into it, but it feels like a waste of time and money from what I'm seeing. Probably best to just host services over a VPN or smth.

Edit 4: Devices do get unique IPv6 addresses, but it's moot since I can't do anything but ping them. I guess it wouldn't be port forwarding but something else that I would have to do that my router doesn't support

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 164 points 11 months ago (5 children)

In the US and I use my own personal modem and router. Renting their equipment is optional.

[–] [email protected] 41 points 11 months ago (1 children)

Same here. I get $10 off for using my own router. That's $120 off per year. A cheap router bought from a supermarket cost me $60. It works fine, the signal quality is only okay but my flat's pretty small anyway. Getting your own router is just a financially sensible option.

[–] [email protected] 5 points 11 months ago

buying my own upper-midrange router still cost me less than renting from the ISP over a three year period

[–] [email protected] 16 points 11 months ago (2 children)

Not really with ATT fiber anymore. The fiber goes straight into their router to authenticate. There is no option for me to purchase an equivalent piece of equipment. I am forced to pay to use their equipment. Fuck ATT.

[–] [email protected] 19 points 11 months ago (3 children)

You can totally bypass ATT Fiber now with your own SFP+ xgs-pon, fiber terminated to your device, without needing to exfil certs or do anything other than clone the identifying info of the att router's label depending on the technology they're using in your area.

https://docs.google.com/document/d/1UIAgtxkImgFRwyaGDGtISD0JXnxWNvuuNDrnRac6wGc/edit#heading=h.f8l0utlsram6

[–] [email protected] 11 points 11 months ago (1 children)

Love that random google docs link instead of something like a tech blog.
Only a pastebin link could make it better.

[–] [email protected] 7 points 11 months ago* (last edited 11 months ago) (1 children)

I think the originator of it was on dslreports but I couldn't find the link on mobile. I'm sure if you can search on Google you could find a secondary source for some tech blog or medium about it if that makes you feel better. There's also a discord that covers most xgs-pon bypass methods that I could share too. They keep turning it to private at times for whatever reason.

Other links and info of you are being serious and not passive aggressive. ATT is quick with DMCA takedowns so that's probably why the info can be fleetingly available at times but dslreports seems to be pretty reliable/resistant to them.

https://www.dslreports.com/forum/r33665048-AT-T-Fiber-XGS-PON-SFP-Modules-for-AT-T-Fiber

https://hackaday.io/project/193110-bypassing-the-bgw-320-using-an-azores-cots-ont

https://forum.netgate.com/topic/99190/att-uverse-rg-bypass-0-2-btc/440

https://simeononsecurity.com/guides/bypassing-the-bgw320-att-fiber-modem-router/

[–] [email protected] 3 points 10 months ago

Other links and info of you are being serious and not passive aggressive

Thjs was just meant as a lighthearted joke. It's all fine :)

[–] [email protected] 3 points 11 months ago

Nice, I'll have to try this soon. Last time I checked the process was way more complicated.

[–] [email protected] 1 points 11 months ago (1 children)

So I did something before and had to set it back up every week or so. Would this be a permanent solution? If so ima fuck around heavy with this today lol

[–] [email protected] 1 points 10 months ago

Yeah the previous bypass used a certificate that you'd have to authenticate periodically via 802.1x. This new method does not have that requirement. Just need the specialized hardware for it, like that Azores d20 box or one of the SFP+ xgs-pon modules that you can program.

I've been using it without any intervention for a little over a 8 months now. Even have my /29 static IP block allocated on it, while still being able to also use the DHCP address they give out. You get to use the whole /29 too without the att box stealing one of them as well.

[–] [email protected] 1 points 10 months ago

Check if it has a passthru or bridge mode

[–] [email protected] 11 points 11 months ago

Yeah, as soon as I read the second paragraph my thought was "buy your own router". Problem solved.

[–] [email protected] 2 points 10 months ago

Not for Spectrum it isnt, unfortunately. You can use your own router but you have to use their modem

[–] [email protected] 2 points 11 months ago (1 children)

Can you recommend a good router that isn't extremely expensive?

I did some research about a year ago and started using a router recommended by both random users and reviewers (TP-Link Archer AX-3000 I think) only to quickly find out it had a bad QoS implementation which broke applications sending IP packets with certain DSCP values (SSH by default, Mumble, VoWiFi on an iPhone, WhatsApp calls) so I switched back to an ISP provided router unfortunately. When I talked to TP-Link support they sent me firmware which would have allowed them to connect to my router using telent (absolutely insane IMO, especially since other users also complained about this issue).

Further research showed that many consumer-level routers have these kinds of issues, so I'm reluctant to try this again.

[–] [email protected] 1 points 11 months ago