[Previous entry: ""] [Main Index] [Next entry: "Our new firewall"]

06/10/2005 Archived Entry: "satellite Internet service"

O frabjous day! We now have high-speed Internet, via satellite!

We've been waiting impatiently for someone to offer us high-speed service. We're too far out in the sticks for DSL service, and the wireless internet providers are encroaching on our area ever-so-slowly. I had looked at two-way satellite service before, but the up-front equipment cost was prohibitive.

Two events finally pushed us over the brink. First, a dramatic drop in the cost of the equipment. Second, we were the victims of a suspected "industrial action." It seems that, when Bell Canada workers go on strike (which happens with some frequency), the managers do the maintenance calls. So, presumably to put more pressure on, someone decided to drive a shovel through the telephone cable which services our road. Presto -- no phone, and no dial-up Internet, and an estimate of five days for repair.

It actually was repaired the next day, but it was a wake-up call (pardon the pun) like the ice storm of '98. We can't afford to be incommunicado for days on end. Having Internet service which is completely independent of the phone company suddenly acquired higher priority. And when we drop our unlimited dial-up service, and disconnect the second phone line that we no longer need, the difference in cost is only about Cdn$30 (US$24) per month.

Our local satellite TV dealer installed dish, cable, and transceiver in about an hour and a half...and it worked immediately.

The downside with satellite internet is that there's a long "latency time" for any request. It seems to take about 3 seconds after clicking on a link for the data to start flowing. (I've "pinged" a few servers that we use and an average response time is about 1.3 seconds. I surmise that part of the 3 second delay is DNS lookup.) When loading a web page with a lot of images, this can take a while! Even though both Firefox and Opera browsers can issue multiple GET requests in parallel, our service is limited to 22 simultaneous connections. I've seen some pages that take as long to load as they did with dial-up. But with anything large -- images, Flash pages, PDFs, file downloads -- the ten-times-faster speed of the satellite really shows. (Our upload speed is limited to 50 kbps, comparable to dial-up. This is generally not a problem.)

There are some proxy settings that we can try with the satellite transceiver in order to speed up service. I'm guessing that it does something like DNS caching. If not, it will probably be worth my while to set up a local DNS server.

The DW6000 transceiver is a fairly sophisticated little box. Unlike its predecessor, it talks to Windows, Mac, or Linux, using standard Ethernet and TCP/IP protocols. I was suprised to see that it provides Internet connection sharing through NAT (Network Address Translation). I don't know why, then, they didn't include any firewall capability in the unit! Even more egregious, the manual recommends not connecting your computer through a hardware firewall, but instead connecting your PCs directly to the DW6000. While NAT does afford some protection from probing attacks, I think it borders upon the irresponsible to suggest connecting any Windows PC "naked" to the Internet. Fortunately it's not difficult to connect through an external firewall box -- more on this tomorrow -- but I wish they had included this function in the DW6000.

Another bad security feature of the DW6000 is that it does not "stealth" unused ports. Doing a Shields Up! test with the satellite service revealed that the transceiver is reporting most ports "closed" (and worse, a few ports open), rather than "stealthed." Probes on those ports won't get anywhere, but this does advertise to every baddie on the net that there's a live computer at our IP address. So I expect that some of our bandwidth will get consumed by attack probes. (I recall during the Nimda attack that the "port closed" responses consumed a lot of our outgoing bandwidth. I reprogrammed our firewall then to stop those replies...an option I no longer have with the DW6000.)

Still, I have plenty of security behind the DW6000, so we don't have any new vulerability. It's just a potential nuisance.


Powered By Greymatter