ip port blocking by internet service providersrobmorton.20m.com/internet/isp.pdfthe internet ip port...

The Internet IP Port Blocking by ISPs Robert John Morton

IP Port Blocking by Internet Service Providers

They arbitrarily block listening ports, thus relieving you of your free-dom to interact with other Internet users as you wish. Trying to cancelan ISP's service is synonymous with a declaration of war. And Istrongly suspect that they also engage in other more sinistershenanigans.

There are many good and commendable things I can say about Brazil. But frommy experience, its Internet service providers (ISPs) have deteriorated into whatis undoubtedly its worst advertisement and a significant detriment to its on-go-ing development.

I am positioned not too far from the centre of a conurbation of around 3 millionpeople. Yet the best Internet service (known here as bandalarga or Velox) that Ihave been able to obtain gives me a 2 Mbps download speed and a 512 kbpsupload speed, with a total block on all unsolicited incoming IP packets. In otherwords, all my listening ports are blocked. And the ISP flatly refuses to openthem, despite this blocking being contrary to the suggested practices of theBroadband Internet Technical Advisory Group.

Quite frankly, in the year of 2015, I would have expected better. The speedsdon't bother me. They are perfectly adequate for my needs. But the blockedports most certainly do bother me. All the ISPs, who could provide a service tome, take the same line. They all block all listening ports. So as a mere cus-tomer, I either have to like what I'm given, or lump it. To me, this high-handedattitude is unacceptable. Hence this article.

W@y TV: An Ideal ServiceIn 2004, I [1] subscribed to an Internet service provided by an ISP called W@yTV in Belo Horizonte-MG, Brazil. This service gave me a download speed of 512kbps (kilobits per second). I later upgraded to 2 Mbps (megabits per second) inabout 2012. This provided an upload speed of 512 kbps, which was a little slowfor my requirements but certainly sufficed. The great feature of this service wasthat all listening ports were open [2]. Perhaps a few were shut, but none thataffected anything I wanted to do. The IP (Internet Protocol) address was offi-cially dynamic. However, I never saw it change since around 2008. For all in-tents and purposes I had the fixed IP: 201.62.140.93. Instead of having to signin to the service, user validation was done automatically by identifying the MACaddress of my TP-Link router. I have a suspicion that, a few years into the ser-vice, the technicians had simply decided, for convenience, to tie my router'sMAC address to this IP address, which was nice. The W@y TV technicians, werepolite and seemed competent and appropriately knowledgeable. I got on wellwith them.

http://robmorton.20m.com/internet/isp.html 1 of 64

http://robmorton.20m.com/index.html

http://robmorton.20m.com/internet/isp.html#ports

http://robmorton.20m.com/internet/isp.html#me

http://robmorton.20m.com/internet/isp.html


About a third of the way through my eleven years of using the W@yTV Internet service, W@y TV was bought by a telecommunicationscompany called Oi. Consequently, from July 2008, my monthly bill forthe service came from Oi, not W@y TV. Notwithstanding, I think thatOi, although the owner, left the old W@y TV people - at least from atechnical point of view - to carry on their service as before. In fact Oiitself offered a competing service. The service provided by W@y TVwas by coaxial cable, using a 573 MHz (megahertz) radio frequencycarrier for download and a 32,496 kHz (kilohertz) carrier for upload.The Motorola Surfboard SB5101 [DOCSIS 2.0 compliant] cable modemhad a top download speed of 38 Mbps, so I had plenty of speed up-grade potential, even if this actual top speed of 38 Mbps was not prac-tical over the existing cables.

My home installation comprises 3 personal computers running Xubuntu Linux,each with a precisely-configured firewall to suit its intended use. The 3 com-puters are connected to a TP-Link router Model TL-WR741N, which also has aprecisely-configured firewall with the minimum necessary and sufficient portsforwarded to one of the 3 computers on the LAN. The router is connected to theInternet via the Motorola SB5101 Surfboard cable modem.

I have subscribed to the W@y Internet service for 11 years. The service hasworked perfectly with the installation shown above for at least 5 years. The fire-wall, shown in red on the cable immediately in front of each respective device,is of course really software, which is running inside the device itself.

Although retired, I continue to write articles on many topics which I make freelyavailable via the Internet to whomsoever would wish to read them. All are onmy web site, which is hosted on a server in the United States of America. I alsomake them available in PDF files, which I share via the eDonkey/Kademlia net-works and Gnutella/G2 networks. The "fixed" IP address also allowed me toshare them via a File Transfer Protocol (FTP) server, which I set up within myown computer.




http://robmorton.20m.com/internet/images/isp/rfmodem.png


These eDonkey/Kademlia, Gnutella/G2 and FTP servers within my computerconsume hardly any bandwidth. On average, my colleagues and others aroundthe world between them download from my computer about a dozen or lessarticle files per day. This amounts to around 5 MB (megabytes) of data up-loaded via my 512 kbps upload connection per day. Minuscule. My servers arethus more like transponders than servers. They would certainly never createany traffic saturation problem for the ISP.

How I wish that this tranquil state of affairs could have continued. Sadly, in aletter postmarked 14 July 2015 (followed by two shorter reminders), the ISP Oi,informed me that the old W@y TV & Internet service would cease on 18 August2015. This, I was told, was because the technology was too old to be continued.Of course, like any service, W@y TV Internet had short periods of downtime.But never anything catastrophic. Its continuity of service was, on the whole, ex-cellent. I had only 4 service call-outs in 10 years.

This gave me barely a month's notice to find a new provider. Furthermore, al-though W@y had moved the service to my "new" address on 20 December2005 (almost 10 years ago) Oi sent all these letters to my old address. As a res-ult, I did not receive them until the beginning of August. I was fortunate to re-ceive them at all. Oi sent no such letters to my present address, to which theycorrectly send their monthly bills. Thus I was left with barely two weeks to findanother ISP.

NET: The Beginning of WoesI searched the Web for ISPs who could provide an Internet access service in mylocality. I found three: Oi (through whom the old W@y TV service had beenprovided), NET (NET Serviços de Comunicação S/A) and GVT (Global VillageTelecom). GVT is the last company on this planet with which I would wish to do



http://robmorton.20m.com/internet/images/isp/Oi-card-letter2.png





business. I will reveal why later. I therefore decided to try one of the servicesoffered by NET.

I found a package offering 15 Mbps download speed and 2 Mbps upload speed.This was adequate and the price was reasonable. However, I needed to ascer-tain that this service did not have ports 21, 4662, 4665, 4672, 47862, 57195closed because I needed these to be open for the file sharing protocols throughwhich I made my articles freely available. I would really have liked a fixed IP ad-dress with port 80 open as well. However, I was not hopeful that this would bepossible and resigned myself to having to live without it. Try as I might, I couldfind no information whatsoever about the status of listening ports from NET'swebsite. I logged in to NET's chat facility through which I could chat live to an"expert". I tried chatting with several of their "experts" at different times butnot one of them answered my direct and pivotal question about listening ports.It was obvious to me by then that none of these "experts" even knew what alistening port was. And neither, apparently, did their supervisors.

My only option was to take on the service conditionally. I ordered the 15Mbpsservice from NET on Friday 07 August 2015 via NET's website. I included theoption for integrated telephone service because the additional cost was min-imal. This included the migration of my current telephone number from an Oitelephone line to the new NET telephone. My Oi telephone account was asimple stand-alone telephone service. It was completely separate from the oldW@y TV Internet service which Oi had bought and taken over. My order wasconfirmed by email from NET on Friday 07 August 2015 at 10:59 am. The in-stallation was scheduled for the morning of Tuesday 11 August 2015.

On the morning of Monday 10 August 2015, I received a phone call from a manpurporting to be the installer of the NET service asking directions to my home. Igave the directions but said the installation had been scheduled for the nextday. He arrived at about 11:30 hrs. with a modem, RJ45 connecting cable, alarge coil of coaxial cable and a bag of tools. Not having expected any disrup-tion until the following day, both computers were running and I was workingon-line through the old [W@y TV] cable service. Everything was working per-fectly as it had been doing for the past 11 years. I had to log off from my Inter-net activities but left the computers and router running.

The technician disconnected the coaxial cable, which carried the old W@y TVcable service to my apartment, from the splitter in the W@y TV source cable atthe distribution box in the hallway outside the apartment. He reconnected thecable to the apartment to a different splitter which was on the source cable ofthe NET cable service.

The technician then went into my work room and disconnected the old Mo-torola cable modem from my TP-Link router and removed the modem, He re-placed it with the different modem, which he had brought with him. He hadbrought it loose and unboxed. There were no instructions with it and no usermanual. He connected the new modem to my router through the short yellowRJ45 cable he had brought. He connected the new modem's power supply and





plugged it into an outlet. He also plugged my telephone into the new modemhe had brought. The modem he had brought with him was as follows:

Name: RCA by Thomson Model: DHG534B MAC address CM:

001E69C8AEC7

MAC address MTA:

001E69C8AEC8

Serial Number: 00953-011400873 Power Rating: 12V, 1A unsmoothed Factory ID: 2

H/W:1.0 [DOCSIS 2.0 com-pliant]

The technician did not install any coaxial cable anywhere: neither in my apart-ment nor anywhere else in the building. He used the existing coax that hadbeen installed 11 years previously by W@y Internet and was still in place. Hetherefore did not use any of the large coil of coaxial cable, which he hadbrought with him.

The lights of the new modem illuminated in the normal way to indicate that ithad synchronized correctly with the NET digital cable service. I tried to accessweb sites from my browser. There appeared to be no access to the worldwideWeb. The browser appeared to be unable to access a Domain Name Server. Ithen opened the web interface of my TP-LINK router (through which I had beenaccessing the Internet up to a few minutes before for over 5 years via the oldW@y TV Internet service) which had been working perfectly minutes before onhttp://192.168.1.1:86 to check the WAN status report:

WAN information registered by router:

Endereço MAC:BCAEC55CE92A [de router]

Endereço IP:100.68.64.37 [IP Dinâmico]

pings OK

Máscara de Sub-rede:

255.255.224.0

Gateway Padrão: 100.68.64.1 pings OKServidor DNS: 201.17.128.74 pings OK

201.17.128.79 pings OK

This indicated that the router had established contact with the modem cor-rectly and had acquired DNS servers. I tried to access a common well-knownwebsite. The browser appeared not to be able to establish contact with a DNS. Ipinged the working IP address of the modem as well as the IP addresses of the





gateway and the DNS servers. All answered my pings correctly as shown in theabove table. I also pinged the standard IP address 192.168.100.1 for modemweb interfaces. The RCA Thomson modem answered the pings correctly. I triedto access the modem web-interface on 192.168.100.1:80. The page started toload but the modem reset the connection almost instantly before any of thepage appeared on screen.

The next day, once I had put the old W@y TV service back, I dis-covered by web search that the RCA modem the technician had in-stalled was an old discontinued model, which could only be configuredvia telnet. Since telnet is a vulnerable service, which I don't use, I hadclosed the telnet port (Port 23) in my computer's firewall.

A second technician had by now arrived at the request of the first technician,who was clearly out of his depth. The second technician told me that the web-interface address was wrong and should be 192.168.0.1. I pinged this address.No response. There was no service at all on that address. I tried a remote ping-back, which gave my IP address, as seen from the outside world, as186.206.255.254.

The second technician rang his superior. Then he told me that the problem waswith the NET service itself and nothing to do with my equipment configuration.He said the problem was because NET is changing over to IPV6 addressing sothe modem would have to be reconfigured for IPV6. Of course, there was nomention of this in any of the scant information available prior to purchase. Fur-thermore, as is apparent in the above table, all necessary addresses had beenacquired for the WAN (Internet) side of the router. All these are clearly IPV4 ad-dresses. There isn't a single IPV6 address in sight, neither is any needed.

I tried again with my computer connected straight to the RCA modem, thus by-passing the TP-Link router. I still could not access a single website. My com-puter has an absolutely up to date version of the Linux generic kernel, its head-ers and all necessary auxiliary packages. Its networking software is 100% IPV6compatible. I opened the networking configuration utility but could see no evid-ence that it was trying to acquire an IPV6 DNS.

The second technician said that an expert called Sirley would come tomorrow[the day for which the installation was originally scheduled] at 9:00 am to re-configure the modem. The two installers could do no more.





Before leaving, they presented a multi-layer formto be signed. The in-fill was essentially illegible butit was duly signed, assuming it was to verify thatthey had attended the premises and installed theequipment, which they had. The two installers leftat about 12:30 hrs. leaving the bottom copy, inwhich the in-fill was completely illegible. BeingBritish, I am, as a customer, always used to receiv-ing the top copy (written layer) of a multilayerform. Here in Brazil, however, I am not too familiarwith the rules in this regard. That evening, I took acloser look at the form. Please click the image fora high resolution view of the form. I [1] had inad-vertently signed a form whose illegible in-fill didnot reflect the truth.

Although the entire written in-fill of the form was totally illegible, the marksagainst certain yes/no tick-boxes could be deciphered. These asserted that:

1. The technician had brought a Welcome Pack and a copy of the contract. 2. The technician instructed the customer on how to use the system. 3. The NET service was working perfectly as witnessed by the customer. 4. Customer is aware of the need to send a copy of personal identity docu-

ment and undertakes to forward it within 48 working hours.

All the above were lies. The technician did not bring a Welcome Pack. Nor didhe bring a copy of the contract. Hence I did not know the contract numberwhen I decided to cancel it. The technician did not instruct me on how to usethe system. He couldn't. It wasn't working. Consequently, the ticked statementsaying that the NET service was working perfectly as witnessed by the cus-tomer was an outright lie. The customer was never asked to show an identitycard, which, had I been asked, I could have shown them there and then. Espe-cially with a company like NET, one must remember the age-old advice: caveatemptor (let the buyer beware).

I tried making phone calls with the telephone connected to the new service. Ihad difficulty obtaining a dial tone. Eventually I heard a dial tone and dialledsomebody I know. The call was successful. I managed to make another success-ful call. That was the last call I was able to make. Try as I might for over half anhour, I could not acquire a dial tone. What use would this be in an emergency?What use would it be for anything? Furthermore, I did not know the number ofthe NET telephone from which I was calling. It wasn't my normal number. Thetelephone plain and simply did not work. I re-plugged my telephone back intothe original normal telephone line supplied by Oi (formally Telemar).

The following morning, the "expert" Sirley never showed. The second techni-cian had given me his cell phone number 83351796. Nobody answered on thisnumber. I rang NET and made a new appointment (Protocolo de atendimento:01-31-50542887946 Tuesday 11 August 2015 14:00 BRT) for yet another "ex-pert" technician to come. He came at about 12:20 hrs.. He connected his



http://robmorton.20m.com/internet/isp.html#me


http://robmorton.20m.com/internet/images/isp/NET-order.jpg


laptop (running Microsoft Windows) to a spare port on my LAN router. He wasable to test download speed and access web sites. He said the problem was myOS, Linux. This to me seemed rather strange. The technician said he could donothing more. He only knew about Microsoft Windows. Having been in IT forover 50 years, I knew well this kind of declaration. It's always the fault of theuser's equipment, despite it having been working perfectly well with the W@yTV service for 11 years. I knew it was now up to me, the customer, to resolvethe technical difficulties with the NET service.

Then I had a eureka moment. For such a problem as this, the difference in theoperating systems was irrelevant. If it worked with the technician's Windowslaptop but not with my computer, something within my computer was blockingthe passage of certain data which the laptop was letting through. "My firewall",I shrieked. My firewall settings must be blocking a listening port required by theNET service. I switched off my computer's firewall. I was then able to accesswebsites from both my Linux machines. However, it left my Linux computersunguarded and potentially vulnerable. I had to make sure that I disabled or un-installed all unrequired service dæmons. It was then around 12:50 hrs.. Thethird technician left. At least I now had Web access.

Since my experience with the NET service, I have never discoveredwhy my web browser should need an open listening port in order toaccess a DNS. It has remained a mystery. I cannot see why thebrowser ever needs to listen on an incoming port at all. This is doublymystifying since the firewall in my TP-Link router has exactly thesame listening ports open as the computers do, except that the com-puters have additional listening ports open for services limited to theLocal Area Network (LAN), such as printing on Port 631 and NFS onPorts 15, 16, 31 and 32, which are not open in the router's firewall.Unfortunately, I never had time to investigate exactly which port theNET service needed and why. It makes me rather suspicious of what"else" the NET service may have been trying to do in my computerother than finding and serving the requested web page.

The technician having left, I set about to verify that all my required serviceswere operating correctly. I started my web, FTP, eDonkey/Kademlia and Gnu-tella/G2 servers. My FTP and Web servers only had visibility within the LAN.They were not visible to the outside world. This was no surprise as the serviceonly provided a dynamic IP address. I could live without them. I would have tolive without them from now on. My eDonkey/Kademlia and Gnutella/G2 serverswere firewalled. All their required listening ports were blocked, even thoughthey were all open both in my computers' firewalls and router firewall. Theycould only be being blocked by the NET service itself. I used an external web-based port checking service to check the operation of 8 listening ports that Ineeded to be open. All were being blocked by the ISP [NET]. Not so much asone of the listening ports I required was open.

I don't know whether the ports were being blockedby the ISPs routers or simply by a firewall inside




http://robmorton.20m.com/internet/images/isp/RCA-front.png


their modem. But, without a user manual for instructions on how to do so, Icould not get configuration access to the modem. So the question was moot.

I could not share my essays and articles with colleagues and other interestedpeople all over the world. They preferably need to be able to access them onmy FTP site and download those files which contain essays and articles thatthey may wish to read. Without open ports my eDonkey/Kademlia and Gnutella/G2 servers can work after a fashion, but incoming searches would be im-possible, which rather defeats the object of the servers. I finally tried to accessthe FTP server of my web hosting service in the USA. I could not connect to myweb hosting service by FTP. Consequently I could no longer maintain and up-date my own web site.

For me, these blocked listening ports rendered the NET service completely andutterly useless and unworkable. Consequently, after no more than an hour'srigorous testing, I realized there was no option but to cancel the NET service,which I did 13:20 hrs. on Tuesday 11 August 2015.

NET: Cancellation: The Second of Woes

I could not cancel the contract without knowing the contract number, which ofcourse, I did not know because I had never been given a copy of the contract.After a long and stressing telephone call, I finally managed to prize the contractnumber (013028414190) out of NET. Then followed four attempts to cancel thecontract:

At-tempt

Protocol №Time

DateAttended

byModem to be Col-

lected

1013150543019564

13:10

11/08/2015

unknown

2013150543024663

13:20

11/08/2015

unknown

3013150543683229

13:37

11/08/2015

unknown 19/08/2015

4013150543743585

13:38

13/08/2015

Anderson 24/08/2015

In the first two attempts, the person who attended gave a protocol number andthen left me waiting indeterminately until the call finally dropped. Finally, at13:37 hrs. the NET functionary verified that the contract was cancelledwithout onus and that the modem would be collected by NET on the 19th Au-gust 2015.

I immediately removed the NET modem from my installation and put back theoriginal W@y TV service's RF cable modem. I disconnected my apartment'scable from the NET service cable at the distribution box in the corridor and re-connected it to the old Oi (W@y TV) service cable. I was, however temporarily,back on the Internet.





I spent Wednesday, 12 August 2015 at my computer catching up with my twoentire mornings of lost working time. The following morning (Thursday 13 Au-gust 2015), I telephoned NET to make sure that the migration of my originaltelephone number from the original Oi telephone line had been cancelled too.Then it all began all over again. I was told that there was no record of my con-tract having been cancelled and that neither had the migration of my tele-phone number been cancelled. That is when I embarked on the fourth attemptto cancel the contract. This time my call was handled by a person who identi-fied himself as "Anderson". At 13:38 hrs. on Thursday 13 August 2015, Ander-son assured me that:

1. The NET Internet service would be cancelled within 1 hour. 2. The NET telephone service would be cancelled within 24 hrs. 3. The contract with NET was already cancelled. 4. The migration of my Oi phone number to Net was already cancelled. 5. NET will collect modem, RJ45 lead & power supply on 24/08/2015.

Early, on the morning of Friday 14 August, I had an uneasy feeling about thefourth cancellation attempt. Why should it be any different from the otherthree? Furthermore, NET had extended the time it was going to delay in collect-ing the modem. NET may use this to construe that I had had use of their ser-vice from 10 August until 24 August, which was 15 days or half a month. Infact, I had had workable access to their service for less than 40 minutes, afact they could easily verify by pinging their modem remotely and seeing that itwas not connected. Even then, I could only access the NET service with mycomputer firewalls completely disabled.

For this reason, I decided not to wait any longer and to contact Anatel, the tele-communications regulator in Brazil. I registered on the Anatel website and fileda complaint against NET at 09:55 hrs. 14 August 2015 under Protocol№27016432015. I must now wait to see if it will have any effect.

The next day, Saturday 15 August 2015, at 11:05 am, NET called me by cellphone confirming the Encerrramento do Contrato (Termination of the Contract)and that the modem etc. would be collected between 12:00 and 17:00 hrs. on24 August 2015. The Protocol № of this action was given as 013150544333121.Later, at 13:00 hrs. on the same day, NET called me again by cell phone sayingthat they had been contacted by Anatel and that the modem etc. would be col-lected earlier, namely, on Wednesday 19 August 2015 between 12:00 and17:00 hrs.. The Protocol № for this action was given as 013150544155219. NETgave me telephone № 08000200200 to call, should there be any further prob-lems.

NET: Evaluation

This whole process of ascertaining the applicability of the NET Internet serviceto my requirements had consumed a whole week's worth of stressful mornings.My anger was raised because all this disruption could have been so easilyavoided if the NET sales staff had not been so abysmally ignorant of theproduct they were selling. I had tried desperately to find out all the necessary





technical information about the service before purchase, all to no avail. I wasmet at every turn with an impervious wall of ignorance.

It appears to me that NET employs people with little, if any, technical know-ledge and provides them with little, if any, technical training. In other words,NET appears to me to have externalized the whole task of ascertaining thetechnical applicability of the offered service, plus the managing of their salesand technical staff. This task thus falls into the lap of the customer, without himbeing provided with any references to necessary proprietary information. Theonly place I was able to find any technical information at all was on blog sitesfor disgruntled users.

With all listening ports blocked, the NET service cannot rightly be called aproper Internet access service. And so NET is not strictly an ISP. It is simply aWeb access service provider (WASP). The user can access content via a Webbrowser and partake in whatever restricted interactive facilities can be imple-mented through a Web page. But nothing more. NET's blocking of all listeningports, without allowing the user to unblock those of his choosing, is absolutelycontrary to the Suggested Practices of the Broadband Internet TechnicalAdvisory Group, the emboldened heading statements of which are listed be-low.

• ISPs should avoid port blocking unless they have no reasonable alternat-ives available for preventing unwanted traffic and protecting users.

• ISPs that can reasonably provide to their users opt-out provisions or ex-ceptions to their port blocking policies should do so.

• ISPs should publicly disclose their port blocking policies. • ISPs should make communications channels available for feedback about

port blocking policies. • ISPs should revisit their port blocking policies on a regular basis and reas-

sess whether the threats that required the port blocking rules continue tobe relevant.

• Port blocking (or firewall) rules of consumers’ devices should be user-con-figurable.

It appears to me that, on all these points, the service provided by NET scores abig fat zero.

At 16:30 hrs. on Wednesday 19 August 2015, a technician from NET collectedthe RCA/Thomson DHG534B modem, yellow RJ45 cable and wall wart powersupply. NET did not incur any costs for installing any cabling or outlets withinmy apartment because these were already there.





A Reprehensible After-Shock

Notwithstanding, on 12 December 2015, I receiveda totally unexpected and extremely severe letterfrom what appeared to be some kind of financialdebt registry called Serasa Experian. The letterwas dated 01 December 2015, post marked 03December 2015. It was not received until 12December 2015. As well as the name of SerasaExperian, the letter also bore the name Claro,which is a telecommunications service provider.However, as best as I am able to ascertain, the let-ter appears to have been sent by Serasa Experian.The letter was not signed. Please click the imageon the right for an enlarged readable view of theletter.

The letter states (wrongly) that, for reason of non-payment, NET has termin-ated my contract and requested that my name be blacklisted, presumably on apublicly-viewable blacklist maintained by Serasa Experian, the author of the let-ter. The letter then specifies the creditor as:

NET BELO HORIZ CPNJ: 40.432.554/0835-06 Endereço da Credora: R FLORIDA 1970 - CIDADE MONCOES -SÃO PAULO - SP - CEP:04565-907

The letter then details the alleged debt as follows:

Valor da anotação Data do vencimento Natureza Contrato R$309,18 20/09/2015 OUTRAS OPER N28414190/05T654

The letter continues by making an overt threat that unless I settle the debtwithin 15 days of the date the letter was allegedly posted (03 December 2015)then my name will be made publicly available on Serasa Experian's blacklist ofnon-payers. Since the letter was received on 12 December 2015, this leavesme until Friday, 18 December 2015 to settle the "debt". That is 5 working daysfrom becoming aware that this alleged unexpected and incongruous debt evenexisted.

The letter then specifies two telephone numbers (3003-0222 and 0800-722-0222) which I may call to negotiate how I may pay the "debt" and get my nameremoved from Serasa Experian's blacklist. I telephoned the appropriate num-ber, whereupon I was asked to dial in my CPF number, which is a number alloc-ated to all residents in Brazil, as a unique personal identification for all financialtransactions and taxation payments.

At this point I became highly suspicious. This had happened before with regardto NET and also Oi (see later). These ISPs are surrounded by swarms of dubiousbusinesses, some of whom provide out-sourced technical services and others




http://robmorton.20m.com/internet/images/isp/false-bill-anon.jpg


who are simply phishers of personal information for purposes such as creditcard fraud. Generally, the next piece of information asked for is one's RG (Re-gistro Geral) number, which identifies a person as a citizen or a foreigner ofpermanent residence. Then follows a request for one's credit card number, in-cluding the 3-digit security code (presumably for the purpose of settling the"debt").

I had received a letter, right on top of the 11th hour, about an alleged debtabout which I had had no previous intimation and which does not make anysense. This letter contains telephone numbers which are answered automatic-ally, do not announce who they are and ask immediately for sensitive personalinformation. I have no way of verifying the letter's authenticity. To me, thisspells scam.

The following facts are relevant with regard to this letter.

1. The contract was not terminated by NET: it was terminated by me.

2. This was not because of my non-payment but because I had found theservice to be unsuitable for my purposes.

3. No information or warning regarding this charge was given prior to thetrial purchase.

4. No invoice or statement of account regarding this charge was ever re-ceived prior to the letter received on 12/12/2015.

5. I had never seen any mention of a Contract N28414190/05T654 prior toreceipt of the letter on 12/12/2015.

6. I used the service provided by NET exclusively for the purpose of evalu-ation.

7. This was necessary solely because NET was either unable or unwilling toprovide me with the simple necessary and sufficient technical detailsabout the service for me to be able to verify that it could not meet my re-quirements.

8. I used the service only for the 40 minutes I required to evaluate the suit-ability of the service to my needs, after which I removed the NET modemand disconnected the service from my apartment.

9. NET incurred practically no costs since all necessary cabling and fittingswere already installed in my apartment and condominium building.

10.I managed to access the Internet for the first time using the NET serviceat 12:00 11/08/2015. I cancelled the service at 13:10 11/08/2015: Proto-colo 013150543019564.

11.I was told by NET that the service was cancelled without onus: Proto-colo 013150543743585.

12.The cancellation was arbitrated by Anatel: Protocolo 2701643-2015.





Due to the imminence of the threat to be placed on a blacklist of non-payers, Idecided to deal with this through Anatel. So, on 13 December 2015, I re-gistered an appeal to Anatel, via the Anatel website, about this "charge out ofthe blue" - apparently levied by NET.

The whole way this situation had arisen led me to suspect that the letter pur-porting to be from Serasa Experian was the work of a identity theft gang. It wasa letter out of the blue. It arrived at the 11th hour, leaving no time for me todeal with the situation calmly and systematically. There was no prior intimationwhatsoever about the existence of this charge. I had no reason to suppose ofits existence. However, I was to be rudely surprised.

At 09:10 hrs. on 14 December 2015, I telephoned NET on number 10621, whichI knew to be genuine. My call was attended by a functionary called Daiane whogave a Protocol No 013150585472291 for my inquiry. I related the situation ofhaving received this letter purporting to be from Serasa Experian, fully expect-ing to be told that NET had no record of any outstanding debt, which of courseit shouldn't.

To my absolute surprise, she said there was an outstanding debt of R$309.18from 20/09/2015 which I had not paid and that I could retrieve a payment slipfrom the NET website or, if I preferred, she would send the payment slip to meby email. I opted for the latter.

I received the email to which was attached the bill-cum-payment slip shown on the left. Please clickthe image for a readable version. I note with in-terest that the nature of the charge is for "ItensEventuais", which I would translate as "SundryItems", which is appropriately nebulous, especiallysince I had asked for details of the charge. Detailsare shown below, although I have to admit that Iwas unable to read the microscopic print without amagnifying glass. NET charged me R$9.18 for 3days use of their service. In fact I used it for only40 minutes. The NET modem was connected tothe coax for 70 minutes, after which the coax itselfwas disconnected from NET's service and recon-nected to the old W@y service. The bulk of therather excessive cost of R$300 is stated as being

for the installation of the service.

The first thing my magnifying glass picked up in the "details" of the bill wasthat NET charged for the installation and usage of a service called "VIRTUA 15MS/WiFi COM FONE". NET did not "install" anything that could be remotely con-strued as WiFi.

The only activity, on the part of NET, which could be construed as installationof the service was as follows:

1. Disconnect the old W@y modem from the coax, my router and power




http://robmorton.20m.com/internet/images/isp/sem-onus.png


2. Connect the NET modem to the coax and my router and plug in power 3. Leave me without any functioning service.

Please note that it was I who had to reconfiguremy system to suit their modem by switching offmy firewall. Even then, all I could do was accesswebsites: nothing more. It was then I who discon-nected their modem and reconnected the oldW@y service. How can what NET did possibly jus-tify a charge of R$300, especially when they saidthat the service would be cancelled withoutonus?

It was W@y TV who had cabled my apartmentover 10 years previously on 20 December 2005.The service order detailing this work is shown onthe right. Please click on the image for a full sizedview. I have paraphrased, in the following list, theinstallation work carried out under this order.

1. Route new coaxial cable from distributionbox in corridor to outlet box in apartment sitting room.

2. Terminate coaxial cable at each end with coaxial connectors. 3. Connect a two-way 3dB splitter to the apartment end of the cable. 4. Cut a 3-metre length of coaxial cable to reach the TV from the apartment

outlet box. 5. Drill through the wall to the veranda, where the TV is located and grom-

met the hole. 6. Feed the cable through the hole and fit coaxial connectors to each end of

the 3-metre length of coaxial cable. 7. Connect one end of the 3-metre length of cable to the two-way 3db split-

ter and the other end to the cable TV decoder. 8. Prepare a 1-metre length of coaxial cable and fit a coaxial connector at

each end. Use this to connect the TV decoder to the television set. 9. Run a mole cable through the telephone conduits of the apartment to loc-

ate the route to the outlet in the study room. 10.Use the mole cable to pull about 15 metres of coaxial cable through the

conduits, from a telephone socket next to the cable outlet box in the liv-ing room, to a telephone socket in the study room behind the desk.

11.Terminate each end of the 15-metre length of coaxial cable with a coaxial connector.

12.Connect the sitting room end of the cable to the second outlet of the two-way 3db splitter.

13.Connect the study room end of the cable to the Motorola Surfboard mo-dem.

14.Connect the modem to my computer via a two metre length of RJ45 cable.

15.Connect the apartment's new cable to the W@y TV service cable in the distribution box in the corridor.




http://robmorton.20m.com/internet/images/isp/way-inst-no-addr.png


16.Test the cable TV service. OK. 17.Test the Internet access service. OK.

Total time taken: 1 hour 57 minutes. This I can imagine as justifying a charge ofR$300, although W@y TV made no charge for installation at all.

NET did not carry out any such installation work. NET simply used the ex-isting installation put there by W@y TV ten years before to allow me to test thesuitability of their service. NET said to me plainly that the trial was withoutonus and then renegued on what they had said by charging a substantial fee.And this false cost could be what NET charged onwards to me as the customerfor whom the work was purported to have been done.

It is entirely possible that NET truly believes that the installers it sentdid the full installation of the coaxial cable and fittings to, and within,my apartment. As I am given to understand it, NET outsources thetask of installation to various one-man-and-his-dog businesses. It istherefore entirely possible that the people who connected the NETmodem in my apartment invoiced NET falsely for the price of a full in-stallation, charging for the full time for drilling and routing, plus thecost of a copious length of coaxial cable and associated fittings.

Notwithstanding, NET made this charge without billing me or even telling methat they had made a charge. The first I know about it is 5 days before theyplace my name on a publicly-accessible blacklist of bad payers. I have never inmy life been a bad payer. Thus, placing my name there constitutes a Tort of De-famation against my person and my character. Being a Public Servant, thiscould well jeopardize my career, my position and my pension, as well as precip-itating future consequential losses and damages. And all without just cause.

Consequently, although I deny absolutely that I have any obligation whatsoeverto pay this charge, I nevertheless decided to pay it. This is solely to avoid NETplacing my name on the Serasa Experian blacklist. They have - deliberately, asit appears to me - left me no time to dispute this charge before my name wouldappear on the blacklist. I have thus been forced to pay a debt I do not owe inorder to avoid suffering the unmerited dire consequences which NET and Ser-asa Experian have threatened to place upon me. To my mind, this makes me anundeserving victim of aggravated extortion perpetrated upon a hapless indi-vidual by two substantial corporations. Certainly, in any future judgement Imay make, I shall regard the Serasa Experian blacklist of bad debtors as havingno credibility whatsoever, either way.

On 16 December 2015, I received a phone call from NET saying they had re-ceived communication from Anatel. The person simply asked if and when I hadpaid the debt. I told the person I had paid it. The person then said that theyhad not yet received confirmation from the bank that the money had been re-ceived. He continued that, once they had received confirmation, they would re-move my name from the bad debtors list.

This phone call clearly demonstrates the unmitigated audacity of this company.Firstly, despite the content of the Anatel appeal, the caller proceeded with the





two audacious presumptions that 1) the debt actually existed and that 2) thedelay in payment of the debt was entirely due to my deliberation, negligence oroversight. The context of the call revealed clearly that my name had alreadybeen placed on the Serasa Experian list of bad debtors, and that theywould only remove it once their bank had confirmed receipt of my payment.There was no mention whatsoever of the illegality of the charge in the firstplace or even that I was disputing it.

It appears that one simply has to accept that this is the way things are done inBrazil and that all is governed according to the law that might is always right.

If NET had been honest and supplied me with the few technical details I hadasked for in order to assess the suitability of their service to my purposes, Iwould never have requested the service. But NET's sales and technical stafftold me that all but 3 listening ports were open. As a result, I requested the ser-vice only to find it could not meet my needs. I quickly discovered that no listen-ing ports were open at my premises. NET supplied no instruction manual withthe modem and NET's technicians refused to open the ports.

The second detail my magnifying glass picked up on the emailed bill from NETwas a set of protocol numbers, which appeared as follows:

REGISTROS DE ATENDIMENTO:013150585472291, 013150545287706,013150545078543, 013150545054817,013150544365529

The first one, 013150585472291, pertains to my telephone call in response tothe letter from Serasa Experian on 14 December 2015. The other four protocolnumbers I know nothing about and hence they do not pertain to any interac-tions between NET and myself.

The upshot of what NET did has thus gained them an extra R$309.18, whichthey would not have gained had they been honest. NET's shareholders must bepleased. I'm not. I find myself unable to suppress my feeling of moral obligationto state that I find this behaviour on the part of NET to be reprehensible.

A Chance Discovery

On 06 January 2016, I arbitrarily decided to embark upon the gargantuan taskof clearing all the accumulated junk from my email account. Buried way back inthe truckloads of junk advertising for everything from sex pills to cut-price airfares, from dating sites to appeals from phoney charities, I spied an email titlethat began with the word "NET". I think I might have seen it way back inSeptember or October 2015. I can't really be sure. Notwithstanding, the NETservice having been cancelled without onus on the very day it was "installed", Imust have dismissed it as being either a "sorry to see you go" email or a plainsimple item of unrelated unsolicited junk advertising.





The last thing on Earth I would ever expect to receive by open email is a bill,especially since I had absolutely no reason to expect one. Notwithstanding,these irresponsible idiots actually sent me a bill via unprotected open email. I

didn't even know they had my email address. Iwould never give my email address as a means forreceiving bills. In this open unprotected email, theystate my full name, my full postal address and myCPF number (a number which everybody in Brazilhas as a means of uniquely identifying them for tax,financial and trading purposes). Together with myemail address, this makes quite a bonanza for anyidentity thief, be he petty, organised or from someclandestine foreign agency.

The bill itself was in a separate PDF file attached tothe email. This PDF file was completely open andunprotected. In other words, it was unencrypted.Not that NET asked for my public PGP key anyway.This bill, which is shown on the left, was discoveredfor the first time by me - entirely by chance - on 06January 2016.

It too contained my full name, my full postal address and my CPF number, all ofwhich I have removed from the illustration on the left. The bill also containedthe number of the so-called "contract" (which I had seen for the first time in theletter from Serasa Experian), plus the due date and the amount "owed". If I hadbeen expecting a bill at all, I would have expected it to arrive by normal post,as all my other bills do.

Again, this "original" emailed bill from NET contained a list of protocol numbers,which appeared as follows:

REGISTROS DE ATENDIMENTO:013150545287706, 013150545078543,013150545054817, 013150544365529,013150544333121

013150544333121 refers to the phone call to me from NET on Saturday 15 Au-gust 2015 at 11:05 am confirming the Termination of the Contract (Encerrra-mento do Contrato). The other protocol numbers are unknown to me and hencethey do not pertain to any interactions between NET and myself.

NET's email to me contained a link, which it invited me to click and follow, in or-der to change my account to automatic direct debit. Clicking on the link takesme to a web site that requires me to enter more personal data. Just to illustratehow dangerous it is to follow such a link in an email purporting to be from aknown company, I will mention just two emails I received recently. Both lookedvery authentic and professionally produced.

The first was "from" a Brazilian bank call Bradesco. It gave details of a substan-tial outstanding debt that I owed. It said that I should follow the link to what




http://robmorton.20m.com/internet/images/isp/FaturaNet.png


was displayed as the bank's legitimate web address. Looking in the status barof my browser, I could see that it was really taking me to a different addresswww. pwua.co/Sempre/ (IP 107.180.25.0), which appeared to be located on aGoDaddy server in Scottsdale, Arizona, USA. I clicked on the link. A very profes-sional-looking web page appeared, which looked to me to be exactly that of thegenuine Banco Bradesco in Brazil.

The page asked me to enter the number of my Agência (branch) - i.e. the sortcode - followed by my account number and its check-digit. Naturally, I enteredfalse Agência and account numbers, making sure the check digit tallied withthe account number. Next, it asked me to type in my password by clicking onthe appropriate keys of a displayed keyboard. Finally, it wanted my CPF. Inter-estingly, the first time I entered my (false) password, I was told it was incorrect.I entered the same password a second time and it was accepted. Nice touch. Agood start to building an identity thief's dossier on me. None of the links on thepage worked. The whole page was essentially a montage of images.

I received, almost at the same time, an email advising me to pay a fictitiousdebt that I "owed" another Brazilian bank Banco Santander. The server for thissite had an IP address located on Christmas Island. Of course, that does notmean to say that the server was really on Christmas Island.

The universal advice and received wisdom is to ignore and delete any emailthat leads you to a website for any purpose relating to money or involving per-sonal information. Such an email will almost certainly be bogus. And this is ex-actly what NET did with the email it sent to me. NET thereby also flagrantly dis-regarded the vulnerability it was placing upon me by publishing my personaldetails in an open email. No doubt NET finds it cheaper and more convenient tosend bills by email. Obviously, this convenience outweighs the exposure toidentity theft and personal damage to which this practice exposes its custom-ers. Ironically, when I went to collect my mail today from the mailbox of mycondominium building, I noticed bills from NET addressed to other residents.Obviously, they receive their bills from NET by normal post, as I would naturallyexpect. NET never sent any such bill to me by post. So why send a bill to me byemail - a bill I was never expecting - without ever telling me that is what it haddone or intended to do?

On Sunday 14 February 2016 I decided to make a new appeal to Anatel re-questing reimbursement of the R$300.18 that I had paid on Monday 14 Decem-ber 2015 to NET to avoid NET carrying out its threat to place my name on theSerasa Experian bad debtors list.

On Wednesday 17 February 2016 at 10:50hrs a woman called Priscila BrajatoRibeiro Elias telephoned telling me to email a copy of the paid NET invoice [email protected]. During the afternoon of Thursday 18 Febru-ary 2016 the same woman phoned my cell phone at work saying that my emailwith the attached paid invoice had not arrived. She said she would send anemail to me with details of what to do. No such email ever arrived. I re-sent myemail 3 more times. The woman said she would call me again at 12:00 the nextday.





19/02/2016 The woman did not call, so at 12:30 I tried calling the number ofthe woman registered on my cell phone. A recorded message told me that thenumber did not exist. The woman rang at 12:43 but I was in a bus and couldnot hear what she was saying. Told her to ring later. She rang later, interruptingme at work. She cited Anatel Protocolo 51667-2016 and gave NET Protocol013150585488438 for her call to me. She said I had not paid the R$309.18. Isaid I had. The call ended in stalemate.

I began to wonder why I had been asked to send the paid invoice pertaining toNET to an email address pertaining to "almavivadobrasil". I did an Internetsearch. I found that AlmaViva do Brasil is a telemarketing company. I could findno connection between AlmaViva do Brasil and NET.

On Friday 19 February 2016 at 16:50 hrs I discovered an email from PriscilaBrajato Ribeiro Elias asking for a copy of the paid invoice, which I had alreadysent four times. I sent it again at 17:02 hrs together with a copy of the originalinvoice acquired on 14 December 2015. I sent it as a REPLY to the email shesent to me, so that there could be no mistake that the address to which I sent itwas correct.

By Monday 22 February 2016 I had heard nothing further from Priscila BrajatoRibeiro Elias. I therefore assumed there would be no further action on her partsince, as far as she was concerned, I had not paid and therefore no moneyshould be reimbursed. Consequently, I re-opened the complaint process on theAnatel website, explaining that I had emailed the paid invoice to Priscila BrajatoRibeiro Elias four times and that she had denied having received it. I then up-loaded the paid invoice to the Anatel website to form part of the on-going pro-cess and as positive proof that I had paid the invoice.

On Saturday 27 February 2016 from 10:58-11:12hrs Kateane (she refused togive her surname) of NET telephoned me from (031)350559299 giving Protocol013160600932492. She asked for my CPF and bank details in order to pay theR$309.18 into my current account, I gave her my bank details. She said therewould be a confirmation call shortly from either herself or a colleague that thepayment had been made. At 13:17 hrs I received a call from NET(0411921094200) to verify account details again. At 14:22-30 hrs I received acall from NET (0411921087777 protocol 013160601992586) asking if I hadbeen dealt with to my satisfaction. I confirmed that I had.

On Monday 28 February 2016 received 3 emails giving times and protocol num-bers as follows: 12:06 hrs Protocol No. 013160601992586; 12:08 hrs ProtocolNo. 013160601970046; 12:09 hrs Protocol No. 013160601970046. Theseemails, quite frankly, conveyed nothing whatever to me.

On Tuesday 29 February 2016 at 14:15 hrs a woman from NET rang my homefrom 031-3505-9299. I was at work and so she was asked to call the next dayduring the morning only. She did not call again.

On Thursday 03 March 2016 I saw the following entry on my bank statementextract taken from an ATM:





02/03/2016 000745 CRED TED 663,36C

Brazilian bank statements do not show who pays credits or by whom debits arereceived, so I have to assume it was NET since it is the only credit in the ex-tract that I cannot account for. The amount, which is over double the R$309,18NET owed me, was obviously the amount determined by Anatel to take into ac-count inflation plus my efforts and the disruption caused to me by NET in thismatter.

All I Ever Needed To Know

All the information I ever needed to know,about the NET service, in order to determineits suitability for my purposes, is as shown inthe table on the right. If NET had made avail-able to me, prior to "purchase" these 6 simpleitems of information, then I would never havetaken the matter any further. But NET's salesand technical operatives simply affirmed thatthe NET service would fulfil all the require-ments I mentioned.

What I told NET that I wanted is as shown in the table on the left. This is essentially the service which W@y TV had been providing me with for the past 10 years. Is this information to much to ask of an internet service pro-vider? Am I really to believe - as it would appear - that this information is too complicated for their functionaries to understand?

The only possible complications are the delivery, addressing and port options,which are simply stated as follows. Delivery options: ADSL, Coax, G3, G4, WiFi.IP Address options: Fixed IPV4, Dynamic IPV4, IPV6 (fixed). Listening port op-tions: all open; user-configurable from modem's web interface; user-configur-able, except as speci fied ; all closed.

Oi Velox 2Mbps InternetHaving found the NET service unusable, I started, on 12 August 2015, to combthrough the Oi website to try and find a suitable Internet service package. Itwas just a Christmas tree of commercial advertisements for various packagesand so-called "combos". The terminology was confusing and the only piece ofuseful information I could glean from each offer was the download speed andthe price. Search as I might, I could find no other details.


NET's SERVICE

Monthly Fee R$89,90

Delivery Coax

Download Speed 15 Mbps

Upload Speed 02 Mbps

IP Address Dynamic IPV4

Listening Ports All closed

THE SERVICE I ASKED FOR

Monthly Fee R$50 to R$100

Delivery Coax (or ADSL)

Download Speed 2 Mbps or greater

Upload Speed 512 kbps or greater

IP Address Fixed IPV4

Listening Ports All open


http://robmorton.20m.com/internet/isp.html#ports



On 13 August, I tried the Oi website's chat fa-cility to chat with an expert. I began by saying(roughly translated) that I would like to buy theOi-Velox 2 Mbps service but that I needed ports21, 4662, 4665, 4672, 47862 and 57195 openfor listening and to please verify that the Oiservice does not block these ports. To this, theOi expert, Evelin Araujo simply responded"OK". In hind-sight, I hope that I wasn't beingtoo rash in assuming that the service wouldnaturally leave all ports open for in-boundpackets. Since, after her "OK" she went on toask my postal code to verify service availability(which I had already done via the Oi website), Inaturally took her "OK" as a positive answer tomy question.

The rest of the chat was, for me, somewhat confusing. It was, in fact, thesecond chat I had made via the Oi website to try to ascertain the minimum ne-cessary and sufficient information about the service that I would need in orderto determine its suitability for my purpose prior to purchasing it. Consequently,the only way to discover this minimum necessary and sufficient informationwas to buy the service and hope for the best.

I made one last concerted effort, spanning two whole days, searching the usercomplaints blogs and those pertaining to users with some degree of technicalknowledge. My most positive discovery was a blog in which a subscriber re-vealed his painstaking research about the Oi Velox service. He revealed thatthe following ports were blocked:

Port № Protocol Res† Emp‡ Service 21 TCP × FTP (File Transfer Protocol) control 22 TCP × SSH (Secure SHell) 23 TCP × Telnet 25 TCP × SMTP (Simple Mail Transfer Protocol) 53 TCP UDP × Domain Name Server 69 UDP × × TFTP (Trivial File Transfer Protocol) 80 TCP × HTTP (Hypertext Transfer Protocol)

110 TCP × POP3 (Post Office Protocol Version 3) 111 TCP UDP × × NFS (Unix Network File System) 135 TCP UDP × × INGRES-NET service 137 TCP UDP × × NETBIOS name service 138 UDP × × NETBIOS datagram service 139 TCP UDP × × NETBIOS session service 143 TCP × × IMAP (Internet Message Access Protocol) 161 TCP × SNMP (Simple Network Management Protocol)



http://forum.baboo.com.br/index.php?/topic/248190-saiba-quais-portas-do-velox-resid-e-empr-est%C3%A3o-bloqueadas/


http://robmorton.20m.com/internet/images/isp/Oi01.png


443 TCP × HTTPS (Secure Hypertext Transfer Protocol) 445 TCP UDP × × SAMBA (Microsoft's Network File Sharing) 513 TCP × × who, login 515 TCP × × printer spooler

1080 TCP × × Socks 1433 TCP × × ms-sql-s (Microsoft SQL server) 3128 TCP × × ndl-aas Archive API server port 3129 TCP × × netport-id NetPort Discovery port 4444 TCP × × KRB524, NV Video default 4480 TCP × × unassigned 6588 TCP × × unassigned

†Oi-Velox Residential Service, ‡Oi-Velox Business Service. I cannot imagine why they would want to block two unassigned ports.

Most of the above blocked ports should indeed be blocked from the Internet.This is because most of them are allocated to service dæmons which provideservices whose appropriate jurisdiction lies only within the individual computeritself. A few also have appropriate jurisdiction within a local area network. Hav-ing these ports open to the Internet could leave both the LAN - and the com-puters connected to it - rather vulnerable to either accidental or deliberate in-vasion.

None of the listening ports that I absolutely need to be open, for requests arriv-ing from the Internet, appears in the above table. Port 111 is open within myLAN for the Unix Network File System, but it doesn't need to listen to the out-side Internet.

Notwithstanding, I have no option but to assume that the above-listed ports areblocked only for incoming originations (listening) and that they are open forout-going traffic. For instance, I do need Port 25 open for out-going traffic in or-der to retrieve my email from my email server in the United States, which Ihave had for almost 15 years and through which just about everybody I haveknown during that period contacts me.

I now had a simple choice. On the one hand, I could decide not to subscribe toa service about which I could not obtain the minimum necessary and sufficientinformation for deciding whether or not it would fulfil my requirements. On theother hand, I could ignore the "buyer beware" adage and just go blindly aheadwith the purchase, in the hope that all would be well after the event. Since allthe large corporate ISPs in Brazil appear to be of the same ilk, the first optionwould leave me permanently cut off from the Internet. Since most of my worksince 1963 has been in computing and telecommunications, involving the Inter-net and its predecessors, I would face a future in limbo. Consequently, goingblindly ahead with the purchase was my only practical option.





Oi: Purchase and Installation

Saturday 15 August 2015 AM: I went to the Oi shop at Shopping Cidade in BeloHorizonte. A download speed of only 2 Mbps was the maximum Oi couldprovide, which seemed rather slow for this day and age. I have no idea whatthe upload speed will be as I could find no such information on the Oi websiteand nobody with such knowledge was contactable prior to purchase either inthe shop or by telephone. The Oi Velox 2 Mbps service was scheduled to be in-stalled between 08:00 and 12:00 hrs. on Tuesday 18 August 2015. At 09:35 hrs.on 17 August 2015 I received a telephone call from Vidal Matos of Oi (Protocolo201542663063) asking if I had been treated appropriately during the purchase.The person who attended in the shop treated me well and conducted the busi-ness but had no technical knowledge whatsoever, nor access to anybody whodid.

At 21:40 hrs. on Monday 17 August 2015 I suddenly found a lone PDF file onthe Web which gave the download and upload speeds of the Oi Velox service Ihad purchased. These were: download speed: 2 Mbps, upload speed: 512 kbps.But nothing about whether or not any ports were blocked. In this document Idiscovered yet another piece of significant information which I could not findprior to purchase, despite asking. That was that I was allowed only up to aquota of 50 gigabytes (GB) of data traffic (up + down) per month. The old W@YInternet service had no monthly quota limit. Notwithstanding, 50 GB seemedway more than adequate for my kind of use.

At 09:30 hrs. on Tuesday 18 August 2015, Oi telephoned saying the installerwas en route (Protocolo 20151122145927). At 11:15 hrs. the Oi installer him-self phoned to say he was en route. He arrived at my apartment at 12:30 hrs.He disconnected the existing Motorola RF cable modem from the router of myfully working system and connected in its place a D-Link DSL-2500E modemwhich he had brought.

Name: D-Link Model: DSL-2500E MAC address: B0C554A96CC1 P/N: ISL2500EZBO6.B1GSerial Number: QX0L1E1546497 Input: 5V, 1A unsmoothedHardware: B1 Firmware: OI-V1.11(131106)

My computers were, at that point, unable to access the Internet. He disconnec-ted my computer from my router and connected it directly to the new modem. Iwas then able to access the Web from the browser on my computer. He saidthat everything was working and that there was a problem with the configura-tion of my router, which was not his jurisdiction.




http://robmorton.20m.com/internet/images/isp/Oi-modem.png


Oi: A Sense of Having Been Deceived

I told the technician, before he went, there were 7 functionality tests I wishedto conduct in order to prove to myself that everything was working properlyand that the listening ports I required were open. I conducted the 7 tests. Alltests passed except the last two. Although I had an HTTP server and an FTPserver running on the old W@y Internet service (up until about 20 minutes be-fore), I did not expect either of these to work with the new service. I was reluct-antly resigned to that inevitability. I was satisfied because I was seeing high IDson the eDonkey, Kademlia, Gnutella and G2 services. The installer left.

The Oi installer could not have been gone more than five minuteswhen the four listening ports for the eDonkey, Kademlia, Gnutella andG2 services all closed, as if automatically. My computer was now welland truly firewalled!

I had pestered, pestered and pestered prior to purchase for information regard-ing closed ports. But none had been forthcoming. Consequently, I am highlysuspicious that Oi closed the ports on their modem remotely via the TR-069protocol as soon as they knew the installer had left. I cannot think of any otherreason why they should be open when he was here and then close soon afterhe left. I remained extremely angry about being firewalled after the event inthis apparently very under handed manner.

Oi: Listening Ports Test

To double-check the situation, I firstly lowered the firewall on my computer. Ithen closed, waited two minutes and then re-started the eDonkey, Kademlia,Gnutella and G2 programs. I then used a remote Web-based open port checkerto test if those ports could be pinged from the outside world. All four portstimed out with no response. My listening ports were indeed being blockedsomewhere between the open port checking service and my computer.

I then tried using a range of alternative listening ports appropriate for each ser-vice. Same results. It appeared that all unsolicited incoming packets were beinguniversally blocked. It didn't seem to be just some listening ports beingblocked: it seemed to be a case of all listening ports being blocked indiscrimin-ately. Thus the final results of my tests, both for the old W@y Internet serviceand the new Oi Internet service (which replaced it), were as shown below.

W@y Oi Application Pass Pass client HTTP access via Web browser Pass Pass client SMTP/POP3 Email access via Thunderbird Pass Pass client FTP access to my hosted web space Pass Fail High ID access to eDonkey/Kademlia Pass Fail High ID access to Gnutella/G2 Pass Fail FTP server Pass Fail HTTP server





I have no way of re-configuring the modem to open the four ports I require. Oidid not provide me with a name and password with which to enter the modem'sconfiguration facility. They did not even leave me a user guide, let alone a usermanual. Besides, I expect that if I were successful in hacking my way in to themodem's configuration facility, Oi would automatically re-close the listeningports concerned by TR-069 remote configuration.

"Based on scans of the Internet Protocol version 4 address space, the7547 port, which is associated with TR-069, is the second most fre-quently encountered service port after port 80 (HTTP), ..." PC World April 10, 2014 6:45 AM

So it would seem that a lot of use is made of TR-069.

Reconfiguring The Router

I reconnected my computer to the router as it had been before changing overto the new Oi Internet service. I connected the router to the D-Link modem,which the technician had installed. I switched on my computer and also an-other one which was also connected to the LAN. Neither computer was able toaccess the Internet. I logged in to the router's configuration facility via my com-puter's web browser. There I noticed that the modem had the same fixed IP ad-dress (192.168.1.1) as the router. In this situation they obviously could notcommunicate.

Not having been given the user name and password of the modem's configura-tion facility, I could not reconfigure the customer-side address of the modem. Tohave been able to do this simple thing would have saved me an awful lot ofwork. I therefore had to change the base of the router's address space. Ichanged it to 192.168.2.1. This precipitated quite a large collateral workload. Itmeant I had to change the fixed IP addresses of all the three main computerson my LAN from 192.168.1.XXX to 192.168.2.XXX. I also had to update theseaddresses in the NFS, LAN scanner, and LAN printer configuration files and editthe NFS entry in the fstab file, which was no small task.

I also had to clone my computers MAC address into the router because it ap-peared that the Oi service uses MAC addressing to authenticate a connection.And it registers the MAC address of the first device to be connected to the mo-dem, which was my computer: not the router. After a couple of hours of con-centrated effort I managed to get the Oi modem working through the routerwith all the computers on the LAN. But, of course, all listening ports were stillclosed.

At 16:05 hrs. on 19 Aug 2015 I received a call from Oi about configuring themodem. The telephone line was so distorted and the background so noisy thatit was difficult for me to make any sense of what was being said, but it seemedthe person wanted to know all kinds of bureaucratic details about me. I told theperson to call again tomorrow morning when somebody with a far better com-



http://www.pcworld.com/article/2463480/many-home-routers-supplied-by-isps-can-be-compromised-en-masse-researchers-say.html



mand of Portuguese would be here, who would be far better able to makesense of what was being said in such circumstances.

At 17:15 on 19 Aug 2015 my Internet connection went down. My browser didnot seem to be able to access a DNS. At 18:38 hrs. I decided to try re-bootingthe modem. It worked. I was back on line. I felt disturbed that the modem hadhung like that.

At 10:15 am on Thursday 20 August 2015 I called Oi's technical support ser-vice. I was attended by a person called Isaias (protocolo 20151123324432). Iasked him why all the listening ports were closed on my service and that I re-quired at least ports 4662, 4665, 4672, 47862, 57195 open. I even explainedwhy I needed the ports to be open. Isaias responded that I already had themaximum velocity available at my premises and that it could not be increased.Clearly he had no idea what I was talking about. He did not even seem to un-derstand what ports were. It seemed plain that I was not going to get anymeaningful help from Oi. With regard to the problem of closed ports, it seemed,I was well and truly on my own.

At 09:35 hrs. on 24 August 2015 I received a strange telephone call from a wo-man who first said she was from UOL (Universo Online, a Web content,products and services provider whom I had never contacted). The woman thencorrected herself, saying she was from Oi. I asked her for a protocol number.She hung up.

Where Does The Blocking Occur?

The D-Link DSL-2500E modem, as installed by the Oi technician arrived in a boxpertaining to a different make and model of modem: a Sagemcom 2704N. Nouser manual or installation guide of any kind was supplied. I did a little re-search on the D-Link DSL-2500E modem and discovered that it was referred toas a "Modem-Router". This seemed a bit strange since it has only one RJ11 porton the Internet side and only one RJ45 port on the user side. I surmised that the"router" aspect of this device must be solely concerned with the control of dataflow: in other words, it had a firewall. My home installation had thus become asfollows.





The only change to my home installation was that the W@y Internet RF modemhad been replaced by the Oi modem/router, as shown above. My catastrophicproblem with closed ports could therefore only have one or both of two causes:

1. The ISP (Oi) was blocking all listening ports remotely, or 2. The modem/router's firewall was blocking them locally.

In the first case, the blocking would undoubtedly be occurring within the ISP'slocal Distribution Router (shown as a yellow square in the following diagram). Ivery much doubt that Internet Backbone Routers (shown as green circles)would engage in any form of port blocking.

If port blocking were effected within the ISP's local Distribution Router, I wouldexpect it to be similar to what is shown in the above Port Blocking Table. Iwould not expect a local Distribution Router to block all unsolicited incoming IPpackets (i.e. to implement the total blocking of listening ports).

The blocking of unsolicited incoming IP packets begs the question asto where (at what point in the network) my monthly traffic quota ismeasured. Is it measured within the ISP's Modem or the ISP's localDistribution Router? I would expect it to be measured in the Distribu-tion Router. More significantly, do my monthly traffic quota measure-ments include or exclude the blocked unsolicited incoming packets,which of course I do not receive? Am I being effectively charged forthe data the ISP is blocking from me contrary to my wishes?

I could do nothing about any blocking which may or may not be taking placewithin the ISP's local Distribution Router. I could only hope that the blockingwas taking place within the DSL-2500E Modem/Router installed at my premises.I therefore decided to try to reconfigure the "modem/router" locally.





Trying to Open The Modem's Firewall

Before trying to re-configure the modem's firewall, it is necessary to be certainof exactly who is who regarding IP addresses. The LAN-side address of myrouter and the LAN addresses of my three computers are all fixed. With the oldW@y Internet using the Motorola RF modem, the router's LAN-side address was192.168.1.1 and the local addresses of my three computers were192.168.1.100, 192.168.1.102 and 192.168.1.104. The reason for the computeraddresses being in steps of 2 (100, 102, 104) is because each computer alsohad a provisional wireless address (101, 103, 105 respectively). The Oi modemuses the fixed Outer LAN-side address of 192.168.1.1. So I had to change therouter's fixed address on the Inner LAN to 192.168.2.1. This required that the 3computers' addresses had to be changed to 192.168.2.100, 192.168.2.102,192.168.2.104, as shown in the following diagram.

The addresses shown in green are dynamically-allocated. The router's Outer"LAN" address is allocated dynamically by the modem. However, since therouter is the only device to which the modem connects on its "LAN" side, thisaddress is always likely to be the same. It can therefore be regarded as fixed.The modem connects to the ISP's Gateway, which runs within the ISP's Distribu-tion Router. Its address should not vary. The modem's WAN-side IP address isdynamic, being allocated by the ISP's Gateway each time the modem re-con-nects to the Gateway.

This arrangement gave me the followingsingle address-space on the customer side(my side) of the DSL-2500E modem, asshown on the right. Other devices should beable to connect to my Inner LAN from timeto time via dynamically allocated IP addres-ses from 192.168.2.106 onwards.

Each device should be able to address any of the other devices within the com-bined Inner and Outer LANs. Thus, I should now be able to address the Oi mo-dem from my computer by entering its address 192.168.1.1 into my browser. Itshould also mean that, conversely, the Oi modem should be able to "see" mycomputer as 192.168.2.100.


DSL-2500E Modem 192.168.1.1

TP-Link Router 192.168.2.1

My Computer 192.168.2.100

Computer 2 192.168.2.102

Computer 3 192.168.2.104




The technician gave me no instructions on how to use or configure the modem.I was not even supplied with a user-name, a password or the web address foraccessing the modem's configuration facility. Happily, I discovered that, unlikeNET's RCA modem, the Oi D-Link modem/router has a browser-based configura-tion interface. So at 07:00hrs. on Thursday 20 August 2015 I decided to try tore-configure the Oi modem myself.

Hoping that Oi had not changed the ubiquitousfactory defaults, I entered the modem's LAN-sideIP address 192.168.1.1 into my browser's addressfield and hit RETURN. A dialogue box appearedasking for my user-name and password. I enteredthe word "admin" for both the user-name and thepassword, then clicked the OK-button. The mo-dem's Status Page appeared as shown on the left.Please click on the image for an enlarged view. Ilooked next at the LAN-setup page. I did not needto alter anything here. Everything on this pagewas set up correctly already. It seemed that the"Advanced" tab was the one I needed for openingthe listening ports.

With precisely-configured firewalls in my TP-Link router and all 3 computers, allI really wanted to do was simply disable completely the firewall inside the newD-Link modem/router. I just wanted it to pass everything unhindered to myrouter exactly as W@y Internet's Motorola RF cable modem had done. But ofcourse it was never going to be that simple.

1) Access Control List

The first item on the side menu of the Ad-vanced page is the Access Control List. Theinstruction at the top of this page reads:"You can specify what services are access-ible form LAN or WAN parts. Entries in thisACL table are used to permit certain types ofdata packets from your local network or In-ternet network to the Gateway. Using ofsuch access control can be helpful in secur-ing or restricting the Gateway managment."[sic]. This wording is, to me, confusing. It issaid to be a table of permissions, which isuseful to control or restrict.




http://robmorton.20m.com/internet/images/isp/router-status.png

http://robmorton.20m.com/internet/images/isp/access-control-list-LAN.png


My best guess from the last sentencequoted above is that this Access Control Listis a list of places (computers) from which aperson may have control over the re-config-uration of the modem. I see that there isalready an entry in the table at the bottomfor anybody on the WAN (Internet) side ofthe modem to modify its configuration butnone for the LAN (my) side. I therefore setthe radio button to enable LAN control, en-tering an IP address of 0.0.0.0 to signify thatany computer on my LAN could be used tore-configure the modem. I was still left con-fused as to how this entry enabled me to"manage the Gateway" from the LAN.

The WAN (Internet) side seemed even moreproblematic. Initially, I found that only pingswere permitted (accepted by the gateway)from the Internet side. I had the option of al-lowing Web, Telnet, FTP, TFTP, SNMP andping to pass through the gateway. I tickedthem all. But, I wondered, what about otherservices, which are not on the list, that Imay wish to use from the Internet? Am I be-ing forbidden to use them? I am - and re-main - bewildered as to what these entriesreally mean and what will be their resultingeffect.

The next item on the menu is Port Triggering. Setting up server applications totrigger a port every so often to keep another listening port open is always prob-lematic. Besides, I would need to know the dwell time for a port remainingopen. This is a time interval set somewhere within the gateway, which I haveno idea how to find. I therefore decided to leave Port Triggering alone.

2) The DMZ Option

It would appear, in this context, that DMZ stands for "Demilitarized Zone". Theinformation note at the top of the form reads:

"A Demilitarized Zone is used to provide Internet services without sac-rificing unauthorized access to its local private network. Typically, theDMZ host contains devices accessible to Internet traffic, such as Web(HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers."

I wish to serve my essays via aMule, Gnutella and G2. I would like also to makethem available via HTTP and FTP, as I did via the old W@y Internet service.However, to do this, I would again need a fixed IP address, which this new ser-vice does not provide. Notwithstanding, a DMZ would seem to be what I need




http://robmorton.20m.com/internet/images/isp/access-control-list-LAN2.png

http://robmorton.20m.com/internet/images/isp/access-control-list-WAN.png


to permit Internet users to access my shared files via aMule and Gnutella/G2,with the ability also to use Kademlia to search for the subject matter coveredby my essays.

All I had to do was to enter the LAN-side IP address of the demilitarizedzone. I am not sure whether I shouldenter the address of my computerrunning the servers 192.168. 2.100 orthe address of the WAN side of myLAN router 192.168.1.2.

The situation is not at all clear. Arbitrarily, I opted for my computer, since themodem should be aware of my computer on the Inner LAN. Notwithstanding,the whole notion of what exactly they mean by a Demilitarized Zone remains amass of confusion. All I want to do is forward the blasted listening ports!

3) IP Port Filtering Options

I selected the Filtering Options item on the Advanced Menu and the page I sawlooked ominous. The first thing to catch my eye was a two-line section at thetop subtitled DEFAULT ACTION STATUS. The two lines were as follows.

Outgoing Default Action: ◉ Permit ◌ Deny Incoming Default Action: ◌ Permit ◉ Deny

The big problem with this is that the radio buttons were grey, meaning that Icould not alter their settings. To alter these, I suspect that I would have to enterthe configuration program using some kind of superuser password, which I didnot have. I felt at this stage that I had well and truly come up against a brickfirewall. It gave me the impression that this setting caused all unsolicited in-coming request packets to be blocked by default. And this is 100% consistentwith what is actually happening.

Nevertheless, I lived in hope that perhapsthe Rule Configuration section below couldbe made to somehow temper the out andout denial of unsolicited incoming packetsset in stone by the Default Action Statussection above it. The note at the top of thispage reads: "Entries in this table are used torestrict certain types of data packets fromyour local network to Internet through theGateway. Use of such filters can be helpfulin securing or restricting your local net-work." I presume that "restrict" refers to theoption to deny passage to all unsolicited in-coming packets, as set by the lower greyedradio button.




http://robmorton.20m.com/internet/images/isp/DMZ.png

http://robmorton.20m.com/internet/images/isp/filtering-options.png


I therefore attempted to set up rules to allow through the unsolicited incomingpackets which I wanted, namely, all of them. The entry form had radio buttonsto permit or deny, which I presume operated in opposition to the way the De-fault Action radio buttons operated. In other words, I assumed I could createrules which would allow at least part of what was denied by the Default Actionradio button for incoming packets. So I set the rule action to "Permit". The nexttask is to select which direction to "permit": Upstream or Downstream. Does"Downstream" mean "Incoming" and "Upstream" mean "Outgoing", or am Imissing something here? To try to make the gateway permit everything bothways, I set up a rule as follows.

Permit everything from my gateway 192.168.1.1to my computer 192.168.2.100 to travel "Downstream".

I really don't know whether this rules make sense or not but since I have noway of Permitting incoming packets universally, what else can I do? I stronglysuspect that rules entered on this page can only restrict what is universallypermitted by the greyed-out radio buttons under the DEFAULT ACTION STATUSsub-heading but cannot be used to permit, in part, what has been universallydenied by the greyed-out radio buttons. If this be so, all unsolicited incomingpackets will be denied passage through the gateway from the Internet to myLAN and there is nothing I can do to change this.

I further suspect that the current settings of the DEFAULT ACTION STATUS radiobuttons was set remotely by Oi engineers via the TR-069 facility as soon asthey knew that the installation technician had left my premises.

The following menu option was URL block. I have no interest in blocking any-thing. I simply want to get this confounded gateway open. The next option onthe menu is Denial Of Service Settings. Service cannot be denied when it isn'teven working yet. So I'll pass this one for now. The next item on the menu is forsetting the IPV4 and IPV6 Domain Name Servers. These are already set to auto-matic, so I'll leave them. The next item was Software Tools. All were disabledand no specific Internet services were forbidden. The next item is Routing. Nostatic routes were set and I don't need any.

4) NAT Virtual Server

The necessary and sufficient information needed to specify a listening port tobe forwarded to a computer on the LAN from the Internet is as follows:

• The name of the relevant server running on my main computer • The number of the port on which it is listening • The LAN IP address of the computer on which it is running • The TCP/IP protocol for which the server is listening

One would rightly assume that the source of the packets being listened for ar-riving from the modem would come from the WAN interface as specified else-where.





The only sub-page under the "Advanced"tab on which I found an in-fill form for thiskind of information was the "NAT VirtualServer" form, as shown on the left. At thetop of the form was written: "The page allowyou to config virtual server, so others canaccess the server through the Gateway"[sic]. Please click on the image for an en-larged view.

NAT stands for Network Address Translation. It is a method by whichthe Internet address of your router (say 201.62.140.93) is translatedinto the LAN address of your computer (say 192.168.2.100). Thismakes your LAN computer appear, to computers on the outside Inter-net, to have your router's Internet address; but only as regards datatransactions taking place on particular ports at a particular time.

The wording on the above page assumes a certain context. For instance, am Iright in assuming that the "others" are computers in the outside world. That is:not on my LAN but on the external Internet. I shall assume so. I fail to see why Ineed to specify anything about the WAN interface here as no other option ispossible. I can't forward ports from anywhere other than the established Inter-net connection. Notwithstanding, the form does contain fields for the four es-sentials listed above.

I therefore entered the details foreach of the ports that I needed to for-ward to the servers on my computer.There was no option for selecting boththe TCP and the UPD protocols in asingle entry for a single port. It wastherefore necessary to make an entryfor each port-protocol combination.The entries I made are as shown inthe screen-shot on the right. I selec-ted the "Maintenance" tab and com-mitted the changes to the modem'ssystem memory. I rebooted the modem.

I closed and re-started my servers. They were all still well and truly firewalled.Their listening ports could not be seen from the outside world. The modem re-configuration that I had done had changed nothing.

5) NAT Forwarding



http://portforward.com/help/portforwarding.htm


http://robmorton.20m.com/internet/images/isp/virtual-server1.png

http://robmorton.20m.com/internet/images/isp/virtual-server2.png


Of the list of NAT sub-options, the next mostlikely cause of my LAN being firewalledseemed to be "NAT-forwarding". At the topof the form is written: "Entries in this tableallow you to automatically redirect commonnetwork services to a specific machine be-hind the NAT firewall. These settings areonly necessary if you wish to host some sortof server like a web server or mail server onthe private local network behind your Gate-way's NAT firewall."

Although it is not unambiguously clear to me, I think this means that this facil-ity allows me to direct requests coming in from the outside world (i.e. emanat-ing from the Internet) to server dæmons running on a particular computer onmy LAN. The wording does, however, leave me in doubt as to what is meant by"Local" and what is meant by "Remote" with regard to IP addresses.

The Local IP address could mean that of the computer 192.168.2.100 runningthe servers on my LAN. After all, it is what I can reasonably think of as a localmachine. If so, perhaps the Remote address is that of the gateway 192.168.1.1in that it effectively represents to computer 192.168.2.100 all the computersout there in Internet land. However, the Remote address could also be the inde-terminate address 0.0.0.0 of all the computers out there in Internet land. Onthe other hand, "Local" could mean the address of the gateway 192.168.1.1 be-cause it is the machine (within the modem) on which I am entering this inform-ation. In this case, the Remote address must be that of computer192.168.2.100 running the servers on my LAN.

Local Remote Accepted? 192.168.2.100 0.0.0.0 NO

192.168.1.1 192.168.2.100 NO 0.0.0.0 192.168.2.100 YES‡

192.168.2.100 192.168.1.1 YES†

Computer 192.168.2.100 must be mentioned. The configuration program ac-cepts 192.168.2.100 as either Local or Remote. If it is Remote then 0.0.0.0must be Local. This could mean that the gateway (the machine I am messingwith) is the local machine representing the indeterminate address of whatevercomputer out there in Internet land is making the request. On the other hand, if192.168.2.100 is deemed to be Local, being on the Local Area Network, the Re-mote address must be 192.168.1.1, that of the gateway. I decided to opt for thelatter †. I deleted the top two entries in the table. But try as I might, the config-uration program flatly refused to delete the final entry shown in the table. So Ideleted the next to last one and opted finally for the third version ‡.

Of course, this confusing situation could have been made crystal clear by usingabout 50% more properly constructed wording. In the end, I simply had to take




http://robmorton.20m.com/internet/images/isp/NAT-forwarding.png


a chance. Needless to say, after passing these changes to the modem's systemmemory and re-booting everything, I was still firewalled.

6) Port Forwarding

Port forwarding is really what I want to do. It is what I have been trying to do allalong. It was an utter mystery to me as to why I could not find a Port Forward-ing option anywhere within the configuration facility of this modem. However, alittle more Internet research eventually revealed why I could not find it. I sawthat the generic version of the D-Link DSL-2500E modem configuration had aPort Forwarding option in its side menu under the Advanced tag, as seen below.

This option was not present in the Oi version of the modem's firmware.Oi had intentionally and deliberately removed the facility for forwarding ports.All were blocked without any means for the user to unblock any. Oi'ssalespeople had straightly lied to me about all ports being open. They knewperfectly well that they had all been intentionally and permanently closed.

7) Channel Configuration

My quest all along has been simply to get back what I had before with the oldW@y Internet service. In other words, I want what is effectively a dumb mo-dem, which does nothing to the IP packets passing through it. In this case, theIP addresses at the various points in the local network would be as shown be-low.





The WAN interface of my router would then, as before, have the IP address al-located to it directly by the ISP's Distribution Router's gateway software. Themodem's LAN-ward IP address would be the same as it was and would be solelyfor accessing its configuration facility from a computer on my LAN.

The obvious way to achieve this seemed tome to be to somehow disable the modem'smechanism for translating IP addresses fromits WAN-side and its "LAN"-side (betweenthe modem and my router). The mechanismthat expedites this translation is the Net-work Address & Port Translator (NAPT). Itseemed sensible that this should be what Ineed to disable. The only place where I canapparently do this is on the Channel Config-uration, as shown on the right. Please clickon the image for a large readable view. Isimply had to change NAPT in the table atthe bottom from "On" to "Off". I thereforenoted all the settings in the bottom tablethen deleted it. I then entered the same de-tails into the entry fields.

However, before clicking the ADD button to create the new table entry, I un-ticked the NAPT box, which had been automatically ticked by default. Afteradding the new table line, I went to the MAINTENANCE page and saved thechanges. I then switched everything off - computer, router, modem - for a fewminutes. I then powered up from a cold start and left the system for half anhour to give the modem plenty of time to synchronize with the ISP's service.

And guess what: it didn't work. The modem refused simply to pass untranslatedIP addresses to my router. I have never, in all the 52 years since I entered thecomputer and telecommunications industry in 1963, had such trouble with con-figuring a communications device. For this reason, I think that the generic firm-ware of the modem must have been modified at source and rebuilt (re-com-piled) by or at the request of this ISP, to the specific end of ensuring that no un-




http://robmorton.20m.com/internet/images/isp/channel_config.png


solicited incoming IP packet can be passed to the LAN-side. Without the sourcecode of the modem's firmware, I can do nothing more.

Sting in The Tail

Oi had informed me that my original contractfor the old cable service would end on 18 Au-gust 2015 and that I would need to sign up tothe new service under a different contract.This could be done either on-line or at the Oishop in the city centre. I looked on-line anddiscovered that the only service available tome at my address was the 2 Mbps ADSL ser-vice, the advertisement for which, as it ap-peared on Oi's website, is shown on the left.This box-ad was the only information avail-able about the service prior to signing up topurchase it. I decided to buy from the Oi shopin the city, where the salesperson showed methe same box-ad in the Oi brochure. I as-sumed that "MEGA" meant "megabits persecond". I signed an order form for the ser-vice, which contained nothing about price. Ireasonably assumed that the price for theservice was as stated in the box-ad, which Ihad been shown by the salesperson and from

which I chose the service.

Only 18 days after the installation of this ridiculous Internet service, the first billarrived. What a surprise. Or perhaps it wasn't a surprise really, knowing Oi.

Description Period VALUE (R$) INTERNETMonthly Charge 01/08 a 31/08 87,74 Discount 1 (16/07-31/10) 01/08 a 31/08 -7,84 Discount 2 (26/03-25/06) 01/08 a 31/08 -17,55 Interruption of service 01/07 a 31/07 -0,08 SUBTOTAL 62,27

CABLE TV SERVICEMonthly Charge 01/08 a 31/08 79,20 Promotional Discount 01/08 a 31/08 -3,24 SUBTOTAL 75,24 TOTAL 137,51

Oi had said that the contract for the cable TV service would terminate automat-ically on 18 August 2015. I have been charged for the whole month of August



http://robmorton.20m.com/internet/images/isp/first-bill-2.png



and it looks as if they haven't terminated it at all. Of course, I expected someadjustment for the use of the old service up until 18 August 2015. Notwith-standing, the charges shown on the bill far exceed the amount of such an ad-justment.

More significantly, however, the new Internet service was sold to me atR$49,90 per month. No mention of any temporariness to this price at the timeof purchase. How do they possibly arrive at the monthly price of R$87,74,which is 76% higher? The creativity of conniving accountants and lawyers, whohave probably placed all kinds of trap clauses in the terms and conditions ofthe contract, which was nowhere available prior to purchase and a copy ofwhich I have so far been unable to obtain.

Looking at the contract number on the bill, I see that it is the same as it wasbefore, namely, 50627284. The original Way TV/Internet contract, which Ientered into on 19 October 2004, was 00627284. It appears that, when Oi tookover W@y, Oi simply changed the first zero into a 5 to distinguish the old W@ycontract numbers from its own contract numbers. It would seem, therefore,that no new contract has been enacted. Consequently, it would appear that, asfar as Oi is concerned, nothing has changed other than to substitute an in-ferior Internet "service" for the good one I had for the past 11 years.

The upshot is that Oi appears to have lied to me at every turn. It is thereforelittle wonder that Oi seems to be enveloped by a swarm of dubious charactersof every kind, who have been pestering me throughout, offering bogus servicecontracts. These third parties attempt to inveigle out of me every kind of per-sonal information, including name, address, postal code, tax number, creditcard and bank account details, purportedly "for reference". Where do thesepeople get the information that I am having a new installation. There is onlyone possible source, namely, Oi.

The Oi Cable Television Service

In the light of all this trouble with the Internet service, I decided not to haveOi's satellite TV service. I cancelled the television element of the Oi contract on27 August 2015. It was a memorable phone call.

The Oi telephone operative said that, because I had exceeded the 18 Augustdeadline, the television service could not now be cancelled until the parabolicdish for the new satellite service had been installed. Why, I ask myself, wouldOi go to the expense of installing a parabolic dish on the roof of my buildingwhen it knew I would cancel the service immediately it was installed? I laterdiscovered that the terms of the new service stated that, once the new satellitesystem was installed, there was a minimum period of 12 months before cancel-lation would be possible. I stated that I had had the contract for 11 years andcould cancel it at any time at a month's notice.

The Oi operative then embarked upon a furore of shouting and railing, sayingthat the service was under a new contract which had a 12 month minimumperiod. When asked the number of the new contract, of which I had no prior





sight or knowledge, the operative replied that it was 21941048. I made an en-quiry via the Oi website, stating that my contract number was 21941048. Oi'sserver replied that no contract existed under that number. I raised my voiceabove the Oi operative's shouting, saying that I was hereby cancelling the Oitelevision service. The Oi operative continued with his shouting and railing. Isimply hung up.

Currently the old cable TV service seems to be continuing - and being chargedfor - as before. Judging from the bill, it would seem that this was set to continueindefinitely.

On 22 October 2015 a woman (purporting to be from Oi) telephoned me askingwhen would be a convenient time to collect the old set-top box [General Instru-ments CFT 2200 + remote controller] and the old modem [Motorola SurfboardSB5101 + power unit]. I told her tomorrow morning would be fine. She said atechnician would collect these items between 08:30 and 12:30 on Friday 23 Oc-tober 2015. No protocol number was given for the collection. I gathered theitems and put them together on the table ready for collection. The techniciannever showed up. As of 05 June 2017, Oi has never collected the old devices.

Up to October 2015, the television service was still being delivered via thecoaxial cable, although the cable Internet service signals had long since disap-peared. It is two months and 6 days after Oi said the cable service would beterminated. My bill from Oi, issued on 03 October 2015, charged for televisionservice for the entire month of October. Perhaps the technician had reason notto show up. If he had then taken the equipment on Friday 23 October 2015, thecharges on the bill for the rest of October could not be justified because,without the set-top box, I would not be physically able to receive the Oi cabletelevision service. Oi gave no Número de Protocolo for my cancellation call of27 August 2015. Consequently, there is no official Oi record that my call hadtaken place. However, the charges for the whole of the month of October arevisibly recorded on my bill, which is in my possession and is irrefutable.

In the evening of Sunday 01 November 2015 at about 20:50 hrs, I switched onthe television to see if the Oi cable TV service was still there. It was, butwithout all the subscription channels. Only the free channels were available,which are available anyway from the terrestrial antenna. However, at 22:15hrs, the programme disappeared and was replaced by a message saying thatmy decoder had been deactivated. I shall wait and see whether or not thecharges reflect the cessation of service at this date and time.

Oi: Evaluation

Having completed all this work to effect the change over to their new service,where am I now? I am still able to view Web pages, although I don't do muchWeb-browsing. I could view Web-based videos but this is not something that in-terests me. I am still able to send and receive emails through my email client. Iam still able to maintain my hosted website via passive FTP. I am able to main-tain my cloud storage. But not much else.





My LAN is still completely firewalled against incoming requests. Consequently,as of a few hours after the old W@y Internet service ceased, my articles andessays are no longer available to my friends, colleagues - and other interestedpeople around the world - even though this activity generates no more than 5megabytes or so per day of Internet traffic from my computer. Oi has thus shutme down, shut me up and gagged me!

The up and down velocities of the new Oi service are exactly the same as theold discontinued W@y Internet service, except that the latter was completelyopen. If Oi is worried about too much traffic being generated by my servers, itstechnicians can always use throttle-back routines to slow it down, should itveer over the prescribed limit. The old W@y Internet service did exactly this.Another way an ISP could achieve the same thing is to impose a (hopefullyreasonable) monthly data transfer quota of so many gigabytes (GB).

Please note that 5 megabytes (5242880 bits) per day, which my serv-ers generate on average, is equivalent to a constant upload speed ofjust over 60 bits per second, which is 1/8640th of the maximum per-mitted upload speed. So Oi has no reason to block my ports on thatbasis.

Before the event of purchase, Oi lied to me each time when I asked repeatedlyfor verification that the incoming ports I required would be open to my com-puter. Immediately after installation, I tested the ports in two ways.

1. I used a remote port testing site, which saw all the required ports as open.

2. I ran the relevant programs, which both saw all the required ports as open.

The installation technician asked me if the service was functioning as I wantedit. I answered that it was, and signed his form to this effect. Less than 5minutes after the technician left, the ports closed. And they remainedclosed.

The situation I am now in is like subscribing to a telephone service throughwhich I can make out-going calls to other people but can never receive callsfrom anybody. All the other subscribers are in the same situation. Con-sequently, the only way they can communicate with each other is by leavingrecorded messages at a central voice mail facility, run by the service provider,where they could be potentially scrutinized. To receive messages, each sub-scriber must periodically ring in to his voice mail box. Subscribers are unableever to engage in direct person-to-person calls.

By blocking listening ports contrary to a customer's wishes, Oi too is violatingthe Suggested Practices of the Broadband Internet Technical AdvisoryGroup, the emboldened heading statements of which are repeated below.

• ISPs should avoid port blocking unless they have no reasonable alternat-ives available for preventing unwanted traffic and protecting users.





• ISPs that can reasonably provide to their users opt-out provisions or ex-ceptions to their port blocking policies should do so.

• ISPs should publicly disclose their port blocking policies. • ISPs should make communications channels available for feedback about

port blocking policies. • ISPs should revisit their port blocking policies on a regular basis and reas-

sess whether the threats that required the port blocking rules continue tobe relevant.

• Port blocking (or firewall) rules of consumers’ devices should be user-con-figurable.

I cannot find any reference to ports (portas in Portuguese) in any of the follow-ing documents (at least, this is the case at the time of writing):

• Sumario Oferta Banda Larga Alta Densidade R1 • Regulamento Ofertas Banda Larga Da Oi–Regiões De Alta Densidade • Contrato De Adesão À Banda Larga Da Oi Categoria Residencial

Consequently, since the original W@y service, which Oi had taken over, hadports open, I think it reasonable that I should assume that the replacement ser-vice should also have ports open. But clearly this is not the case. It would seemtherefore, at least to me, that the closing of all ports is a covert action, whichOi has taken unilaterally.

Sadly, because of the terms of the Oi contract, I will be imprisoned in this situ-ation for a full 12 months. What Oi is offering is not really an Internet service: itis, for the most part, merely a Web access service. So it's function is misstated.Notwithstanding, it would appear that, for Internet services, I have run out ofchoices. There are only 3 possible ISPs who can provide a service to mypremises. Two of them block all incoming request packets, which leaves onlyone more, which I shall come to later.

Appeal to Anatel

I found it impossible to break or circumvent Oi's impervious wall of ignoranceand lies. The lies, of course are understandable. Oi is a commercial corporation.I do, however, find Oi's apparent technical ignorance more difficult to swallow.It is inconceivable to me that a nation-wide telecommunications company likeOi could contain nobody who understood what closed listening ports were. Afterall, Oi must have deliberately and specifically closed them. It cannot have beenthe work of anybody else. I must conclude, therefore, that the technical ignor-ance exhibited by Oi must be feigned ignorance. In other words, it's yet an-other lie.

This raises the question of what Oi's motive could be feigning technical ignor-ance about closed listening ports. That it is their full intention to block mylistening ports is well evinced by the fact that, by apparently modifying theDSL-2500E modem's normal firmware, Oi has denied me access to the specificparts of the modem's configuration facility necessary for liberating the listeningports.



http://www.oi.com.br/ArquivosEstaticos/oi/docs/pdf/oivelox_regs/contrato-de-adesao-banda-larga-da-oi-residencial-r1-b2c.pdf

http://www.oi.com.br/ArquivosEstaticos/oi/docs/pdf/oivelox_regs/Regulamento_Banda_Larga_Alta_Densidade_R1.pdf

http://oi.com.br/ArquivosEstaticos/oi/docs/pdf/oivelox_regs/sumario_oferta_bl_alta_densidade_r1.pdf



I therefore had to find another avenue through which to try to resolve my prob-lem of blocked listening ports.

Scouring the Web, I quickly discovered that others have this same problem withOi's violation of the Suggested Practices of the Broadband Internet Tech-nical Advisory Group by blocking listening ports contrary to users' wishes.Registering a complaint here may help a little but I doubt very much whether itwill resolve the problem. I needed to make my complaint official.

The official place to complain about ISP services in Brazil is the "AgênciaNacional de Telecomunicações" (Anatel). This is the Brazilian government'sCommunications Regulator, which is the counterpart of the Federal Communic-ations Commission (FCC) in the United States and the Office of Telecommunica-tions (Oftel) in the United Kingdom. To register a complaint with Anatel, it is ne-cessary to fill in the fields of Anatel's Web-based compaints form. At the end ofthe form an option is provided for attaching a PDF document. I therefore de-cided to prepare my case off-line as a PDF file ready to attach when I registeredmy complaint on-line.

I prepared my complaint, which is a précis of selected parts of this essay, andsubmitted it to Anatel on 26 August 2015.

Technician's Visit

The response was very fast. At 18:17 hrs. on 27 August 2015, Oi rang from 02132651100 (Rio de Janeiro) giving Protocol 20151126739278. The woman wasvery polite, saying that Anatel had contacted Oi about my closed ports, thatthis situation was not just and that it was an oversight on the part of Oi. Sheasked for a time and date for a technician to come and rectify the problem. I ar-ranged for the technician to come between 08:00 and 12:00 hrs. on the follow-ing day (28 August 2015) to re-configure the modem so that the necessary in-coming (listening) ports would be open.

The Oi technician arrived at 08:15 and left at 10:15 hrs. on Friday 28 August2015. He resolved nothing. In fact, he left me without access to the Internet atall. Fortunately, I was able to regain the same limited service I had before hecame by unplugging the modem from its power supply and re-connecting itspower supply a couple of minutes later. I have had to go through this procedureseveral times during the time since the new service was installed at 11:15 hrs.on Tuesday 18 August 2015 [10 days before].

I first demonstrated for the technician the settings of the two radio buttons onthe modem's DEFAULT ACTION STATUS screen as shown below.

Outgoing Default Ac-tion:

◉ Per-mit

◌ Deny

Incoming Default Ac-tion:

◌ Per-mit

◉ Deny



http://robmorton.20m.com/internet/images/isp/anatel-reportagem.pdf

https://sistemas.anatel.gov.br/sis/cadastrosimplificado/pages/acesso/login.xhtml?i=0&codSistema=649

http://www.reclameaqui.com.br/10745583/velox-telemar/provedor-oi-velox-com-portas-fechadas/



I told him that I did not have the necessary level of access to the modem's con-figuration facility to change this setting to set the "Incoming Default Action" to"Permit".

I also showed him the Internet Configurationpage as shown on the right. Please click onimage for an enlarged view. This shows theNAPT (Network Address & Port Translation)disabled. Again, I told him that I did nothave the necessary level of access to themodem's configuration facility to changethis setting either. Consequently, my serverscould not receive unsolicited incoming re-quest packets from people wanting tosearch or download my essays. This was allapparently new to him. He made a long tele-phone call (presumably to his superior)about what I had told him. The technicianreset the modem's configuration using atooth-pick. He connected my computer dir-ectly to the modem (bypassing my router).

He could access nothing. This is because my computer has a fixed IP on theLAN, which the modem would not accept. He messed about with my computertrying to access the Internet through the Firefox browser. He could access noth-ing. My computer clearly was unable to find a DNS. He then got his laptop fromhis van and plugged it into the modem. He managed to access his employer'swebsite. Obviously, his laptop was set to auto-discovery mode for DNS. He ap-peared to use this website to conduct a diagnostic test on the modem. He saidthat the modem was faulty. He installed another modem. He tested it with hislaptop and managed to accesses a website to test the download speed. He saidthat the download speed was above the 2 Mbps contracted and that, as far ashe was concerned, the service was working and that the problem was with mycomputers and router. He said there was nothing else that he could do, or wasobliged to do. Having spent two hours messing about, he left having achievednothing.

He repeatedly emphasised that opening and closing ports was entirely to dowith my router, which was outside his jurisdiction. He clearly knew practicallynothing about configuring the gateway within the modem or even what portswere. I was back where I started. My appeal to Anatel had achieved noth-ing. It seems that this technically simple problem is commercially unresolvable.

Subsequent Connection Problems

Ever since the beginning, on 17 August 2015, this service had been problem-atic. It would frequently refuse to access the Internet for long periods. The onlyway to get it to work was to switch off the modem, wait a few minutes thenswitch it on again. This had to be done repeatedly until it worked. During 02




http://robmorton.20m.com/internet/images/isp/WAN-Internet-config.png


September 2015, after only 16 days of so-called "use" of the service, it becameever more difficult to access the Internet. Finally, at about 22:00 hrs. it becameimpossible to access anything at all. The service had been effectively locked. Icontinued trying the next morning all to no avail. I had tried everything: un-plugging all the cables and re-connecting them, connecting my computer dir-ectly to the modem thus bypassing my router, changing my computer's net-work configuration from fixed LAN addresses to DHCP automatic discovery.Nothing worked.

Finally I called the Oi help line on telephone number 103-31. I made the firstcall before 07:30 hrs. on 03 September 2015, Protocolo 201511298819497. Theperson attending could not resolve the problem. She said she would pass mycall to another technician. I was kept hanging on the line for over 20 minutes. Ihung up (terminated the call). I called the same number 103-31 again at 07:55hrs., Protocolo 2015 1129826694. The person attending this time seemed moreknowledgeable. She asked me to access the modem configuration wizard at IPaddress 192.168.1.1/ wizardoi and to enter usuário [user name] oi@oi andsenha [password] oioi. The modem went through an automatic configurationprocess to open my Oi Internet service account. I was then able to access webpages. I reconnected my computer through the router and re-tested. Thus, at08:25 hrs. when the telephone call to Oi terminated, the computers could onceagain access web pages on the outside Internet.

From this it would seem that, although I have been billed for this service from17 August 2015, my Oi Internet connection was only registered at 08:25 on 03September 2015. Of course, all ports are still closed to all unsolicited incom-ing IP packets, which renders the service of little practical use to me.

After 24 days of this ordeal, I am tired and stressed. I must now embark on aphase of recognition and acceptance that for me a complete basic Internet ser-vice is unobtainable in Brazil. I will have to get used to the idea that I will nowhave to pass my essays to somebody in a free country to serve onto the Inter-net for me.

The Old and The New

Oi has replaced a service, provided through what it describes as antiquatedtechnology (RF cable), by a "better" service provided through new "more ad-vanced" technology (ADSL). Below is a side-by-side comparison of the old W@yInternet cable service with the new Oi ADSL service.

W@y Internet Oi Internet NET Link RF Coax ADSL RF Coax

ModemMotorolaSB5101

D-Link DSL-2500E

RCA DHG534B

Speed: incom-ing

2 Mbps 2 Mbps 15 Mbps

outgoing 512 kbps 512 kbps 2 Mbps





IP Address Fixed Dynamic Dynamic

Ports†UNRESTRIC-

TEDALL BLOCKED ALL BLOCKED

Price‡ Quoted R$----.---- R$49.90 R$89.90 Price‡ Charged R$87.74 R$87.74 R$----.----

Price‡ Dis-counted

R$62.30 R$62.27 R$----.----

Length of Ser-vice

11 years "18" Days 1 Day

Quality of Ser-vice

No complaints Problematic*Failed Ports

Tests

† for the reception of unsolicited incoming IP packets ‡ actual monthly subscription charges for the service *Frequent authentication failures which are difficult and time-consuming to resolve, plus complete service failure every time it rains.

The price quoted for the old W@y Internet service is no longer meaningful be-cause it was quoted 11 years ago. The discounted price is the amount actuallycharged. It seems to be arrived at through a battery of incomprehensible dis-counts. Notwithstanding, the discounted price of the current Oi service is al-most 25% higher than the price that was quoted to me at the time of thechangeover. Thus I am now paying essentially the same price for a vastly in-ferior service. The length of service shown for the new service is 18 days sinceinstallation at the time of writing. However, I don't think it is entirely correct tocall it length of service.

It is well evident from the above table that the NET service, although it toofailed the open ports test, was by far the better offer. Oi succeeded in gettingmy business for its "service" by lying about the ports being open. Now I amstuck with it. I suppose it is my fault for expecting honesty from salespeople.

To me, W@y Internet seemed to be a proper ISP with in-house technicians andadministrators who provided a proper service. My distinct and reluctant impres-sion of Oi (and equally, of NET) is that they are just a bunch of accountants whoout-source practically all aspects of their operation to dubious one-man-and-his-dog outfits who exhibit the barest smattering of technical knowledge. Thisis evinced by the fact that, try as I might over the course of 10 whole days, Icould not get to speak to anybody, within this entire enormous company, thathad any knowledge above that of drilling holes in walls and plugging cablesinto modems. Let the inward investor beware!

A Partial Solution

After a little break doing other things, I decided to have one last try at openingmy listening ports. By means of a tooth pick, I physically reset the modem backto its factory defaults. Of course, in this state, the Oi service refused to connect





me to the Internet. I had to re-register my connection using the Oi Wizard,which was part of Oi's modified version of the modem's firmware. I re-re-gistered and was, once again, able to access the Internet with closed listeningports.

I had previously tried to reproduce Oi's WAN-side PPPoE settings except withthe NAPT facility disabled. The Oi service would simply not accept this. I had nooption but to live with the modem's NAPT enabled as per the standard Oi con-figuration. This left me with two NAPT gateways (one in the Oi modem and onein my router) operating in series, a situation which is definitely not recommen-ded.

I had to consider carefully how my servers, running within my computer (PC1)appeared from the point of view of each of these two NAPT gateways. I had tostart with my servers, as shown on the light cyan coloured background in thefollowing diagram, and work backwards towards my Internet connection.

The first part was easy. It was as it had always been. My router perceived myservers to be running inside PC1 (at address 192.168.2.100). I checked therouter's NAPT forwarding entries. All were in order. The question now was,where does the NAPT gateway in the modem perceive my servers to be loc-ated? Does it see them as being in my computer (192.168.2.100) or does it seethem as effectively running inside my router (192.168.1.2)?

Then I realised that the modem's NAPT gateway cannot see the addresses ofdevices on the Inner LAN because the router's NAPT translates to them from itsown WAN-ward address (192.168.1.2). Thus, from the point of view of the mo-dem's NAPT, my servers are programs running inside my router. That's prob-ably why they are called virtual servers.





I therefore, once again, opened the mo-dem's browser-based configuration facilityand set up my virtual servers as running onmy router (at Outer LAN address192.168.1.2). The entries I put in the mo-dem's Virtual Server Forwarding Table areshown on the left. Please click the image fora larger view. Note that the ports are forwar-ded to my TP-Link TL-WR741N router (at192.168.1.2 on the Outer LAN) and not tomy computer PC1 (at 192.168.2.100 on In-ner LAN).

I then shut everything down, waited a few minutes, and then poweredeverything up again from a cold start. I went and did something else for half anhour while the modem synchronized itself with the Oi service. I returned to mycomputer and started aMule. I went away and came back 10 minutes later. Ihad green indicators. This meant that aMule's listening ports were open. It wasno longer firewalled. I started Gtk-gnutella. After a few minutes it was indicat-ing open listening ports. So, at 12:34 on 6 October 2015, after being "off theair" for 50 days, my essays and articles were once again available through theeDonkey, Kademlia, gnutella and G2 networks.

Next, I started my FTP and Web servers. I then used the canyouseeme.org portchecker to look for my services on Port 21 and Port 80. They were not there.These ports were being blocked at some point beyond the WAN-ward side ofthe modem. They were probably blocked at the ISP's distribution router's gate-way. This suggests to me that the original table showing the ports blocked byOi for its residential and commercial accounts respectively, is probably correct.Perhaps, if I were to change to a commercial account, even though I am retiredand on a very small pension, then my HTTP (Web), FTP and SMTP ports wouldbe open.

The fact that the Simple Mail Transfer Protocol (SMTP) Port 25 is closed is ratherdisappointing for the following reason. Microsoft has - for no good reason - de-cided to block my emails from its network. Consequently, people with Hotmailaccounts, with whom I have been corresponding for decades, can no longer re-ceive my emails. Google's Gmail has also made things difficult by presuming toprohibit mail attachments with certain kinds of content, which my colleaguesand I need to exchange. Our solution was going to be to set up mail servers inour own computers, which we proposed to leave running permanently. Withcertain ISPs (including Oi) blocking Port 25, this will no longer be an option forus. It gives us the feeling that certain corporate entities are trying to squeezeus out of existence.

Thus, I have now arrived at the situation, as illustrated below, which I expectedwhen I decided to take on Oi's replacement to the W@y Internet service. It isn'tideal. It isn't what W@y provided. But it will have to suffice for the time being.




http://robmorton.20m.com/internet/images/isp/NAT-forwarding2.png


W@y Oi1 Oi2 Application Pass Pass Pass client HTTP access via Web browser Pass Pass Pass client SMTP/POP3 Email access via Thunderbird Pass Pass Pass client FTP access to my hosted web space Pass Fail Pass High ID access to eDonkey/Kademlia Pass Fail Pass High ID access to Gnutella/G2 Pass Fail Fail FTP server Pass Fail Fail HTTP server

Notwithstanding, getting this far has cost me 50 days of lost serving time. Ithas also cost me around 35 days of personal effort in learning about the D-LinkDSL-2500E modem and the particular difficulties encountered in setting up twoNAPT gateways to operate in series. All this work, Oi, in effect externalized ontomy shoulders. It would have taken a matter of minutes for an Oi technician,with day-to-day familiarity of this modem, to quickly set up the virtual serverports for me, or at least give me a few words of orientation as to how I shouldgo about doing it myself. But neither the Oi technician nor his supervisorswould do that. Neither would anybody I attempted to talk to on the Oi help line.In fact, in this whole matter, Oi appeared to me to exhibit a distinct attitude ofnon-cooperation. For some reason, although Oi has no legitimate basis for stop-ping me from opening my ports, they didn't seem to want me to have openports. Why?

Here Come The Rains

During the early hours of Tuesday, 17 November 2015, the first major rain ofthe season fell and continued most of the following day. As usual during heavyrain, the telephone line failed - obviously due to water getting into the ageingcable or the concentrator box on the street post about 500 metres from mybuilding. Again as usual, I had to ask a relative to call Oi to report the fault. Thefollowing day, 18 November 2015, my relative called my cell phone asking ifthe normal phone line were working now. I checked the phone. It was workingfine.

Shortly afterwards, at 12:40 hrs. a person purporting to be from Oi called mycell phone. The caller's number was 346, which, being so short, I would thinkcould only be a special number used by the telephone company. The caller saidhe needed my help to do some tests on the line. He asked me to disconnectOi's ADSL modem from the telephone line and remove the ADSL filter from thetelephone so that the telephone was connected directly to the line without anADSL filter. This I did. I thought he probably wanted to conduct an insulationresistance test on the line. However, he immediately asked me to pick up thephone and test to see if it was working. I did so. I could obtain a dial tone. Thephone was working.

The caller then told me that the cause of the problem was a faulty ADSL filterat my premises. I could use the phone without the Internet or use the Internet





without the phone. To use both I would have to replace the faulty filter. He saidthat I would have to buy the new filter since the replacement of filters was thecustomer's responsibility. He then said he could recommend an InformationTechnology company to come and replace the filter for me. At my expense, ofcourse. I refused the recommendation, saying I would buy a new filter from asource I knew. I reconnected the filter back into my telephone's signal cord sothat the phone and the modem were as they had been before. The Internet stillworked. The phone still worked.

I had smelt a rat immediately this Oi technician started talking. The filters weresupplied by Oi as part of the service rental, and are therefore legally Oi's re-sponsibility. They had done only just over 2 months of service. They are com-pletely passive components and therefore are not much more likely to gowrong than would a piece of wire. What the Oi technician had told me was com-plete bullshit. I suspect that the Information Technology company he recom-mended was his own little "business on the side" and that all this was aboutmaking himself some extra money by lying about the cause of the line failure.

On 20 November 2015 we had another rain storm. And, true to form, at 16:50hrs. both the phone and the Internet went dead. Just the same old cracklingline. I contacted my relative again by cell phone (second time in 4 days) to re-port the service outage. I wonder what cock and bull reason they will try tofoist upon me this time. They will probably say a lightening strike to the lineburned out my modem and I'll have to buy another one, even though it is Oi'smodem supplied as part of the service rental. That won't wash with me though.I always, without fail, disconnect both modem and phone from the line at thefirst rumble of thunder. The phone and Internet came on again at 08:00 hrs 21November 2015, Although I have very grave doubts that it was due to any re-pairs Oi may or may not have carried out. I think that the restoration of the ser-vice was entirely due to the cable and the concentrator box drying out on theirown.

The post shown in the photograph on the right isfor power and signal services entering the buildingin which my apartment is located. The 40-pairtelephone cable, as far as I can make out, entersthrough the open-ended vertical plastic pipe onthe left of the post. Looking at the enlarged ver-sion of the picture, it is possible to see that it isthe cable forming the coil on the right of the post.It is easy to see how water from heavy rain coulddrain down the cable into the vertical open end ofthe plastic pipe. This cable is pieced into a largercable somewhere in between two street posts.




http://robmorton.20m.com/internet/images/isp/phone-wires-predio.png


This cable, along with a large number of others, isstrung along the street posts for two blocks to thepost shown in the photograph on the left, which islocated at a cross-roads. As can be seen, a verit-able rat's nest of power and signal cables cross,turn and go their separate ways at this post.Throughout this route, many spurious open-endedwires and flexes hang right down to the pavement.They appear to be discarded without being takenaway. These could be remains of attempts to pieceinto a television or Internet signal cable to get freeaccess at the expense of a legitimate customer,thereby stealing some of his bandwidth. It is whatthe locals call a "gato" (cat). The cable carryingmy telephone pair now makes a right turn.

It then continues for a further 3 blocks to the boxcontaining the local concentrator and distributionequipment, which is shown attached to the post inthe adjacent photograph. The cable has thuscovered about 500 metres from my building to thissomewhat dilapidated looking steel box. Pleaseclick on the photograph for a larger scale view. No-tice that the weather protection sleeving has comeadrift from the bottom of the smaller box on theleft of the post. Rain water can drain down the ex-posed cables into the sleeving and thereby poten-tially cause problems. The major culprit, for the re-curring interruptions in service I have suffered, ishowever, in my opinion, the age and bad conditionof the 500 metres of cable between this box andmy apartment building.

I remember when, during the rains of 2013/14, my telephone eventually failedcompletely as usual. I asked my relative to call Oi. An Oi technician came andasked for access to the telephone wire distribution box down in the garage. Hewas an older man, probably approaching retirement. I watched him make histests. He said that he had to search for a good wire-pair. He said the cable con-necting the distribution box in the garage with the concentrator in the otherstreet contained 40 pairs of telephone wires. But the cable was very old. Overthe years, the cable swaying in the wind gradually fatigues the thin steel wires.Eventually breaks occur. One knows not where. Consequently, pair after pairbecomes useless. An intact spare pair has to be found each time a pair be-comes too fragmented. He eventually found a good pair and with it restored mytelephone service.

On Saturday 16 January 2016, I had to ask my relative again to call Oi becausethe telephone line had failed completely. A younger man came this time. Hesaid that the number of intact wire-pairs in the cable had become very few. So




http://robmorton.20m.com/internet/images/isp/rats-nest.jpg

http://robmorton.20m.com/internet/images/isp/post-gorceix.jpg


much so that there was no longer enough wire-pairs for everybody. Manypeople were dispensing with their fixed telephone lines, opting to use only theircell phones. Thus the demand was dropping. However, many people used thetelephone line also for ADSL Internet service. He said this scarcity had caused awar between the various telephone service companies. The result was thatwhen one company's client in the apartment building reported a faulty line, itstechnician would rob a wire-pair from another company's client. Then the othercompany's client would report a fault, and so on... It was still raining and thisman went away unable to resolve the problem.

At about 22:00 hrs that night, I received a call on my cell phone from a numberin São Paulo. It was an Oi operative responding to my relative's call that mytelephone and Internet services were not working. I told him it was a cableproblem, which occurred every time it rained, so it was obviously somethingthat could not be resolved over the phone in my apartment. Despite this, heasked me to take the low-pass filter out of my telephone cord and reconnect.He tried to call my fixed phone. Nothing happened. I reconnected the filter. Hethen asked me to try the Internet. The rain had by then lightened a little andthe ADSL service had started to work intermittently. He made tests remotelyand said it appeared that the problem was because my modem was not con-figured properly. This was ridiculous. How could its configuration change all byitself? It was clearly because the service kept dropping in and out as indicatedby the Internet LED on the modem flipping between green and red.

He asked me to connect my modem directly to my computer without my routerin between. I did so, knowing full well that what he was trying to do would notwork. And naturally, the modem did not recognize the LAN fixed IP address ofmy computer so I could not even get through to the modem's configurationweb interface. I decided to ignore what he had asked me to do and reconnec-ted my router. I could then access the modem's web interface without anytrouble. He then asked me to access the modem's Oi-wizard, which would auto-matically reconfigure the modem. I went through the pointless process of re-configuring the modem, after which I was able to access the Oi website. He ter-minated the call after having "resolved" my problem. Within 10 minutes it star-ted raining hard again and both the telephone and the Internet failed com-pletely again. Hey-ho!

I'd had enough that night, so decided to leave it until the next day (Sunday) toask my relative to call Oi again. He made an appointment for a technician tocome again on Monday 18 January 2016. At 11:50 hrs that morning a youngman called Tiago arrived. He must have been over 2 metres tall. He seemedfrustrated by the number of faulty wire-pairs. I asked him if it wasn't time thecompany replaced this ageing cable. He said he thought Oi hadn't enoughmoney to do that. My cynical thought was that they may not have enoughmoney to replace the cable but they certainly had enough to give a good returnto their share holders. Tiago then embarked on a series of trips back and forthbetween my building and the street box 500 metres away in another street. Hepersevered with this until he found a sound pair of wires for my telephone con-





nection. He left me with a good line. The telephone and Internet both workedfine.

At 15:40 hrs I received a phone call on my fixed phone from 062 3240 3399. Itwas an automated call which asked me to press "1" if my telephone was work-ing properly now. I pressed "1". Tiago's work was well tested that night throughprolonged heavy rain. The connection remained solid, which I expect it will dountil that wire-pair also breaks. The following is a diary of service failures,which correspond exactly with the local rainfall.

Phone Internet Failed Restored Downtime Failed OK† 17NOV2015 05:22 18NOV2015 12:00 30:38 hrs Failed Failed 20NOV2015 16:50 21NOV2015 08:00 15:10 Failed Failed 29NOV2015 16:15 30NOV2015 06:30 14:15 Failed OK† 02DEC2015 20:00 02DEC2015 21:30 01:30 Failed Failed 07DEC2015 00:20 07DEC2015 05:30 05:10 Failed Failed 08DEC2015 00:45 08DEC2015 07:30 06:45 Failed Failed 18DEC2015 16:50 18DEC2015 17:05 00:15 Failed OK† 30DEC2015 17:45 31DEC2015 00:00 06:45 Failed Failed 12JAN2016 20:00 13JAN2016 07:15 11:15 Failed Failed 15JAN2016 03:10 15JAN2016 13:50 10:40 Failed Failed 15JAN2016 14:15 16JAN2016 21:45 31:30 Failed Failed 16JAN2016 22:15 18JAN2016 13:30 39:15 Failed Failed 08APR2016 11:00 09APR2016 18:30 31:30 Failed Failed 24JUN2016 06:30 25JUN2016 15:00 20:30‡ Failed Failed 30JUN2016 06:00 01JUL2016 15:30 20:30‡ Failed OK† 23NOV2016 16:00 25NOV2016 15:30 41:00 Failed OK† 24MAY2019 19:00 27MAY2019 16:40 69:40Failed OK† 12JULY2019 19:00 16JULY2019 11:30 88:30

† If there is an intermittent break in the phone cable, the phone will go deadwhen it gaps. However, if the gap is small, there could be sufficient capacitivecoupling across the break for the much higher frequencies of the DSL signal topass. I know when a failure occurs in the early hours because the telephonedings intermittently and wakes me up.

‡ I have heard it said that the reason for these outages was that, due to theeconomic crisis in Brazil at the time, thieves cut lengths of cable from thestreet distribution poles to sell on the black market.

As Best As Can Be Expected

On 26 November 2015 I received my monthly telephone bill from Oi coveringthe services purportedly rendered during the month of November.





At this point, I need to clarify the arrangement of the billing for thethree services previously rendered to me by Oi. These are:

1. conventional fixed (wired) telephone service 2. cable television service 3. Internet service

From antiquity (long before 2004) I have had a conventional fixed(wired) telephone service. This was originally supplied to me by Tele-mar, which, somewhere along the way, became Oi. This was, until theend of October 2015, always billed completely separately from anyother Oi service.

From 18 October 2004, I contracted a combined cable television andInternet service from W@y TV. Obviously, this was billed to me byW@y TV and was nothing to do with Oi. Sometime, during the inter-vening decade, W@y TV was taken over by Oi. From that time, Oibilled me for the cable television and Internet service previouslyrendered by W@y TV.

Consequently, I received two bills from Oi every month:

1. for my fixed telephone service 2. for the combined cable television and Internet services.

So, on 26 November 2015 I received my November telephone bill from Oi. How-ever, as well as the charges for my November telephone usage, the bill con-tained also a charge of R$49.89 for the Oi Velox Internet service. Gosh! Onewhole centavo cheaper than advertised! Like all commercial bills nowadays,this telephone bill is presented in a form that is essentially incomprehensible.Only by spending time analysing and comparing items was I able to constructthe cogent representation of the information within it, which is shown below.

Phone Assinatura Plano Franquia LDN 16.03Oi Fixo Sem Limites 14.94Franq. 30 min - Qualquer Móvel 13.78Assinatura sem Franquia Oi Fixo 20.99Pacote Fale Digital 4.26Phone Subtotal ............................. 70.00

Internet Velox 2Mbps 34.99Antivirus+Backup+Educa 14.90Downtime -1.19Internet Subtotal .......................... 48.70

Charity Contribution 20.00Total Payable ................................................ 138.70





This month's account is correct. The only serious overcharge has been the factthat, from 18 August to 31 October 2015 (a period of 75 days) I was charged adiscounted price of R$62.35 (full price R$87.74) for the inferior Internet serviceinstead of its proper price of R$49.89. This works out to a total overcharge ofR$31.15.

A more significant frustration is that I will be charged, from now onwards,R$14.90 per month for the use of Antivirus software, a cloud Backup serviceand some obscure thing called Educa, all of which only function on computersrunning Microsoft Windows. Since all my computers run Linux, I have no meansof using them. Thus I am forced to pay, month by month, for three services Icannot possibly use and which I do not want or need.

As advertised, Oi affirmed that the Internet service it was offering was compat-ible with Linux. This is not unreasonable since an Internet connection has noth-ing to do with the proprietary specifics of an operating system. Besides, thewhole Internet is based on Unix, of which Linux - unlike Microsoft Windows - is acompletely compatible derivative. Since Oi affirmed that its service was com-patible with Linux, Oi is obliged to ensure that all components of that serviceare Linux compatible. But unfortunately, like Microsoft, Oi is effectively behav-ing like a sovereign state by charging what is cynically referred to as a Win-dows Tax.

The notion of the Windows Tax stems from the fact that it is generallyimpossible to buy a computer from a "legitimate" source without ithaving been pre-loaded with Microsoft Windows, which, of course, isfully charged for in the price of the computer.

This effectively elevates Microsoft from being a mere commercial cor-poration to become a sovereign state with the power to charge asales tax on other people's products. There is (purportedly) a proced-ure for recovering the Windows Tax from Microsoft. However the reim-bursement is small and obstructively difficult to obtain.

I cringe to think of how many computers I have bought over the pastcouple of decades for which I have had to pay for Microsoft Windowsonly to immediately wipe it from the hard drive and install another op-erating system. For this reason, I have adopted a policy of buying mycomputers in component form from what are thought of as "illicit"sources.

Gross Overcharging by Oi

Oi sent me a letter stating clearly that Oi's old cable services would cease on18 August 2015. By ceasing to provide the service on 18 August 2015, Oithereby factually terminated the contract on 18 August 2015. Consequently,without any further action by me, my contract with Oi terminated on 18 August2015. Oi's statement that the service would terminate on 18 August 2015 isdefinitive. Whether or not Oi engineers happen to leave TV and Internet signals






on the cable or fail to collect the decoder and modem from my premises after18 August 2015 is immaterial to the fact that the contract was terminated on18 August 2015 in accordance with their written intimation.

Notwithstanding, events show that, because I did not actively cancel the ser-vice, Oi continued to charge me under the terminated contract for the nolonger existing service, which it would apparently do unless or until I took delib-erate action to cancel this no longer existing service via Anatel. My reasonableunderstanding from Oi's letter had been that, in the absence of any action onmy part, Oi would automatically substitute a replacement service on or before18 August 2015 under the same contract, which they did not do. I had to re-quest Oi's replacement ADSL service, which was "installed" on 18 August 2015.As a result, from 18 August 2015, Oi began charging me for two parallel Inter-net services, only one of which was actually usable.

The change in my Internet service, from cable to ADSL, was forced upon me byOi, solely for Oi's own benefit and convenience because Oi no longer wanted toprovide the old service Oi had bought from W@y TV. Notwithstanding, Oi over-charged me a total of R$332.84 in the process of this changeover to the inferiorservice. I desperately wanted to continue with the old superior service. Further-more, I now have to pay an on-going charge of R$14.90 a month for separatelycharged additional services which I do not want or need and which I cannotpossibly use anyway because these services are totally incompatible with mystandard Linux operating system.

The charges made to me by Oi for the period of the change-over are shown inthe following table. Over-charges are shown in red.

PERIOD† CABLE iNET CABLE TV ADSL iNET July R$62.30 R$75.24August R$62.27(i) R$75.24(ii) R$19.94(iii) (vi) September R$62.35 R$75.24(iv) R$49.89 (vi) October R$62.35(v) R$75.24(iv) R$49.89 (vi) November R$49.89 (vi) ------------------------------------------------------------------------------Overcharge R$150.81 R$182.03 R$14.90/month

† Month in which the service charged for was actually or supposedly rendered.

i. Overcharged by R$26.11. Charge should have been R$36.16. ii. Overcharged by R$31.55. Charge should have been R$43.69

because Oi stated that the service terminated on 18 August 2015. iii.Included with the September period: R$19.94 + R$49.89 = R$69.83. iv.Wrongly charged: I cancelled my transfer to satellite TV service on

27 August 2015 because of the problems with the Internet service. v. NOTE: Internet signal not present on coax from 18 September 2015;

TV signal not present on coax from 01 November 2015. vi.Includes overcharge of R$14.90 per month for services I cannot use.



http://robmorton.20m.com/internet/images/isp/201511ADSLanon.png

http://robmorton.20m.com/internet/images/isp/201510anon.png



http://robmorton.20m.com/internet/images/isp/201507COAXanon.png



And, of course, like NET, Oi threatens to place my name on “bad debtors” listsif I refuse to pay. So having been overcharged R$309.18 by NET plus R$332.84+ R$14.90 per month by Oi, direct personal experience has taught me that Imust resign myself to the fact that it is necessary for me to accept, and makereservation for, what I call a built-in corruption overhead when dealing with In-ternet service providers.

14 February 2016: I entered my final appeal to Anatel regarding the overchar-ging during the transition and the on-going charging for additional services I donot want, do not need and cannot use.

17/02/2016: 09:40 Sergio of Oi phoned. Asked for the amounts of the invoicesovercharged. Said Oi would resolve the problem within 72 hours.

19/02/2016 16:25 Alessandro of Oi phoned. Said the reibursements would becredited on future bills. Mentioned R$44.76 but I did not understand how thisrelated.

26 February 2016 I received my telephone bill from Oi relating to the servicesrendered during February 2016. The total amount to pay was R$44.76. Now Iunderstood what Alessandro of Oi was saying. This bill had been reduced byR$48.28, the amount of the Internet service, which meant that I had been ef-fectively credited with twice that amount, namely R$96.56. This leaves a fur-ther R$236.28 of the overcharge + the R$14.90 a month for the unusable ser-vices.

My appeal to ANATEL worked, at least inpart. The bill for May 2016 (see right)shows a much reduced charge ofR$24.99 [US$7.60] for the Velox internetaccess service. Oi refused to open ports21 FTP, 25 SMTP and 80 HTTP, contraryto ANATEL's instructions. Notwithstand-ing, the aMule, GNUtella, G2 and Kadem-lia ports are all open. So although I mustnow make do with an inferior service, atleast it is cheaper than the old W@y In-ternet service. And that is all I can sayabout it. After all, it is not really ad-equate for my purpose but it is appar-ently impossible to obtain a better ser-vice at the place where I live.

To compensate for the closed ports, I have now arranged for my HTTP and FTPservers to run on a computer located in another country.

Addendum 05 January 2018

For some inexplicable reason, on this date, I noticed for the first time some ex-ternal http hits in my web server's log file. On investigation, I found that Port 80was open to the Internet. What joy! I then checked my FTP server for outside



http://robmorton.20m.com/internet/images/isp/2015threat.png


http://robmorton.20m.com/internet/images/isp/ultimate.png


accessibility. I also discovered that Port 21 was open to the Internet. I could, asI had been doing prior to October 2015, serve my FTP essays to the world.

But how did this happen? And why now after 2½ years? Perhaps ANATEL wasspot-checking old cases to see if they had been resolved, found that Oi hadfailed to open the ports as directed and enforced the ANATEL directive for themto do so. Alternatively, perhaps Oi installed a replacement distribution serverand the engineer forgot to re-block the ports after setting the new server in op-eration. I do not suppose I will ever know.

Is it permanent? Will these ports now stay open? I can only wait and see. On 28February 2018 I noticed that I was not getting outside hits to my server. Ichecked Port 80 and it was close. Obviously Oi had no intention of allowing meaccess to serve my web pages, despite this being contrary to international re-commendations. The opening of the ports on 05 January must have been a'mistake' on Oi's part. Tea break over lads. Back on your heads!

A year later on Sunday 10 February 2019 I discovered that my eDonkeyserver's listening ports 4662 and 4672 were closed. Others could not makepeer to peer links with me directly. Oi had shut these ports (I suppose to stoppeople using eMule. I had to change the listening ports to higher non-standardnumbers, after which my server functioned normally again. Two months lateron Friday 12 April 2019 Oi appeared to have engaged in a remote operation toshut all listening ports on my local modem. I had to put back the modem's portforwarding table. And on it goes...

Global Village Telecom (GVT)Global Village Telecom is the third possible ISP which could have provided mewith Internet service. As a former telecommunications professional, I had beenmarginally involved during the early 1980s with a proposal for providing fulltelecommunic ations services in the rural areas of South America. As such, thiscompany's name rather appealed to me. But alas, for me, it is simply not anoption.

GVT is a company with which I have never done business. I have never sub-scribed to any of its services. I have never entered into any kind of contract oragreement with it. Notwithstanding, this company has placed upon me untoldstress and has cause unmitigated disruption to my life and work. I truly wish Ihad never heard its name.

I started to receive sales calls from GVT in 2007. At times these reached peaksof 3 to 5 calls per day. They offered "promotional" Internet and television cableservices. GVT's calls were certainly the most frequent of any commercial nuis-ance calls, but not overly excessive for Brazil, where unfortunately one simplyhas to accept a certain amount of pointless telephonic disruption to one's con-centration throughout the working day.



http://robmorton.20m.com/book/chap01/projects.html#tcs



In July 2011, however, the situation changed dramatically. The calls increasedto between 8 and 12 per day. The call log for a typical day [12 December 2011]is shown below.

Time Phone № Rings Call Type 09:17 04833315100 3 nuisance 11:17 04833315100 3 nuisance 12:43 04833315100 3 nuisance 13:43 04833315100 3 nuisance 14:09 04833315100 3 nuisance 14:34 04833315100 3 nuisance 15:20 04833315100 3 nuisance 15:49 01135638500 4 sales 16:49 04833315100 3 nuisance

Sometimes calls were as late as 8:45 at night.

The phone calls were aggressive and varied in nature. To me, they constituteda determined campaign of psychological torture, which I can only assume hadsome kind of commercial motive. Notwithstanding, I cannot imagine how eventhe most belligerent marketing planner could ever think that this sort of beha-viour could generate a positive result. The calls continued at this level for al-most 22 months.

Year Months 2011 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec2012 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec2013 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

At the beginning, in July 2011, the calls were all the same. Simple and boring.They asked to speak to João. I said I did not know anybody here with thatname. Next call: same question, same answer. And so it went on. Then, inSeptember 2011, the name was changed. The telephone caller started to askfor Leonado Borges. I said that I did not know anybody of that name. Next call:same question: same answer. And so it continued call after call, day after day,week after week, month after month.

Then, in October 2011, the name changed again. The telephone caller (alwaysa young woman but I got the impression that there was a whole battery of wo-men making these calls to me) asked for Carlos Eduardo de los Angeles. Whothe hell he is I can't imagine. I expect it's an invented name. But obviously itwas part of GVT's sick vicious technique to wear me down psychologically tomake me give in and subscribe to their services.

These calls drove me out of my mind. I could not concentrate on my work(which requires creative thought) and I could not disconnect the telephone toget any peace as I needed to receive important legitimate calls. So I lost my





cool. I finally began to shout and swear at the women making these calls. I hadto be very careful to make sure it was not a legitimate call before I embarkedon my furore, which was at times very difficult. The telephone women makingthe calls would defensively reply that they had to make the calls because mynumber was "on the system". I remember once exploding at the woman saying"then take it off your ****ing system!", to which she replied that she couldn't.

One possible solution to this nuisance would be to have a telephone throughwhich I could make out-going calls but which would not receive calls. But then Iwould not be able to receive legitimate calls from family, friends and col-leagues. This would be exactly the telephone equivalent of the Internet “ser-vice” with closed listening ports, which I had to put up with from Oi. I would betelephonically deaf, which, for me, is not a practical option.

My outbursts obviously had some effect be-cause, in December 2011, they adopted yetanother tack. They would ring my phone be-tween 1 and 4 times only so that I could notget to the phone in time to answer it. On theoccasions I did manage to lift the phonethere was silence and the caller immediatelyhung up. With this technique GVT expandedits coverage from just weekdays to includeSaturdays. A few days' sample of these silentphone calls is shown on the right. †The finalone was recorded GVT sales hype. Thencame something worse. In addition to thenormal (now silent) phone calls, GVT beganto intersperse automatic calls between them.These were all pre-recorded. They alwaysbegan with the words: "Joâo, we have a veryimportant message for you". Then one ofthree names would be said, the first beingsimply "João", the second "Leonado Borges"and the third "Carlos Eduardo de losAngeles". Then came the words: "if you knowthis person, press 1. If you don't know thisperson, press 2". I always pressed "2" be-cause I hadn't a clue who any of them were.Of course, this was all spoken in Portuguese.And so these additional calls continued dayafter day, week after week, month after month. I couldn't do my work. I was outof my mind with anger and frustration.

Every GVT phone call, throughout this 22 month campaign of psychological tor-ture, lost for me my concentration and train of thought on my work. It lost forme at least 15 minutes working time every call, exacerbated by the exaspera-tion caused by my helplessness to put a stop to it all. At a conservative estim-ate, that's 2 hours of ineffective prime working time per day. At $30 per hour,


Wed 18 Sep 2013 10:35:07 BRT

Wed 18 Sep 2013 13:36:15 BRT

Wed 18 Sep 2013 14:36:18 BRT

Wed 18 Sep 2013 15:37:23 BRT

Wed 18 Sep 2013 16:37:31 BRT

Wed 18 Sep 2013 17:38:37 BRT

Wed 18 Sep 2013 18:11:44 BRT

Wed 18 Sep 2013 19:12:54 BRT

Thu 19 Sep 2013 10:07:33 BRT

Fri 20 Sep 2013 12:18:43 BRT

Fri 20 Sep 2013 14:43:33 BRT

Fri 20 Sep 2013 15:18:48 BRT

Fri 20 Sep 2013 16:19:33 BRT

Fri 20 Sep 2013 17:24:13 BRT

Fri 20 Sep 2013 18:33:35 BRT

Fri 20 Sep 2013 19:34:22 BRT

Fri 20 Sep 2013 20:38:45 BRT

Mon 23 Sep 2013 10:39:35 BRT

Tue 24 Sep 2013 13:41:22 BRT

Thu 26 Sep 2013 08:08:08 BRT

Thu 26 Sep 2013 18:00:00 BRT†




that comes to $29,040 in lost working time. That's what GVT's shenanigans haseffectively stolen from me. And that does not include any damages for thestress involved. I suppose GVT would think of it conveniently as one of their ex-ternalized costs of marketing.

At last, during early 2013, the automatic calls gradually faded away and the si-lent calls gradually diminished to about 4 per day.

Earlier that same month, I had received a different kind of call. The voice wasthat of a live human woman who seemed somewhat more intelligent than thecall centre girls. From her manner of speaking, she seemed to me to be somekind of lawyer. She assumed I was João. I corrected her. She then asked if Iknew João. I said no. She then asked if I knew Leonado Borges or CarlosEduardo de los Angeles. I answered rather loudly in the affirmative. She askedhow I knew them; in what connection. I replied that I knew them as a result ofhaving their names blasted into my ears 12 times a day for the past 22 monthsthrough nuisance telephone calls from GVT. Her tone turned a little apologeticand then she "politely" terminated the call with no explanation. I have no ideawho she was.

From that point on, the GVT nuisance calls seemed to tail off. This just left mewith a once or twice per week promotional call for their ISP and cable televisionservices, which they must have well known were utterly futile, and thereforesimply a continued nuisance to me. There were other silent calls about 4 timesa day in April 2013 from 03135078700. However, because they were silent, Icouldn't be sure they were from GVT. Silent nuisance calls (again about 12 perday) started again early in 2015 from numbers: 01121450020, 01123776800,01132155800, 0113792 6860. My phone rings 4 times and then hangs up. If Ipick up in less that 4 rings the caller simply hangs up immediately. Again, Ican't be sure they were from GVT. A couple of months later they died away.

I had tried from the beginning to find out how to contact GVT by letter in orderto send them a recorded delivery notice to the effect that I was receiving nuis-ance calls from them which were significantly disrupting my work. I searchedlong and hard, but nowhere on the Internet could I find the address of GVT.Eventually I found it on the website of the American CIA regarding some kind ofpending action against GVT. This site contained a link to the site of BusinessWeek, which gave details of GVT, including its official postal address in Curitiba,Paraná and the names of its executive officers.

Having finally found this information, I decided not to take the matter furtherbecause, as a lone individual, I would have little chance of achieving satisfac-tion against a telecommunications giant like GVT. Besides, I couldn't afford thecost and I had suffered an enormous loss already in terms of working time.Nevertheless, looking at this list of executives, I can't help thinking what apathetic bunch of immature excuses for humanity they must be, as obviously itis they who are responsible for devising and authorizing GVT's reprehensiblebehaviour towards me. Where did they come from? One thing I can surmise isthat if ever GVT were to go bust, they would have no trouble getting jobs withthe psychological torture department at Guantanamo Bay.





I am sure that if any lone individual were to perpetrate such a campaign ofnuisance calls upon any GVT executive, that individual would be rapidly prosec-uted and jailed. But if you are a giant corporation perpetrating it upon a lone in-dividual, that's OK. What is not OK, apparently, is for the victim to say anythingabout it.

In view of all the trouble GVT has caused me without ever entering into any re-lationship with it, I shudder to imagine what woes would befall me were I everto do so. And this is why GVT is, at least for me, well and truly off the list.

ConclusionWhen a new technology takes over any element of public infrastructure, the oldtechnologies it replaces fade away. Throughout history, society has alwaysburned its technological bridges. The point is rapidly reached where those whodo not have access to the new technology become excluded from society. Theybecome unable to participate in its mandatory processes. The Internet has, inthis way, become a vital element of public infrastructure to the extent that any-body without access to it can no longer function adequately within society. Allshould have the inalienable right to the necessary and sufficient means and fa-cilities to participate in the basic functions of the socio-economic system underwhich they must live.

With regard to one of these necessary and sufficient means, namely, the Inter-net, the private corporations of the telecommunications services industry, likea malignant cartel, have effectively seized unelected sovereign control overthis vital element of public infrastructure. They have unilaterally decided thatsubscribers' listening ports shall be closed. The subscriber has no choice. Tothem, customers are mere cannon fodder in a great economic war fought solelyfor the purpose of enriching their precious shareholders.

One should not be surprised at the way these giant ISP corporations behave.After all, they are corporations. As Lord Thurlow (1783-1792) said, "Corpora-tions have neither bodies to be punished, nor souls to be condemned; theytherefore do as they like." Lord Thurlow's words are often paraphrased as "Didyou ever expect a corporation to have a conscience, when it has no soul to bedamned, and no body to be kicked?" In his day, however, corporations couldonly come into existence by Royal Charter and had the nature of national or os-tensibly public entities. How much more extreme is their nature since theprivate limited liability entity (pessoa jurídica) came into being during the midNineteenth Century.

I remember once seeing an excellent film called The Corporation. Somewherein this long film was presented a step-by-step list of behaviour traits, which lim-ited liability corporations are required - by the very law under which they areformed - to behave in their dealings with customers. The film later revealedthat this list of behaviour traits is the clinical definition of a psychopath. For thisreason, I see the placing of such a vital element of public infrastructure into the





greedy hands of profit-driven private corporations as a supreme act of unmitig-ated madness.

I see the blocking of listening ports as the amputation of a basic and expectedInternet function. The practice effectively prohibits all direct peer-to-peer com-munication, including the running of a POP and SMTP server within one's owncomputer. [This latter is becoming more and more essential with the increasingarbitrary blocking of emails and email attachments by Microsoft and Google.]The blocking of listening ports is, in effect, a total and permanent Denial Of Ser-vice (DOS) attack perpetrated by the ISP upon the subscriber.

If the ISP is concerned about the amount of data traffic my servers would cre-ate, then it is an easy matter to use throttle-back and monthly data transferquotas to control the amount of traffic. ISPs do this anyway. Consequently, I cansee no good technical reason to implement port blocking, especially the totalblocking of all unsolicited incoming IP packets. Blocking the listening ports tomy (very low traffic) servers is an infraction of the Suggested Practices of theBroadband Internet Technical Advisory Group. It is also an unjustifiable infrac-tion of my individual liberty - a liberty I have enjoyed for almost 20 years of us-ing the Internet until this present situation arose.

Looking back to the years I had the W@y Internet open-port service, I remem-ber being somewhat puzzled by something. Whenever I looked at the list ofconnected peers on the various networks, I saw peers from many many coun-tries all over the world, including small and little known ones. But I only ever re-member seeing one from Brazil. And that was only on the eDonkey network. Inever saw any Brazilians on the gnutella or G2 networks. Why this distinctlydisproportionate absence of peers from a country of over 200 million people?Could it be because, in Brazil, practically all Internet access has closed listeningports? The situation would tend to suggest this.

I can only speculate as to ISPs' motives for this Denial of Service. Perhaps theyare being pressured by the film and media corporations to shut a means bywhich music and films are known to be copied and distributed illicitly. Perhapsthey are suffering pressure from law enforcement agencies to close a possiblemeans of distributing pornography and paedophilia. But these are obviouslyscape-goat excuses. Neither is a just or valid reason for closing these means toeverybody.

The original purpose of the Internet was to facilitate the free and unen-cumbered exchange of information and knowledge between any and all. Per-haps this is the problem. Perhaps the real reason for port blocking is that ISPsare suffering international political pressure to close all means through whichordinary people may exchange information and ideas point-to-point, unsur-veilled by the clandestine agencies of foreign powers. Perhaps somebody con-siders person-to-person intellectual exchange to be a real and present threat tothe status quo. I don't know. Whatever the motives, I feel that right now I amwitnessing the on-set of a new Dark Age of Closing Doors with regard to free-dom of communication in Brazil. Or is it the whole world?





Despite my continued pressure, those who represent Oi to me continue toclaim total ignorance as to the nature of my problem. They - Internet profes-sionals - seem not even to understand what ports are or what is meant byclosed ports. This seems very strange. They seem to be under some kind ofoath of silence regarding closed ports. Is the ISP being pressured or paid for itssilence? Are ISPs receiving hefty backhanders from the American Thought Po-lice (ATP) to keep listening ports closed in order to force all person-to-personexchanges through giant American-owned servers, where everything can bemonitored and recorded?

The apparent "inability" of Anatel, the Brazilian Government's CommunicationsRegulator, to enforce the suggested practices of the Broadband Internet Tech-nical Advisory Group upon the ISP suggests something more Draconian. Per-haps the ATP are pressuring the US government to pressure all governments tomandate that ISPs close all listening ports on domestic Internet accounts, thusclosing the doors to low-traffic servers, thereby plugging all the little holes andgaps where truth may leak out.

Whatever the reasons, it would seem that full-function access to the Internet isno longer available in Brazil, at least for domestic subscribers like myself. Idon't know about accounts for government and heavy commercial use. In otherwords, Internet services in Brazil are not continuously scalable. It is not merelyspeed (which consumes bandwidth) that is limited on small accounts but alsofunctionality (which does not). Thus, it would seem that my W@y Internet ac-count must have been a hang-over from the old days of an open fully-func-tional Internet, which fortuitously continued unnoticed until the recent change-over.

It would seem, therefore, that small-account Internet users (the people) aremeant only to listen: not to speak. They are meant only to buy products fromInternet shops and partake in trivial exchanges via social media sites (wherethey can be monitored). Only government, celebrity and corporation mayspeak and be heard. This is a serious question for individual liberty. It is also aserious consideration for inward investment and expeditionary business pro-jects, which must frequently start small from one or more home-based offices.

I think that, for the purpose of private person-to-person telecommunications,the time has come to consider alternatives to the Internet.

© August 2015 to January 2016 Robert John Morton

[1] I was not the ISP's actual customer, that was somebody else, who subscribed to theservice on my behalf. However, throughout this essay, for clarity of prose, the first personsingular has been used to indicate either or both of us. The other person has no know-ledge, involvement or responsibility regarding any of the content of this monograph essay.

[2] Within this essay, an open port is a TCP or UDP port number that is configured to ac-cept unsolicited incoming IP packets. An open port in this sense is also known as a listen-ing port.

Robert John Morton Related Article: Who Owns Cyberspace?



http://robmorton.20m.com/internet/cyberspace.html


http://robmorton.20m.com/internet/cyberspace.html#alt


ip port blocking by internet service providersrobmorton.20m.com/internet/isp.pdfthe internet ip port...

Documents