Web Site of Robert John Morton
IP Port Blocking by Internet Service Providers
They arbitrarily block listening ports, thus relieving you of your freedom to interact with other Internet users as you wish. Trying to cancel an ISP's service is synonymous with a declaration of war. And I strongly suspect that they also engage in other more sinister shenanigans.
There are many good and commendable things I can say about Brazil. But from my experience, its Internet service providers (ISPs) have deteriorated into what is undoubtedly its worst advertisement and a significant detriment to its on-going development.
I am positioned not too far from the centre of a conurbation of around 3 million people. Yet the best Internet service (known here as bandalarga or Velox) that I have been able to obtain gives me a 2 Mbps download speed and a 512 kbps upload speed, with a total block on all unsolicited incoming IP packets. In other words, all my listening ports are blocked. And the ISP flatly refuses to open them, despite this blocking being contrary to the suggested practices of the Broadband Internet Technical Advisory Group.
Quite frankly, in the year of 2015, I would have expected better. The speeds don't bother me. They are perfectly adequate for my needs. But the blocked ports most certainly do bother me. All the ISPs, who could provide a service to me, take the same line. They all block all listening ports. So as a mere customer, I either have to like what I'm given, or lump it. To me, this high-handed attitude is unacceptable. Hence this article.
W@y TV: An Ideal Service
In 2004, I  subscribed to an Internet service provided by an ISP called W@y TV in Belo Horizonte-MG, Brazil. This service gave me a download speed of 512 kbps (kilobits per second). I later upgraded to 2 Mbps (megabits per second) in about 2012. This provided an upload speed of 512 kbps, which was a little slow for my requirements but certainly sufficed. The great feature of this service was that all listening ports were open . Perhaps a few were shut, but none that affected anything I wanted to do. The IP (Internet Protocol) address was officially dynamic. However, I never saw it change since around 2008. For all intents and purposes I had the fixed IP: 18.104.22.168. Instead of having to sign in to the service, user validation was done automatically by identifying the MAC address of my TP-Link router. I have a suspicion that, a few years into the service, the technicians had simply decided, for convenience, to tie my router's MAC address to this IP address, which was nice. The W@y TV technicians, were polite and seemed competent and appropriately knowledgeable. I got on well with them.
About a third of the way through my eleven years of using the W@y TV Internet service, W@y TV was bought by a telecommunications company called Oi. Consequently, from July 2008, my monthly bill for the service came from Oi, not W@y TV. Notwithstanding, I think that Oi, although the owner, left the old W@y TV people - at least from a technical point of view - to carry on their service as before. In fact Oi itself offered a competing service. The service provided by W@y TV was by coaxial cable, using a 573 MHz (megahertz) radio frequency carrier for download and a 32,496 kHz (kilohertz) carrier for upload. The Motorola Surfboard SB5101 [DOCSIS 2.0 compliant] cable modem had a top download speed of 38 Mbps, so I had plenty of speed upgrade potential, even if this actual top speed of 38 Mbps was not practical over the existing cables.
My home installation comprises 3 personal computers running Xubuntu Linux, each with a precisely-configured firewall to suit its intended use. The 3 computers are connected to a TP-Link router Model TL-WR741N, which also has a precisely-configured firewall with the minimum necessary and sufficient ports forwarded to one of the 3 computers on the LAN. The router is connected to the Internet via the Motorola SB5101 Surfboard cable modem.
I have subscribed to the W@y Internet service for 11 years. The service has worked perfectly with the installation shown above for at least 5 years. The firewall, shown in red on the cable immediately in front of each respective device, is of course really software, which is running inside the device itself.
Although retired, I continue to write articles on many topics which I make freely available via the Internet to whomsoever would wish to read them. All are on my web site, which is hosted on a server in the United States of America. I also make them available in PDF files, which I share via the eDonkey/Kademlia networks and Gnutella/G2 networks. The "fixed" IP address also allowed me to share them via a File Transfer Protocol (FTP) server, which I set up within my own computer.
These eDonkey/Kademlia, Gnutella/G2 and FTP servers within my computer consume hardly any bandwidth. On average, my colleagues and others around the world between them download from my computer about a dozen or less article files per day. This amounts to around 5 MB (megabytes) of data uploaded via my 512 kbps upload connection per day. Minuscule. My servers are thus more like transponders than servers. They would certainly never create any traffic saturation problem for the ISP.
How I wish that this tranquil state of affairs could have continued. Sadly, in a letter postmarked 14 July 2015 (followed by two shorter reminders), the ISP Oi, informed me that the old W@y TV & Internet service would cease on 18 August 2015. This, I was told, was because the technology was too old to be continued. Of course, like any service, W@y TV Internet had short periods of downtime. But never anything catastrophic. Its continuity of service was, on the whole, excellent. I had only 4 service call-outs in 10 years.
This gave me barely a month's notice to find a new provider. Furthermore, although W@y had moved the service to my "new" address on 20 December 2005 (almost 10 years ago) Oi sent all these letters to my old address. As a result, I did not receive them until the beginning of August. I was fortunate to receive them at all. Oi sent no such letters to my present address, to which they correctly send their monthly bills. Thus I was left with barely two weeks to find another ISP.
NET: The Beginning of Woes
I searched the Web for ISPs who could provide an Internet access service in my locality. I found three: Oi (through whom the old W@y TV service had been provided), NET (NET Serviços de Comunicação S/A) and GVT (Global Village Telecom). GVT is the last company on this planet with which I would wish to do business. I will reveal why later. I therefore decided to try one of the services offered by NET.
I found a package offering 15 Mbps download speed and 2 Mbps upload speed. This was adequate and the price was reasonable. However, I needed to ascertain that this service did not have ports 21, 4662, 4665, 4672, 47862, 57195 closed because I needed these to be open for the file sharing protocols through which I made my articles freely available. I would really have liked a fixed IP address with port 80 open as well. However, I was not hopeful that this would be possible and resigned myself to having to live without it. Try as I might, I could find no information whatsoever about the status of listening ports from NET's website. I logged in to NET's chat facility through which I could chat live to an "expert". I tried chatting with several of their "experts" at different times but not one of them answered my direct and pivotal question about listening ports. It was obvious to me by then that none of these "experts" even knew what a listening port was. And neither, apparently, did their supervisors.
My only option was to take on the service conditionally. I ordered the 15Mbps service from NET on Friday 07 August 2015 via NET's website. I included the option for integrated telephone service because the additional cost was minimal. This included the migration of my current telephone number from an Oi telephone line to the new NET telephone. My Oi telephone account was a simple stand-alone telephone service. It was completely separate from the old W@y TV Internet service which Oi had bought and taken over. My order was confirmed by email from NET on Friday 07 August 2015 at 10:59 am. The installation was scheduled for the morning of Tuesday 11 August 2015.
On the morning of Monday 10 August 2015, I received a phone call from a man purporting to be the installer of the NET service asking directions to my home. I gave the directions but said the installation had been scheduled for the next day. He arrived at about 11:30 hrs. with a modem, RJ45 connecting cable, a large coil of coaxial cable and a bag of tools. Not having expected any disruption until the following day, both computers were running and I was working on-line through the old [W@y TV] cable service. Everything was working perfectly as it had been doing for the past 11 years. I had to log off from my Internet activities but left the computers and router running.
The technician disconnected the coaxial cable, which carried the old W@y TV cable service to my apartment, from the splitter in the W@y TV source cable at the distribution box in the hallway outside the apartment. He reconnected the cable to the apartment to a different splitter which was on the source cable of the NET cable service.
The technician then went into my work room and disconnected the old Motorola cable modem from my TP-Link router and removed the modem, He replaced it with the different modem, which he had brought with him. He had brought it loose and unboxed. There were no instructions with it and no user manual. He connected the new modem to my router through the short yellow RJ45 cable he had brought. He connected the new modem's power supply and plugged it into an outlet. He also plugged my telephone into the new modem he had brought. The modem he had brought with him was as follows:
|Name:||RCA by Thomson
|MAC address CM:||001E69C8AEC7
|MAC address MTA: ||001E69C8AEC8
|Power Rating:||12V, 1A unsmoothed
|H/W:||1.0 [DOCSIS 2.0 compliant]|
The technician did not install any coaxial cable anywhere: neither in my apartment nor anywhere else in the building. He used the existing coax that had been installed 11 years previously by W@y Internet and was still in place. He therefore did not use any of the large coil of coaxial cable, which he had brought with him.
The lights of the new modem illuminated in the normal way to indicate that it had synchronized correctly with the NET digital cable service. I tried to access web sites from my browser. There appeared to be no access to the worldwide Web. The browser appeared to be unable to access a Domain Name Server. I then opened the web interface of my TP-LINK router (through which I had been accessing the Internet up to a few minutes before for over 5 years via the old W@y TV Internet service) which had been working perfectly minutes before on http://192.168.1.1:86 to check the WAN status report:
|WAN information registered by router:
|Endereço MAC:||BCAEC55CE92A [de router]
|Endereço IP:||100.68.64.37 [IP Dinâmico]||pings OK
|Máscara de Sub-rede:||255.255.224.0
|Gateway Padrão:||100.68.64.1||pings OK
|Servidor DNS:||22.214.171.124||pings OK
This indicated that the router had established contact with the modem correctly and had acquired DNS servers. I tried to access a common well-known website. The browser appeared not to be able to establish contact with a DNS. I pinged the working IP address of the modem as well as the IP addresses of the gateway and the DNS servers. All answered my pings correctly as shown in the above table. I also pinged the standard IP address 192.168.100.1 for modem web interfaces. The RCA Thomson modem answered the pings correctly. I tried to access the modem web-interface on 192.168.100.1:80. The page started to load but the modem reset the connection almost instantly before any of the page appeared on screen.
The next day, once I had put the old W@y TV service back, I discovered by web search that the RCA modem the technician had installed was an old discontinued model, which could only be configured via telnet. Since telnet is a vulnerable service, which I don't use, I had closed the telnet port (Port 23) in my computer's firewall.
A second technician had by now arrived at the request of the first technician, who was clearly out of his depth. The second technician told me that the web-interface address was wrong and should be 192.168.0.1. I pinged this address. No response. There was no service at all on that address. I tried a remote ping-back, which gave my IP address, as seen from the outside world, as 126.96.36.199.
The second technician rang his superior. Then he told me that the problem was with the NET service itself and nothing to do with my equipment configuration. He said the problem was because NET is changing over to IPV6 addressing so the modem would have to be reconfigured for IPV6. Of course, there was no mention of this in any of the scant information available prior to purchase. Furthermore, as is apparent in the above table, all necessary addresses had been acquired for the WAN (Internet) side of the router. All these are clearly IPV4 addresses. There isn't a single IPV6 address in sight, neither is any needed.
I tried again with my computer connected straight to the RCA modem, thus bypassing the TP-Link router. I still could not access a single website. My computer has an absolutely up to date version of the Linux generic kernel, its headers and all necessary auxiliary packages. Its networking software is 100% IPV6 compatible. I opened the networking configuration utility but could see no evidence that it was trying to acquire an IPV6 DNS.
The second technician said that an expert called Sirley would come tomorrow [the day for which the installation was originally scheduled] at 9:00 am to re-configure the modem. The two installers could do no more.
Before leaving, they presented a multi-layer form to be signed. The in-fill was essentially illegible but it was duly signed, assuming it was to verify that they had attended the premises and installed the equipment, which they had. The two installers left at about 12:30 hrs. leaving the bottom copy, in which the in-fill was completely illegible. Being British, I am, as a customer, always used to receiving the top copy (written layer) of a multilayer form. Here in Brazil, however, I am not too familiar with the rules in this regard. That evening, I took a closer look at the form. Please click the image for a high resolution view of the form. I  had inadvertently signed a form whose illegible in-fill did not reflect the truth.
Although the entire written in-fill of the form was totally illegible, the marks against certain yes/no tick-boxes could be deciphered. These asserted that:
- The technician had brought a Welcome Pack and a copy of the contract.
- The technician instructed the customer on how to use the system.
- The NET service was working perfectly as witnessed by the customer.
- Customer is aware of the need to send a copy of personal identity document and undertakes to forward it within 48 working hours.
All the above were lies. The technician did not bring a Welcome Pack. Nor did he bring a copy of the contract. Hence I did not know the contract number when I decided to cancel it. The technician did not instruct me on how to use the system. He couldn't. It wasn't working. Consequently, the ticked statement saying that the NET service was working perfectly as witnessed by the customer was an outright lie. The customer was never asked to show an identity card, which, had I been asked, I could have shown them there and then. Especially with a company like NET, one must remember the age-old advice: caveat emptor (let the buyer beware).
I tried making phone calls with the telephone connected to the new service. I had difficulty obtaining a dial tone. Eventually I heard a dial tone and dialled somebody I know. The call was successful. I managed to make another successful call. That was the last call I was able to make. Try as I might for over half an hour, I could not acquire a dial tone. What use would this be in an emergency? What use would it be for anything? Furthermore, I did not know the number of the NET telephone from which I was calling. It wasn't my normal number. The telephone plain and simply did not work. I re-plugged my telephone back into the original normal telephone line supplied by Oi (formally Telemar).
The following morning, the "expert" Sirley never showed. The second technician had given me his cell phone number 83351796. Nobody answered on this number. I rang NET and made a new appointment (Protocolo de atendimento: 013150542887946 Tuesday 11 August 2015 14:00 BRT) for yet another "expert" technician to come. He came at about 12:20 hrs.. He connected his laptop (running Microsoft Windows) to a spare port on my LAN router. He was able to test download speed and access web sites. He said the problem was my OS, Linux. This to me seemed rather strange. The technician said he could do nothing more. He only knew about Microsoft Windows. Having been in IT for over 50 years, I knew well this kind of declaration. It's always the fault of the user's equipment, despite it having been working perfectly well with the W@y TV service for 11 years. I knew it was now up to me, the customer, to resolve the technical difficulties with the NET service.
Then I had a eureka moment. For such a problem as this, the difference in the operating systems was irrelevant. If it worked with the technician's Windows laptop but not with my computer, something within my computer was blocking the passage of certain data which the laptop was letting through. "My firewall", I shrieked. My firewall settings must be blocking a listening port required by the NET service. I switched off my computer's firewall. I was then able to access websites from both my Linux machines. However, it left my Linux computers unguarded and potentially vulnerable. I had to make sure that I disabled or uninstalled all unrequired service dæmons. It was then around 12:50 hrs.. The third technician left. At least I now had Web access.
Since my experience with the NET service, I have never discovered why my web browser should need an open listening port in order to access a DNS. It has remained a mystery. I cannot see why the browser ever needs to listen on an incoming port at all. This is doubly mystifying since the firewall in my TP-Link router has exactly the same listening ports open as the computers do, except that the computers have additional listening ports open for services limited to the Local Area Network (LAN), such as printing on Port 631 and NFS on Ports 15, 16, 31 and 32, which are not open in the router's firewall. Unfortunately, I never had time to investigate exactly which port the NET service needed and why. It makes me rather suspicious of what "else" the NET service may have been trying to do in my computer other than finding and serving the requested web page.
The technician having left, I set about to verify that all my required services were operating correctly. I started my web, FTP, eDonkey/Kademlia and Gnutella/G2 servers. My FTP and Web servers only had visibility within the LAN. They were not visible to the outside world. This was no surprise as the service only provided a dynamic IP address. I could live without them. I would have to live without them from now on. My eDonkey/Kademlia and Gnutella/G2 servers were firewalled. All their required listening ports were blocked, even though they were all open both in my computers' firewalls and router firewall. They could only be being blocked by the NET service itself. I used an external web-based port checking service to check the operation of 8 listening ports that I needed to be open. All were being blocked by the ISP [NET]. Not so much as one of the listening ports I required was open.
I don't know whether the ports were being blocked by the ISPs routers or simply by a firewall inside their modem. But, without a user manual for instructions on how to do so, I could not get configuration access to the modem. So the question was moot.
I could not share my essays and articles with colleagues and other interested people all over the world. They preferably need to be able to access them on my FTP site and download those files which contain essays and articles that they may wish to read. Without open ports my eDonkey/Kademlia and Gnutella/G2 servers can work after a fashion, but incoming searches would be impossible, which rather defeats the object of the servers. I finally tried to access the FTP server of my web hosting service in the USA. I could not connect to my web hosting service by FTP. Consequently I could no longer maintain and update my own web site.
For me, these blocked listening ports rendered the NET service completely and utterly useless and unworkable. Consequently, after no more than an hour's rigorous testing, I realized there was no option but to cancel the NET service, which I did 13:20 hrs. on Tuesday 11 August 2015.
NET: Cancellation: The Second of Woes
I could not cancel the contract without knowing the contract number, which of course, I did not know because I had never been given a copy of the contract. After a long and stressing telephone call, I finally managed to prize the contract number (013028414190) out of NET. Then followed four attempts to cancel the contract:
|Attempt||Protocol №||Time||Date||Attended by||Modem to be Collected
In the first two attempts, the person who attended gave a protocol number and then left me waiting indeterminately until the call finally dropped. Finally, at 13:37 hrs. the NET functionary verified that the contract was cancelled without onus and that the modem would be collected by NET on the 19th August 2015.
I immediately removed the NET modem from my installation and put back the original W@y TV service's RF cable modem. I disconnected my apartment's cable from the NET service cable at the distribution box in the corridor and reconnected it to the old Oi (W@y TV) service cable. I was, however temporarily, back on the Internet.
I spent Wednesday, 12 August 2015 at my computer catching up with my two entire mornings of lost working time. The following morning (Thursday 13 August 2015), I telephoned NET to make sure that the migration of my original telephone number from the original Oi telephone line had been cancelled too. Then it all began all over again. I was told that there was no record of my contract having been cancelled and that neither had the migration of my telephone number been cancelled. That is when I embarked on the fourth attempt to cancel the contract. This time my call was handled by a person who identified himself as "Anderson". At 13:38 hrs. on Thursday 13 August 2015, Anderson assured me that:
- The NET Internet service would be cancelled within 1 hour.
- The NET telephone service would be cancelled within 24 hrs.
- The contract with NET was already cancelled.
- The migration of my Oi phone number to Net was already cancelled.
- NET will collect modem, RJ45 lead & power supply on 24/08/2015.
Early, on the morning of Friday 14 August, I had an uneasy feeling about the fourth cancellation attempt. Why should it be any different from the other three? Furthermore, NET had extended the time it was going to delay in collecting the modem. NET may use this to construe that I had had use of their service from 10 August until 24 August, which was 15 days or half a month. In fact, I had had workable access to their service for less than 40 minutes, a fact they could easily verify by pinging their modem remotely and seeing that it was not connected. Even then, I could only access the NET service with my computer firewalls completely disabled.
For this reason, I decided not to wait any longer and to contact Anatel, the telecommunications regulator in Brazil. I registered on the Anatel website and filed a complaint against NET at 09:55 hrs. 14 August 2015 under Protocol № 2701643-2015. I must now wait to see if it will have any effect.
The next day, Saturday 15 August 2015, at 11:05 am, NET called me by cell phone confirming the Encerrramento do Contrato (Termination of the Contract) and that the modem etc. would be collected between 12:00 and 17:00 hrs. on 24 August 2015. The Protocol № of this action was given as 013150544333121. Later, at 13:00 hrs. on the same day, NET called me again by cell phone saying that they had been contacted by Anatel and that the modem etc. would be collected earlier, namely, on Wednesday 19 August 2015 between 12:00 and 17:00 hrs.. The Protocol № for this action was given as 013150544155219. NET gave me telephone № 08000200200 to call, should there be any further problems.
This whole process of ascertaining the applicability of the NET Internet service to my requirements had consumed a whole week's worth of stressful mornings. My anger was raised because all this disruption could have been so easily avoided if the NET sales staff had not been so abysmally ignorant of the product they were selling. I had tried desperately to find out all the necessary technical information about the service before purchase, all to no avail. I was met at every turn with an impervious wall of ignorance.
It appears to me that NET employs people with little, if any, technical knowledge and provides them with little, if any, technical training. In other words, NET appears to me to have externalized the whole task of ascertaining the technical applicability of the offered service, plus the managing of their sales and technical staff. This task thus falls into the lap of the customer, without him being provided with any references to necessary proprietary information. The only place I was able to find any technical information at all was on blog sites for disgruntled users.
With all listening ports blocked, the NET service cannot rightly be called a proper Internet access service. And so NET is not strictly an ISP. It is simply a Web access service provider (WASP). The user can access content via a Web browser and partake in whatever restricted interactive facilities can be implemented through a Web page. But nothing more. NET's blocking of all listening ports, without allowing the user to unblock those of his choosing, is absolutely contrary to the Suggested Practices of the Broadband Internet Technical Advisory Group, the emboldened heading statements of which are listed below.
- ISPs should avoid port blocking unless they have no reasonable alternatives available for preventing unwanted traffic and protecting users.
- ISPs that can reasonably provide to their users opt-out provisions or exceptions to their port blocking policies should do so.
- ISPs should publicly disclose their port blocking policies.
- ISPs should make communications channels available for feedback about port blocking policies.
- ISPs should revisit their port blocking policies on a regular basis and reassess whether the threats that required the port blocking rules continue to be relevant.
- Port blocking (or firewall) rules of consumers’ devices should be user-configurable.
It appears to me that, on all these points, the service provided by NET scores a big fat zero.
At 16:30 hrs. on Wednesday 19 August 2015, a technician from NET collected the RCA/Thomson DHG534B modem, yellow RJ45 cable and wall wart power supply. NET did not incur any costs installing any cabling or outlets within my apartment because these were already there.
A Reprehensible After-Shock
Notwithstanding, on 12 December 2015, I received a totally unexpected and extremely severe letter from what appeared to be some kind of financial debt registry called Serasa Experian. The letter was dated 01 December 2015, post marked 03 December 2015. It was not received until 12 December 2015. As well as the name of Serasa Experian, the letter also bore the name Claro, which is a telecommunications service provider. However, as best as I am able to ascertain, the letter appears to have been sent by Serasa Experian. The letter was not signed. Please click the image on the right for an enlarged readable view of the letter.
The letter states (wrongly) that, for reason of non-payment, NET has terminated my contract and requested that my name be blacklisted, presumably on a publicly-viewable blacklist maintained by Serasa Experian, the author of the letter. The letter then specifies the creditor as:
NET BELO HORIZ
Endereço da Credora: R FLORIDA 1970 - CIDADE MONCOES -SÃO PAULO - SP - CEP:04565-907
The letter then details the alleged debt as follows:
|Valor da anotação ||Data do vencimento ||Natureza||Contrato
|R$309,18||20/09/2015||OUTRAS OPER ||N28414190/05T654
The letter continues my making an overt threat that unless I settle the debt within 15 days of the date the letter was allegedly posted (03 December 2015) then my name will be made publicly available on Serasa Experian's blacklist of non-payers. Since the letter was received on 12 December 2015, this leaves me until Friday, 18 December 2015 to settle the "debt". That is 5 working days from becoming aware that this alleged unexpected and incongruous debt even existed.
The letter then specifies two telephone numbers (3003-0222 and 0800-722-0222) which I may call to negotiate how I may pay the "debt" and get my name removed from Serasa Experian's blacklist. I telephoned the appropriate number, whereupon I was asked to dial in my CPF number, which is a number allocated to all residents in Brazil, as a unique personal identification for all financial transactions and taxation payments.
At this point I became highly suspicious. This had happened before with regard to NET and also Oi (see later). These ISPs are surrounded by swarms of dubious businesses, some of whom provide out-sourced technical services and others who are simply phishers of personal information for purposes such as credit card fraud. Generally, the next piece of information asked for is one's RG (Registro Geral) number, which identifies a person as a citizen or a foreigner of permanent residence. Then follows a request for one's credit card number, including the 3-digit security code (presumably for the purpose of settling the "debt").
I had received a letter, right on top of the 11th hour, about an alleged debt about which I had had no previous intimation and which does not make any sense. This letter contains telephone numbers which are answered automatically, do not announce who they are and ask immediately for sensitive personal information. I have no way of verifying the letter's authenticity. To me, this spells scam.
The following facts are relevant with regard to this letter.
The contract was not terminated by NET: it was terminated by me.
This was not because of my non-payment but because I had found the service to be unsuitable for my purposes.
No information or warning regarding this charge was given prior to the trial purchase.
No invoice or statement of account regarding this charge was ever received prior to the letter received on 12/12/2015.
I had never seen any mention of a Contract N28414190/05T654 prior to receipt of the letter on 12/12/2015.
I used the service provided by NET exclusively for the purpose of evaluation.
This was necessary solely because NET was either unable or unwilling to provide me with the simple necessary and sufficient technical details about the service for me to be able to verify that it could not meet my requirements.
I used the service only for the 40 minutes I required to evaluate the suitability of the service to my needs, after which I removed the NET modem and disconnected the service from my apartment.
NET incurred practically no costs since all necessary cabling and fittings were already installed in my apartment and condominium building.
I managed to access the Internet for the first time using the NET service at 12:00 11/08/2015. I cancelled the service at 13:10 11/08/2015: Protocolo 013150543019564.
I was told by NET that the service was cancelled without onus: Protocolo 013150543743585.
The cancellation was arbitrated by Anatel: Protocolo 2701643-2015.
Due to the imminence of the threat to be placed on a blacklist of non-payers, I decided to deal with this through Anatel. So, on 13 December 2015, I registered an appeal to Anatel, via the Anatel website, about this "charge out of the blue" - apparently levied by NET.
The whole way this situation had arisen led me to suspect that the letter purporting to be from Serasa Experian was the work of a identity theft gang. It was a letter out of the blue. It arrived at the 11th hour, leaving no time for me to deal with the situation calmly and systematically. There was no prior intimation whatsoever about the existence of this charge. I had no reason to suppose of its existence. However, I was to be rudely surprised.
At 09:10 hrs. on 14 December 2015, I telephoned NET on number 10621, which I knew to be genuine. My call was attended by a functionary called Daiane who gave a Protocol No 013150585472291 for my inquiry. I related the situation of having received this letter purporting to be from Serasa Experian, fully expecting to be told that NET had no record of any outstanding debt, which of course it shouldn't.
To my absolute surprise, she said there was an outstanding debt of R$309.18 from 20/09/2015 which I had not paid and that I could retrieve a payment slip from the NET website or, if I preferred, she would send the payment slip to me by email. I opted for the latter.
I received the email to which was attached the bill/payment slip shown on the left. Please click the image for a readable version. I note with interest that the nature of the charge is for "Itens Eventuais", which I would translate as "Sundry Items", which is appropriately nebulous, especially since I had asked for details of the charge. Details are shown below, although I have to admit that I could not read the microscopic print without a magnifying glass. NET charged me R$9.18 for 3 days use of their service. In fact I used it for only 40 minutes. The NET modem was connected to the coax for 70 minutes, after which the coax itself was disconnected from NET's service and reconnected to the old W@y service. The bulk of the rather excessive cost of R$300 is stated as being for the installation of the service.
The first thing my magnifying glass picked up in the "details" of the bill was that NET charged for the installation and usage of a service called "VIRTUA 15M S/WiFi COM FONE". NET did not "install" anything that could be remotely construed as WiFi.
The only activity, on the part of NET, which could be construed as installation of the service was as follows:
- Disconnect the old W@y modem from the coax, my router and power
- Connect the NET modem to the coax and my router and plug in power
- Leave me without any functioning service.
Please note that it was I who had to reconfigure my system to suit their modem by switching off my firewall. Even then, all I could do was access websites: nothing more.
It was then I who disconnected their modem and reconnected the old W@y service. How can what NET did possibly justify a charge of R$300, especially when they said that the service would be cancelled without onus?
It was W@y TV who had cabled my apartment over 10 years previously on 20 December 2005. The service order detailing this work is shown on the right. Please click on the image for a full sized view. I have paraphrased, in the following list, the installation work carried out under this order.
- Route new coaxial cable from distribution box in corridor to outlet box in apartment sitting room.
- Terminate coaxial cable at each end with coaxial connectors.
- Connect a two-way 3dB splitter to the apartment end of the cable.
- Cut a 3-metre length of coaxial cable to reach the TV from the apartment outlet box.
- Drill through the wall to the veranda, where the TV is located and grommet the hole.
- Feed the cable through the hole and fit coaxial connectors to each end of the 3-metre length of coaxial cable.
- Connect one end of the 3-metre length of cable to the two-way 3db splitter and the other end to the cable TV decoder.
- Prepare a 1-metre length of coaxial cable and fit a coaxial connector at each end. Use this to connect the TV decoder to the television set.
- Run a mole cable through the telephone conduits of the apartment to locate the route to the outlet in the study room.
- Use the mole cable to pull about 15 metres of coaxial cable through the conduits, from a telephone socket next to the cable outlet box in the living room, to a telephone socket in the study room behind the desk.
- Terminate each end of the 15-metre length of coaxial cable with a coaxial connector.
- Connect the sitting room end of the cable to the second outlet of the two-way 3db splitter.
- Connect the study room end of the cable to the Motorola Surfboard modem.
- Connect the modem to my computer via a two metre length of RJ45 cable.
- Connect the apartment's new cable to the W@y TV service cable in the distribution box in the corridor.
- Test the cable TV service. OK.
- Test the Internet access service. OK.
Total time taken: 1 hour 57 minutes. This I can imagine as justifying a charge of R$300, although W@y TV made no charge for installation at all.
NET did not carry out any such installation work. NET simply used the existing installation put there by W@y TV ten years before to allow me to test the suitability of their service. NET said to me plainly that the trial was without onus and then renegued on what they had said by charging a substantial fee. And this false cost could be what NET charged onwards to me as the customer for whom the work was purported to have been done.
It is entirely possible that NET truly believes that the installers it sent did the full installation of the coaxial cable and fittings to, and within, my apartment. As I am given to understand it, NET outsources the task of installation to various one-man-and-his-dog businesses. It is therefore entirely possible that the people who connected the NET modem in my apartment invoiced NET falsely for the price of a full installation, charging for the full time for drilling and routing, plus the cost of a copious length of coaxial cable and associated fittings.
Notwithstanding, NET made this charge without billing me or even telling me that they had made a charge. The first I know about it is 5 days before they place my name on a publicly-accessible blacklist of bad payers. I have never in my life been a bad payer. Thus, placing my name there constitutes a Tort of Defamation against my person and my character. Being a Public Servant, this could well jeopardize my career, my position and my pension, as well as precipitating future consequential losses and damages. And all without just cause.
Consequently, although I deny absolutely that I have any obligation whatsoever to pay this charge, I nevertheless decided to pay it. This is solely to avoid NET placing my name on the Serasa Experian blacklist. They have - deliberately, as it appears to me - left me no time to dispute this charge before my name would appear on the blacklist. I have thus been forced to pay a debt I do not owe in order to avoid suffering the unmerited dire consequences which NET and Serasa Experian have threatened to place upon me. To my mind, this makes me an undeserving victim of aggravated extortion perpetrated upon a hapless individual by two substantial corporations. Certainly, in any future judgement I may make, I shall regard the Serasa Experian blacklist of bad debtors as having no credibility whatsoever, either way.
On 16 December 2015, I received a phone call from NET saying they had received communication from Anatel. The person simply asked if and when I had paid the debt. I told the person I had paid it. The person then said that they had not yet received confirmation from the bank that the money had been received. He continued that, once they had received confirmation, they would remove my name from the bad debtors list.
This phone call clearly demonstrates the unmitigated audacity of this company. Firstly, despite the content of the Anatel appeal, the caller proceeded with the two audacious presumptions that 1) the debt actually existed and that 2) the delay in payment of the debt was entirely due to my deliberation, negligence or oversight. The context of the call revealed clearly that my name had already been placed on the Serasa Experian list of bad debtors, and that they would only remove it once their bank had confirmed receipt of my payment. There was no mention whatsoever of the illegality of the charge in the first place or even that I was disputing it.
It appears that one simply has to accept that this is the way things are done in Brazil and that all is governed according to the law that might is always right.
If NET had been honest and supplied me with the few technical details I had asked for in order to assess the suitability of their service to my purposes, I would never have requested the service. But NET's sales and technical staff told me that all but 3 listening ports were open. As a result, I requested the service only to find it could not meet my needs. I quickly discovered that no listening ports were open at my premises. NET supplied no instruction manual with the modem and NET's technicians refused to open the ports.
The second detail my magnifying glass picked up on the emailed bill from NET was a set of protocol numbers, which appeared as follows:
REGISTROS DE ATENDIMENTO:
The first one, 013150585472291, pertains to my telephone call in response to the letter from Serasa Experian on 14 December 2015. The other four protocol numbers I know nothing about and hence they do not pertain to any interactions between NET and myself.
The upshot of what NET did has thus gained them an extra R$309.18, which they would not have gained had they been honest. NET's shareholders must be pleased. I'm not. I find myself unable to suppress my feeling of moral obligation to state that I find this behaviour on the part of NET to be reprehensible.
A Chance Discovery
On 06 January 2016, I arbitrarily decided to embark upon the gargantuan task of clearing all the accumulated junk from my email account. Buried way back in the truckloads of junk advertising for everything from sex pills to cut-price air fares, from dating sites to appeals from phoney charities, I spied an email title that began with the word "NET". I think I might have seen it way back in September or October 2015. I can't really be sure. Notwithstanding, the NET service having been cancelled without onus on the very day it was "installed", I must have dismissed it as being either a "sorry to see you go" email or a plain simple item of unrelated unsolicited junk advertising.
The last thing on Earth I would ever expect to receive by open email is a bill, especially since I had absolutely no reason to expect one. Notwithstanding, these irresponsible idiots actually sent me a bill via unprotected open email. I didn't even know they had my email address. I would never give my email address as a means for receiving bills. In this open unprotected email, they state my full name, my full postal address and my CPF number (a number which everybody in Brazil has as a means of uniquely identifying them for tax, financial and trading purposes). Together with my email address, this makes quite a bonanza for any identity thief, be he petty, organised or from some clandestine foreign agency.
The bill itself was in a separate PDF file attached to the email. This PDF file was completely open and unprotected. In other words, it was unencrypted. Not that NET asked for my public PGP key anyway. This bill, which is shown on the left, was discovered for the first time by me - entirely by chance - on 06 January 2016.
It too contained my full name, my full postal address and my CPF number, all of which I have removed from the illustration on the left. The bill also contained the number of the so-called "contract" (which I had seen for the first time in the letter from Serasa Experian), plus the due date and the amount "owed". If I had been expecting a bill at all, I would have expected it to arrive by normal post, as all my other bills do.
Again, this "original" emailed bill from NET contained a list of protocol numbers, which appeared as follows:
REGISTROS DE ATENDIMENTO:
013150544333121 refers to the phone call to me from NET on Saturday 15 August 2015 at 11:05 am confirming the Termination of the Contract (Encerrramento do Contrato). The other protocol numbers are unknown to me and hence they do not pertain to any interactions between NET and myself.
NET's email to me contained a link, which it invited me to click and follow, in order to change my account to automatic direct debit. Clicking on the link takes me to a web site that requires me to enter more personal data. Just to illustrate how dangerous it is to follow such a link in an email purporting to be from a known company, I will mention just two emails I received recently. Both looked very authentic and professionally produced.
The first was "from" a Brazilian bank call Bradesco. It gave details of a substantial outstanding debt that I owed. It said that I should follow the link to what was displayed as the bank's legitimate web address. Looking in the status bar of my browser, I could see that it was really taking me to a different address www.pwua.co/Sempre/ (IP 188.8.131.52), which appeared to be located on a GoDaddy server in Scottsdale, Arizona, USA. I clicked on the link. A very professional-looking web page appeared, which looked to me to be exactly that of the genuine Banco Bradesco in Brazil.
The page asked me to enter the number of my Agência (branch) - i.e. the sort code - followed by my account number and its check-digit. Naturally, I entered false Agência and account numbers, making sure the check digit tallied with the account number. Next, it asked me to type in my password by clicking on the appropriate keys of a displayed keyboard. Finally, it wanted my CPF. Interestingly, the first time I entered my (false) password, I was told it was incorrect. I entered the same password a second time and it was accepted. Nice touch. A good start to building an identity thief's dossier on me. None of the links on the page worked. The whole page was essentially a montage of images.
I received, almost at the same time, an email advising me to pay a fictitious debt that I "owed" another Brazilian bank Banco Santander. The server for this site had an IP address located on Christmas Island. Of course, that does not mean to say that the server was really on Christmas Island.
The universal advice and received wisdom is to ignore and delete any email that leads you to a website for any purpose relating to money or involving personal information. Such an email will almost certainly be bogus. And this is exactly what NET did with the email it sent to me. NET thereby also flagrantly disregarded the vulnerability it was placing upon me by publishing my personal details in an open email. No doubt NET finds it cheaper and more convenient to send bills by email. Obviously, this convenience outweighs the exposure to identity theft and personal damage to which this practice exposes its customers. Ironically, when I went to collect my mail today from the mailbox of my condominium building, I noticed bills from NET addressed to other residents. Obviously, they receive their bills from NET by normal post, as I would naturally expect. NET never sent any such bill to me by post. So why send a bill to me by email - a bill I was never expecting - without ever telling me that is what it had done or intended to do?
On Sunday 14 February 2016 I decided to make a new appeal to Anatel requesting reimbursement of the R$300.18 that I had paid on Monday 14 December 2015 to NET to avoid NET carrying out its threat to place my name on the Serasa Experian bad debtors list.
On Wednesday 17 February 2016 at 10:50hrs a woman called Priscila Brajato Ribeiro Elias telephoned telling me to email a copy of the paid NET invoice to firstname.lastname@example.org. During the afternoon of Thursday 18 February 2016 the same woman phoned my cell phone at work saying that my email with the attached paid invoice had not arrived. She said she would send an email to me with details of what to do. No such email ever arrived. I re-sent the my email 3 more times. The woman said she would call me again at 12:00 the next day.
19/02/2016 The woman did not call, so at 12:30 I tried calling the number of the woman registered on my cell phone. A recorded message told me that the number did not exist. The woman rang at 12:43 but I was in a bus and could not hear what she was saying. Told her to ring later. She rang later, interrupting me at work. She cited Anatel Protocolo 51667-2016 and gave NET Protocol 013150585488438 for her call to me. She said I had not paid the R$309.18. I said I had. The call ended in stalemate.
I began to wonder why I had been asked to send the paid invoice pertaining to NET to an email address pertaining to "almavivadobrasil". I did an Internet search. I found that AlmaViva do Brasil is a telemarketing company. I could find no connection between AlmaViva do Brasil and NET.
On Friday 19 February 2016 at 16:50 hrs I discovered an email from Priscila Brajato Ribeiro Elias asking for a copy of the paid invoice, which I had already sent four times. I sent it again at 17:02 hrs together with a copy of the original invoice acquired on 14 December 2015. I sent it as a REPLY to the email she sent to me, so that there could be no mistake that the address to which I sent it was correct.
By Monday 22 February 2016 I had heard nothing further from Priscila Brajato Ribeiro Elias. I therefore assumed there would be no further action on her part since, as far as she was concerned, I had not paid and therefore no money should be reimbursed. Consequently, I re-opened the complaint process on the Anatel website, explaining that I had emailed the paid invoice to Priscila Brajato Ribeiro Elias four times and that she had denied having received it. I then uploaded the paid invoice to the Anatel website to form part of the on-going process and as positive proof that I had paid the invoice.
On Saturday 27 February 2016 from 10:58-11:12hrs Kateane (she refused to give her surname) of NET telephoned me from (031)350559299 giving Protocol 013160600932492. She asked for my CPF and bank details in order to pay the R$309.18 into my current account, I gave her my bank details. She said there would be a confirmation call shortly from either herself or a colleague that the payment had been made. At 13:17 hrs I received a call from NET (0411921094200) to verify account details again. At 14:22-30 hrs I received a call from NET (0411921087777 protocol 013160601992586) asking if I had been dealt with to my satisfaction. I confirmed that I had.
On Monday 28 February 2016 received 3 emails giving times and protocol numbers as follows: 12:06 hrs Protocol No. 013160601992586; 12:08 hrs Protocol No. 013160601970046; 12:09 hrs Protocol No. 013160601970046. These emails, quite frankly, conveyed nothing whatever to me.
On Tuesday 29 February 2016 at 14:15 hrs a woman from NET rang my home from 031-3505-9299. I was at work and so she was asked to call the next day during the morning only. She did not call again.
On Thursday 03 March 2016 I saw the following entry on my bank statement extract taken from an ATM:
02/03/2016 000745 CRED TED 663,36C
Brazilian bank statements do not show who pays credits or by whom debits are received, so I have to assume it was NET since it is the only credit in the extract that I cannot account for. The amount, which is over double the R$309,18 NET owed me, was obviously the amount determined by Anatel to take into account inflation plus my efforts and the disruption caused to me by NET in this matter.
All I Ever Needed To Know
All the information I ever needed to know, about the NET service, in order to determine its suitability for my purposes, is as shown in the table on the right. If NET had made available to me, prior to "purchase" these 6 simple items of information, then I would never have taken the matter any further. But NET's sales and technical operatives simply affirmed that the NET service would fulfil all the requirements I mentioned.
|Download Speed||15 Mbps
|Upload Speed||02 Mbps
|IP Address||Dynamic IPV4
|Listening Ports||All closed
What I told NET that I wanted is as shown in the table on the left. This is essentially the service which W@y TV had been providing me with for the past 10 years. Is this information to much to ask of an internet service provider? Am I to believe - as it would appear - that this information is too complicated for their functionaries to understand?
|THE SERVICE I ASKED FOR
|Monthly Fee||R$50 to R$100
|Delivery||Coax (or ADSL)
|Download Speed||2 Mbps or greater
|Upload Speed||512 kbps or greater
|IP Address||Fixed IPV4
|Listening Ports||All open
The only possible complications are the delivery, addressing and port options, which are simply stated as follows. Delivery options: ADSL, Coax, G3, G4, WiFi. IP Address options: Fixed IPV4, Dynamic IPV4, IPV6 (fixed). Listening port options: all open; user-configurable from modem's web interface; user-configurable, except as specified; all closed.
Oi Velox 2Mbps Internet
Having found the NET service unusable, I started, on 12 August 2015, to comb through the Oi website to try and find a suitable Internet service package. It was just a Christmas tree of commercial advertisements for various packages and so-called "combos". The terminology was confusing and the only piece of useful information I could glean from each offer was the download speed and the price. Search as I might, I could find no other details.
On 13 August, I tried the Oi website's chat facility to chat with an expert. I began by saying (roughly translated) that I would like to buy the Oi-Velox 2 Mbps service but that I needed ports 21, 4662, 4665, 4672, 47862 and 57195 open for listening and to please verify that the Oi service does not block these ports. To this, the Oi expert, Evelin Araujo simply responded "OK". In hind-sight, I hope that I wasn't being too rash in assuming that the service would naturally leave all ports open for in-bound packets. Since, after her "OK" she went on to ask my postal code to verify service availability (which I had already done via the Oi website), I naturally took her "OK" as a positive answer to my question.
The rest of the chat was, for me, somewhat confusing. It was, in fact, the second chat I had made via the Oi website to try to ascertain the minimum necessary and sufficient information about the service that I would need in order to determine its suitability for my purpose prior to purchasing it. Consequently, the only way to discover this minimum necessary and sufficient information was to buy the service and hope for the best.
I made one last concerted effort, spanning two whole days, searching the user complaints blogs and those pertaining to users with some degree of technical knowledge. My most positive discovery was a blog in which a subscriber revealed his painstaking research about the Oi Velox service. He revealed that the following ports were blocked:
|21||TCP||×||FTP (File Transfer Protocol) control
|22||TCP||×||SSH (Secure SHell)
|25||TCP||×||SMTP (Simple Mail Transfer Protocol)
|53||TCP||UDP||×||Domain Name Server
|69||UDP||×||×||TFTP (Trivial File Transfer Protocol)
|80||TCP||×||HTTP (Hypertext Transfer Protocol)
|110||TCP||×||POP3 (Post Office Protocol Version 3)
|111||TCP||UDP||×||×||NFS (Unix Network File System)
|137||TCP||UDP||×||×||NETBIOS name service
|138||UDP||×||×||NETBIOS datagram service
|139||TCP||UDP||×||×||NETBIOS session service
|143||TCP||×||×||IMAP (Internet Message Access Protocol)
|161||TCP||×||SNMP (Simple Network Management Protocol)
|443||TCP||×||HTTPS (Secure Hypertext Transfer Protocol)
|445||TCP||UDP||×||×||SAMBA (Microsoft's Network File Sharing)
|1433||TCP||×||×||ms-sql-s (Microsoft SQL server)
|3128||TCP||×||×||ndl-aas Archive API server port
|3129||TCP||×||×||netport-id NetPort Discovery port
|4444||TCP||×||×||KRB524, NV Video default
†Oi-Velox Residential Service, ‡Oi-Velox Business Service.
I cannot imagine why they would want to block two unassigned ports.
Most of the above blocked ports should indeed be blocked from the Internet. This is because most of them are allocated to service dæmons which provide services whose appropriate jurisdiction lies only within the individual computer itself. A few also have appropriate jurisdiction within a local area network. Having these ports open to the Internet could leave both the LAN - and the computers connected to it - rather vulnerable to either accidental or deliberate invasion.
None of the listening ports that I absolutely need to be open, for requests arriving from the Internet, appears in the above table. Port 111 is open within my LAN for the Unix Network File System, but it doesn't need to listen to the outside Internet.
Notwithstanding, I have no option but to assume that the above-listed ports are blocked only for incoming originations (listening) and that they are open for outgoing traffic. For instance, I do need Port 25 open for out-going traffic in order to retrieve my email from my email server in the United States, which I have had for almost 15 years and through which just about everybody I have known during that period contacts me.
I now had a simple choice. On the one hand, I could decide not to subscribe to a service about which I could not obtain the minimum necessary and sufficient information for deciding whether or not it would fulfil my requirements. On the other hand, I could ignore the "buyer beware" adage and just go blindly ahead with the purchase, in the hope that all would be well after the event. Since all the large corporate ISPs in Brazil appear to be of the same ilk, the first option would leave me permanently cut off from the Internet. Since most of my work since 1963 has been in computing and telecommunications, involving the Internet and its predecessors, I would face a future in limbo. Consequently, going blindly ahead with the purchase was my only practical option.
Oi: Purchase and Installation
Saturday 15 August 2015 AM: I went to the Oi shop at Shopping Cidade in Belo Horizonte. A download speed of only 2 Mbps was the maximum Oi could provide, which seemed rather slow for this day and age. I have no idea what the upload speed will be as I could find no such information on the Oi website and nobody with such knowledge was contactable prior to purchase either in the shop or by telephone. The Oi Velox 2 Mbps service was scheduled to be installed between 08:00 and 12:00 hrs. on Tuesday 18 August 2015. At 09:35 hrs. on 17 August 2015 I received a telephone call from Vidal Matos of Oi (Protocolo 201542663063) asking if I had been treated appropriately during the purchase. The person who attended in the shop treated me well and conducted the business but had no technical knowledge whatsoever, nor access to anybody who did.
At 21:40 hrs. on Monday 17 August 2015 I suddenly found a lone PDF file on the Web which gave the download and upload speeds of the Oi Velox service I had purchased. These were: download speed: 2 Mbps, upload speed: 512 kbps. But nothing about whether or not any ports were blocked. In this document I discovered yet another piece of significant information which I could not find prior to purchase, despite asking. That was that I was allowed only up to a quota of 50 gigabytes (GB) of data traffic (up + down) per month. The old W@Y Internet service had no monthly quota limit. Notwithstanding, 50 GB seemed way more than adequate for my kind of use.
At 09:30 hrs. on Tuesday 18 August 2015, Oi telephoned saying the installer was en route (Protocolo 20151122145927). At 11:15 hrs. the Oi installer himself phoned to say he was en route. He arrived at my apartment at 12:30 hrs. He disconnected the existing Motorola RF cable modem from the router of my fully working system and connected in its place a D-Link DSL-2500E modem which he had brought.
|Input:||5V, 1A unsmoothed
My computers were, at that point, unable to access the Internet. He disconnected my computer from my router and connected it directly to the new modem. I was then able to access the Web from the browser on my computer. He said that everything was working and that there was a problem with the configuration of my router, which was not his jurisdiction.
Oi: A Sense of Having Been Deceived
I told the technician, before he went, there were 7 functionality tests I wished to conduct in order to prove to myself that everything was working properly and that the listening ports I required were open. I conducted the 7 tests. All tests passed except the last two. Although I had an HTTP server and an FTP server running on the old W@y Internet service (up until about 20 minutes before), I did not expect either of these to work with the new service. I was reluctantly resigned to that inevitability. I was satisfied because I was seeing high IDs on the eDonkey, Kademlia, Gnutella and G2 services. The installer left.
The Oi installer could not have been gone more than five minutes when the four listening ports for the eDonkey, Kademlia, Gnutella and G2 services all closed, as if automatically. My computer was now well and truly firewalled!
I had pestered, pestered and pestered prior to purchase for information regarding closed ports. But none had been forthcoming. Consequently, I am highly suspicious that Oi closed the ports on their modem remotely via the TR-069 protocol as soon as they knew the installer had left. I cannot think of any other reason why they should be open when he was here and then close soon after he left. I remained extremely angry about being firewalled after the event in this apparently very under-handed manner.
Oi: Listening Ports Test
To double-check the situation, I firstly lowered the firewall on my computer. I then closed, waited two minutes and then re-started the eDonkey, Kademlia, Gnutella and G2 programs. I then used a remote Web-based open port checker to test if those ports could be pinged from the outside world. All four ports timed out with no response. My listening ports were indeed being blocked somewhere between the open port checking service and my computer.
I then tried using a range of alternative listening ports appropriate for each service. Same results. It appeared that all unsolicited incoming packets were being universally blocked. It didn't seem to be just some listening ports being blocked: it seemed to be a case of all listening ports being blocked indiscriminately. Thus the final results of my tests, both for the old W@y Internet service and the new Oi Internet service (which replaced it), were as shown below.
|Pass||Pass||client HTTP access via Web browser
|Pass||Pass||client SMTP/POP3 Email access via Thunderbird
|Pass||Pass||client FTP access to my hosted web space
|Pass||Fail||High ID access to eDonkey/Kademlia
|Pass||Fail||High ID access to Gnutella/G2
I have no way of re-configuring the modem to open the four ports I require. Oi did not provide me with a name and password with which to enter the modem's configuration facility. They did not even leave me a user guide, let alone a user manual. Besides, I expect that if I were successful in hacking my way in to the modem's configuration facility, Oi would automatically re-close the listening ports concerned by TR-069 remote configuration.
"Based on scans of the Internet Protocol version 4 address space, the 7547 port, which is associated with TR-069, is the second most frequently encountered service port after port 80 (HTTP), ..."
PC World April 10, 2014 6:45 AM
So it would seem that a lot of use is made of TR-069.
Reconfiguring The Router
I reconnected my computer to the router as it had been before changing over to the new Oi Internet service. I connected the router to the D-Link modem, which the technician had installed. I switched on my computer and also another one which was also connected to the LAN. Neither computer was able to access the Internet. I logged in to the router's configuration facility via my computer's web browser. There I noticed that the modem had the same fixed IP address (192.168.1.1) as the router. In this situation they obviously could not communicate.
Not having been given the user name and password of the modem's configuration facility, I could not reconfigure the customer-side address of the modem. To have been able to do this simple thing would have saved me an awful lot of work. I therefore had to change the base of the router's address space. I changed it to 192.168.2.1. This precipitated quite a large collateral workload. It meant I had to change the fixed IP addresses of all the three main computers on my LAN from 192.168.1.XXX to 192.168.2.XXX. I also had to update these addresses in the NFS, LAN scanner, and LAN printer configuration files and edit the NFS entry in the fstab file, which was no small task.
I also had to clone my computers MAC address into the router because it appeared that the Oi service uses MAC addressing to authenticate a connection. And it registers the MAC address of the first device to be connected to the modem, which was my computer: not the router. After a couple of hours of concentrated effort I managed to get the Oi modem working through the router with all the computers on the LAN. But, of course, all listening ports were still closed.
At 16:05 hrs. on 19 Aug 2015 I received a call from Oi about configuring the modem. The telephone line was so distorted and the background so noisy that it was difficult for me to make any sense of what was being said, but it seemed the person wanted to know all kinds of bureaucratic details about me. I told the person to call again tomorrow morning when somebody with a far better command of Portuguese would be here, who would be far better able to make sense of what was being said in such circumstances.
At 17:15 on 19 Aug 2015 my Internet connection went down. My browser did not seem to be able to access a DNS. At 18:38 hrs. I decided to try re-booting the modem. It worked. I was back on line. I felt disturbed that the modem had hung like that.
At 10:15 am on Thursday 20 August 2015 I called Oi's technical support service. I was attended by a person called Isaias (protocolo 20151123324432). I asked him why all the listening ports were closed on my service and that I required at least ports 4662, 4665, 4672, 47862, 57195 open. I even explained why I needed the ports to be open. Isaias responded that I already had the maximum velocity available at my premises and that it could not be increased. Clearly he had no idea what I was talking about. He did not even seem to understand what ports were. It seemed plain that I was not going to get any meaningful help from Oi. With regard to the problem of closed ports, it seemed, I was well and truly on my own.
At 09:35 hrs. on 24 August 2015 I received a strange telephone call from a woman who first said she was from UOL (Universo Online, a Web content, products and services provider whom I had never contacted). The woman then corrected herself, saying she was from Oi. I asked her for a protocol number. She hung up.
Where Does The Blocking Occur?
The D-Link DSL-2500E modem, as installed by the Oi technician arrived in a box pertaining to a different make and model of modem: a Sagemcom 2704N. No user manual or installation guide of any kind was supplied. I did a little research on the D-Link DSL-2500E modem and discovered that it was referred to as a "Modem/Router". This seemed a bit strange since it has only one RJ11 port on the Internet side and only one RJ45 port on the user side. I surmised that the "router" aspect of this device must be solely concerned with the control of data flow: in other words, it had a firewall. My home installation had thus become as follows.
The only change to my home installation was that the W@y Internet RF modem had been replaced by the Oi modem/router, as shown above. My catastrophic problem with closed ports could therefore only have one or both of two causes:
- The ISP (Oi) was blocking all listening ports remotely, or
- The modem/router's firewall was blocking them locally.
In the first case, the blocking would undoubtedly be occurring within the ISP's local Distribution Router (shown as a yellow square in the following diagram). I very much doubt that Internet Backbone Routers (shown as green circles) would engage in any form of port blocking.
If port blocking were effected within the ISP's local Distribution Router, I would expect it to be similar to what is shown in the above Port Blocking Table. I would not expect a local Distribution Router to block all unsolicited incoming IP packets (i.e. to implement the total blocking of listening ports).
The blocking of unsolicited incoming IP packets begs the question as to where (at what point in the network) my monthly traffic quota is measured. Is it measured within the ISP's Modem or the ISP's local Distribution Router? I would expect it to be measured in the Distribution Router. More significantly, do my monthly traffic quota measurements include or exclude the blocked unsolicited incoming packets, which of course I do not receive? Am I being effectively charged for the data the ISP is blocking from me contrary to my wishes?
I could do nothing about any blocking which may or may not be taking place within the ISP's local Distribution Router. I could only hope that the blocking was taking place within the DSL-2500E Modem/Router installed at my premises. I therefore decided to try to reconfigure the "modem/router" locally.
Trying to Open The Modem's Firewall
Before trying to re-configure the modem's firewall, it is necessary to be certain of exactly who is who regarding IP addresses. The LAN-side address of my router and the LAN addresses of my 3 computers are all fixed. With the old W@y Internet using the Motorola RF modem, the router's LAN-side address was 192.168.1.1 and the local addresses of my 3 computers were 192.168.1.100, 192.168.1.102 and 192.168.1.104. The reason for the computer addresses being in steps of 2 (100, 102, 104) is because each computer also had a provisional wireless address (101, 103, 105 respectively). The Oi modem uses the fixed Outer LAN-side address of 192.168.1.1. So I had to change the router's fixed address on the Inner LAN to 192.168.2.1. This required that the 3 computers' addresses had to be changed to 192.168.2.100, 192.168.2.102, 192.168.2.104, as shown in the following diagram.
The addresses shown in green are dynamically-allocated. The router's Outer "LAN" address is allocated dynamically by the modem. However, since the router is the only device to which the modem connects on its "LAN" side, this address is always likely to be the same. It can therefore be regarded as fixed. The modem connects to the ISP's Gateway, which runs within the ISP's Distribution Router. Its address should not vary. The modem's WAN-side IP address is dynamic, being allocated by the ISP's Gateway each time the modem re-connects to the Gateway.
This arrangement gave me the following single address-space on the customer side (my side) of the DSL-2500E modem, as shown on the right. Other devices should be able to connect to my Inner LAN from time to time via dynamically allocated IP addresses from 192.168.2.106 onwards.
Each device should be able to address any of the other devices within the combined Inner and Outer LANs. Thus, I should now be able to address the Oi modem from my computer by entering its address 192.168.1.1 into my browser. It should also mean that, conversely, the Oi modem should be able to "see" my computer as 192.168.2.100.
The technician gave me no instructions on how to use or configure the modem. I was not even supplied with a user-name, a password or the web address for accessing the modem's configuration facility. Happily, I discovered that, unlike NET's RCA modem, the Oi D-Link modem/router has a browser-based configuration interface. So at 07:00hrs. on Thursday 20 August 2015 I decided to try to re-configure the Oi modem myself.
Hoping that Oi had not changed the ubiquitous factory defaults, I entered the modem's LAN-side IP address 192.168.1.1 into my browser's address field and hit RETURN. A dialogue box appeared asking for my user-name and password. I entered the word "admin" for both the user-name and the password, then clicked the OK-button. The modem's Status Page appeared as shown on the left. Please click on the image for an enlarged view. I looked next at the LAN-setup page. I did not need to alter anything here. Everything on this page was set up correctly already. It seemed that the "Advanced" tab was the one I needed for opening the listening ports.
With precisely-configured firewalls in my TP-Link router and all 3 computers, all I really wanted to do was simply disable completely the firewall inside the new D-Link modem/router. I just wanted it to pass everything unhindered to my router exactly as W@y Internet's Motorola RF cable modem had done. But of course it was never going to be that simple.
1) Access Control List
The first item on the side menu of the Advanced page is the Access Control List. The instruction at the top of this page reads: "You can specify what services are accessible form LAN or WAN parts. Entries in this ACL table are used to permit certain types of data packets from your local network or Internet network to the Gateway. Using of such access control can be helpful in securing or restricting the Gateway managment."[sic]. This wording is, to me, confusing. It is said to be a table of permissions, which is useful to control or restrict.
My best guess from the last sentence quoted above is that this Access Control List is a list of places (computers) from which a person may have control over the re-configuration of the modem. I see that there is already an entry in the table at the bottom for anybody on the WAN (Internet) side of the modem to modify its configuration but none for the LAN (my) side. I therefore set the radio button to enable LAN control, entering an IP address of 0.0.0.0 to signify that any computer on my LAN could be used to re-configure the modem. I was still left confused as to how this entry enabled me to "manage the Gateway" from the LAN.
The WAN (Internet) side seemed even more problematic. Initially, I found that only pings were permitted (accepted by the gateway) from the Internet side. I had the option of allowing Web, Telnet, FTP, TFTP, SNMP and ping to pass through the gateway. I ticked them all. But, I wondered, what about other services, which are not on the list, that I may wish to use from the Internet? Am I being forbidden to use them? I am - and remain - bewildered as to what these entries really mean and what will be their resulting effect.
The next item on the menu is Port Triggering. Setting up server applications to trigger a port every so often to keep another listening port open is always problematic. Besides, I would need to know the dwell time for a port remaining open. This is a time interval set somewhere within the gateway, which I have no idea how to find. I therefore decided to leave Port Triggering alone.
2) The DMZ Option
It would appear, in this context, that DMZ stands for "Demilitarized Zone". The information note at the top of the form reads:
"A Demilitarized Zone is used to provide Internet services without sacrificing unauthorized access to its local private network. Typically, the DMZ host contains devices accessible to Internet traffic, such as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers."
I wish to serve my essays via aMule, Gnutella and G2. I would like also to make them available via HTTP and FTP, as I did via the old W@y Internet service. However, to do this, I would again need a fixed IP address, which this new service does not provide. Notwithstanding, a DMZ would seem to be what I need to permit Internet users to access my shared files via aMule and Gnutella/G2, with the ability also to use Kademlia to search for the subject matter covered by my essays.
All I had to do was to enter the LAN-side IP address of the demilitarized zone. I am not sure whether I should enter the address of my computer running the servers 192.168.2.100 or the address of the WAN side of my LAN router 192.168.1.2.
The situation is not at all clear. Arbitrarily, I opted for my computer, since the modem should be aware of my computer on the Inner LAN. Notwithstanding, the whole notion of what exactly they mean by a Demilitarized Zone remains a mass of confusion. All I want to do is forward the blasted listening ports!
3) IP Port Filtering Options
I selected the Filtering Options item on the Advanced Menu and the page I saw looked ominous. The first thing to catch my eye was a two-line section at the top subtitled DEFAULT ACTION STATUS. The two lines were as follows.
|Outgoing Default Action: ||◉ Permit ||◌ Deny
|Incoming Default Action: ||◌ Permit ||◉ Deny
The big problem with this is that the radio buttons were grey, meaning that I could not alter their settings. To alter these, I suspect that I would have to enter the configuration program using some kind of superuser password, which I did not have. I felt at this stage that I had well and truly come up against a brick firewall. It gave me the impression that this setting caused all unsolicited incoming request packets to be blocked by default. And this is 100% consistent with what is actually happening.
Nevertheless, I lived in hope that perhaps the Rule Configuration section below could be made to somehow temper the out and out denial of unsolicited incoming packets set in stone by the Default Action Status section above it. The note at the top of this page reads: "Entries in this table are used to restrict certain types of data packets from your local network to Internet through the Gateway. Use of such filters can be helpful in securing or restricting your local network." I presume that "restrict" refers to the option to deny passage to all unsolicited incoming packets, as set by the lower greyed radio button.
I therefore attempted to set up rules to allow through the unsolicited incoming packets which I wanted, namely, all of them. The entry form had radio buttons to permit or deny, which I presume operated in opposition to the way the Default Action radio buttons operated. In other words, I assumed I could create rules which would allow at least part of what was denied by the Default Action radio button for incoming packets. So I set the rule action to "Permit". The next task is to select which direction to "permit": Upstream or Downstream. Does "Downstream" mean "Incoming" and "Upstream" mean "Outgoing", or am I missing something here? To try make the gateway permit everything both ways, I set up a rule as follows.
Permit everything from my gateway 192.168.1.1
to my computer 192.168.2.100 to travel "Downstream".
I really don't know whether this rules make sense or not but since I have no way of Permitting incoming packets universally, what else can I do? I strongly suspect that rules entered on this page can only restrict what is universally permitted by the greyed-out radio buttons under the DEFAULT ACTION STATUS sub-heading but cannot be used to permit, in part, what has been universally denied by the greyed-out radio buttons. If this be so, all unsolicited incoming packets will be denied passage through the gateway from the Internet to my LAN and there is nothing I can do to change this.
I further suspect that the current settings of the DEFAULT ACTION STATUS radio buttons was set remotely by Oi engineers via the TR-069 facility as soon as they knew that the installation technician had left my premises.
The following menu option was URL block. I have no interest in blocking anything. I simply want to get this confounded gateway open. The next option on the menu is Denial Of Service Settings. Service cannot be denied when it isn't even working yet. So I'll pass this one for now. The next item on the menu is for setting the IPV4 and IPV6 Domain Name Servers. These are already set to automatic, so I'll leave them. The next item was Software Tools. All were disabled and no specific Internet services were forbidden. The next item is Routing. No static routes were set and I don't need any.
4) NAT Virtual Server
The necessary and sufficient information needed to specify a listening port to be forwarded to a computer on the LAN from the Internet is as follows:
- The name of the relevant server running on my main computer
- The number of the port on which it is listening
- The LAN IP address of the computer on which it is running
- The TCP/IP protocol for which the server is listening
One would rightly assume that the source of the packets being listened for arriving from the modem would come from the WAN interface as specified elsewhere.
The only sub-page under the "Advanced" tab on which I found an in-fill form for this kind of information was the "NAT Virtual Server" form, as shown on the left. At the top of the form was written: "The page allow you to config virtual server,so others can access the server through the Gateway"[sic]. Please click on the image for an enlarged view.
NAT stands for Network Address Translation. It is a method by which the Internet address of your router (say 184.108.40.206) is translated into the LAN address of your computer (say 192.168.2.100). This makes your LAN computer appear, to computers on the outside Internet, to have your router's Internet address; but only as regards data transactions taking place on particular ports at a particular time.
The wording on the above page assumes a certain context. For instance, am I right in assuming that the "others" are computers in the outside world. That is: not on my LAN but on the external Internet. I shall assume so. I fail to see why I need to specify anything about the WAN interface here as no other option is possible. I can't forward ports from anywhere other than the established Internet connection. Notwithstanding, the form does contain fields for the four essentials listed above.
I therefore entered the details for each of the ports that I needed to forward to the servers on my computer. There was no option for selecting both the TCP and the UPD protocols in a single entry for a single port. It was therefore necessary to make an entry for each port-protocol combination. The entries I made are as shown in the screen-shot on the right. I selected the "Maintenance" tab and committed the changes to the modem's system memory. I rebooted the modem.
I closed and re-started my servers. They were all still well and truly firewalled. Their listening ports could not be seen from the outside world. The modem re-configuration that I had done had changed nothing.
5) NAT Forwarding
Of the list of NAT sub-options, the next most likely cause of my LAN being firewalled seemed to be "NAT-forwarding". At the top of the form is written: "Entries in this table allow you to automatically redirect common network services to a specific machine behind the NAT firewall. These settings are only necessary if you wish to host some sort of server like a web server or mail server on the private local network behind your Gateway's NAT firewall."
Although it is not unambiguously clear to me, I think this means that this facility allows me to direct requests coming in from the outside world (i.e. emanating from the Internet) to server dæmons running on a particular computer on my LAN. The wording does, however, leave me in doubt as to what is meant by "Local" and what is meant by "Remote" with regard to IP addresses.
The Local IP address could mean that of the computer 192.168.2.100 running the servers on my LAN. After all, it is what I can reasonably think of as a local machine. If so, perhaps the Remote address is that of the gateway 192.168.1.1 in that it effectively represents to computer 192.168.2.100 all the computers out there in Internet land. However, the Remote address could also be the indeterminate address 0.0.0.0 of all the computers out there in Internet land. On the other hand, "Local" could mean the address of the gateway 192.168.1.1 because it is the machine (within the modem) on which I am entering this information. In this case, the Remote address must be that of computer 192.168.2.100 running the servers on my LAN.
Computer 192.168.2.100 must be mentioned. The configuration program accepts 192.168.2.100 as either Local or Remote. If it is Remote then 0.0.0.0 must be Local. This could mean that the gateway (the machine I am messing with) is the local machine representing the indeterminate address of whatever computer out there in Internet land is making the request. On the other hand, if 192.168.2.100 is deemed to be Local, being on the Local Area Network, the Remote address must be 192.168.1.1, that of the gateway. I decided to opt for the latter †. I deleted the top two entries in the table. But try as I might, the configuration program flatly refused to delete the final entry shown in the table. So I deleted the next to last one and opted finally for the third version ‡.
Of course, this confusing situation could have been made crystal clear by using about 50% more properly constructed wording. In the end, I simply had to take a chance. Needless to say, after passing these changes to the modem's system memory and re-booting everything, I was still firewalled.
6) Port Forwarding
Port forwarding is really what I want to do. It is what I have been trying to do all along. It was an utter mystery to me as to why I could not find a Port Forwarding option anywhere within the configuration facility of this modem. However, a little more Internet research eventually revealed why I could not find it. I saw that the generic version of the D-Link DSL-2500E modem configuration had a Port Forwarding option in its side menu under the Advanced tag, as seen below.
This option was not present in the Oi version of the modem's firmware. Oi had intentionally and deliberately removed the facility for forwarding ports. All were blocked without any means for the user to unblock any. Oi's salespeople had straightly lied to me about all ports being open. They knew perfectly well that they had all been intentionally and permanently closed.
7) Channel Configuration
My quest all along has been simply to get back what I had before with the old W@y Internet service. In other words, I want what is effectively a dumb modem, which does nothing to the IP packets passing through it. In this case, the IP addresses at the various points in the local network would be as shown below.
The WAN interface of my router would then, as before, have the IP address allocated to it directly by the ISP's Distribution Router's gateway software. The modem's LAN-ward IP address would be the same as it was and would be solely for accessing its configuration facility from a computer on my LAN.
The obvious way to achieve this seemed to me to be to somehow disable the modem's mechanism for translating IP addresses from its WAN-side and its "LAN"-side (between the modem and my router). The mechanism that expedites this translation is the Network Address & Port Translator (NAPT). It seemed sensible that this should be what I need to disable. The only place where I can apparently do this is on the Channel Configuration, as shown on the right. Please click on the image for a large readable view. I simply had to change NAPT in the table at the bottom from "On" to "Off". I therefore noted all the settings in the bottom table then deleted it. I then entered the same details into the entry fields.
However, before clicking the ADD button to create the new table entry, I unticked the NAPT box, which had been automatically ticked by default. After adding the new table line, I went to the MAINTENANCE page and saved the changes. I then switched everything off - computer, router, modem - for a few minutes. I then powered up from a cold start and left the system for half an hour to give the modem plenty of time to synchronize with the ISP's service.
And guess what: it didn't work. The modem refused simply to pass untranslated IP addresses to my router. I have never, in all the 52 years since I entered the computer and telecommunications industry in 1963, had such trouble with configuring a communications device. For this reason, I think that the generic firmware of the modem must have been modified at source and rebuilt (re-compiled) by or at the request of this ISP, to the specific end of ensuring that no unsolicited incoming IP packet can be passed to the LAN-side.
Without the source code of the modem's firmware, I can do nothing more.
Sting in The Tail
Oi had informed me that my original contract for the old cable service would end on 18 August 2015 and that I would need to sign up to the new service under a different contract. This could be done either on-line or at the Oi shop in the city centre. I looked on-line and discovered that the only service available to me at my address was the 2 Mbps ADSL service, the advertisement for which, as it appeared on Oi's website, is shown on the left. This box-ad was the only information available about the service prior to signing up to purchase it. I decided to buy from the Oi shop in the city, where the salesperson showed me the same box-ad in the Oi brochure. I assumed that "MEGA" meant "megabits per second". I signed an order form for the service, which contained nothing about price. I reasonably assumed that the price for the service was as stated in the box-ad, which I had been shown by the salesperson and from which I chose the service.
Only 18 days after the installation of this ridiculous Internet service, the first bill arrived. What a surprise. Or perhaps it wasn't a surprise really, knowing Oi.
|Monthly Charge||01/08 a 31/08||87,74
|Discount 1 (16/07-31/10)||01/08 a 31/08||-7,84
|Discount 2 (26/03-25/06)||01/08 a 31/08||-17,55
|Interruption of service||01/07 a 31/07||-0,08
|CABLE TV SERVICE||
|Monthly Charge||01/08 a 31/08||79,20
|Promotional Discount||01/08 a 31/08||-3,24
Oi had said that the contract for the cable TV service would terminate automatically on 18 August 2015. I have been charged for the whole month of August and it looks as if they haven't terminated it at all. Of course, I expected some adjustment for the use of the old service up until 18 August 2015. Notwithstanding, the charges shown on the bill far exceed the amount of such an adjustment.
More significantly, however, the new Internet service was sold to me at R$49,90 per month. No mention of any temporariness to this price at the time of purchase. How do they possibly arrive at the monthly price of R$87,74, which is 76% higher? The creativity of conniving accountants and lawyers, who have probably placed all kinds of trap clauses in the terms and conditions of the contract, which was nowhere available prior to purchase and a copy of which I have so far been unable to obtain.
Looking at the contract number on the bill, I see that it is the same as it was before, namely, 50627284. The original Way TV/Internet contract, which I entered into on 19 October 2004, was 00627284. It appears that, when Oi took over W@y, Oi simply changed the first zero into a 5 to distinguish the old W@y contract numbers from its own contract numbers. It would seem, therefore, that no new contract has been enacted. Consequently, it would appear that, as far as Oi is concerned, nothing has changed other than to substitute an inferior Internet "service" for the good one I had for the past 11 years.
The upshot is that Oi appears to have lied to me at every turn. It is therefore little wonder that Oi seems to be enveloped by a swarm of dubious characters of every kind, who have been pestering me throughout, offering bogus service contracts. These third parties attempt to inveigle out of me every kind of personal information, including name, address, postal code, tax number, credit card and bank account details, purportedly "for reference". Where do these people get the information that I am having a new installation. There is only one possible source, namely, Oi.
The Oi Cable Television Service
In the light of all this trouble with the Internet service, I decided not to have Oi's satellite TV service. I cancelled the television element of the Oi contract on 27 August 2015. It was a memorable phone call.
The Oi telephone operative said that, because I had exceeded the 18 August deadline, the television service could not now be cancelled until the parabolic dish for the new satellite service had been installed. Why, I ask myself, would Oi go to the expense of installing a parabolic dish on the roof of my building when it knew I would cancel the service immediately it was installed? I later discovered that the terms of the new service stated that, once the new satellite system was installed, there was a minimum period of 12 months before cancellation would be possible. I stated that I had had the contract for 11 years and could cancel it at any time at a month's notice.
The Oi operative then embarked upon a furore of shouting and railing, saying that the service was under a new contract which had a 12 month minimum period. When asked the number of the new contract, of which I had no prior sight or knowledge, the operative replied that it was 21941048. I made an enquiry via the Oi website, stating that my contract number was 21941048. Oi's server replied that no contract existed under that number. I raised my voice above the Oi operative's shouting, saying that I was hereby cancelling the Oi television service. The Oi operative continued with his shouting and railing. I simply hung up.
Currently the old cable TV service seems to be continuing - and being charged for - as before. Judging from the bill, it would seem that this was set to continue indefinitely.
On 22 October 2015 a woman (purporting to be from Oi) telephoned me
asking when would be a convenient time to collect the old set-top box [General Instruments CFT 2200 + remote controller] and the old modem [Motorola Surfboard SB5101 + power unit]. I told her tomorrow morning would be fine. She said a technician would collect these items between 08:30 and 12:30 on Friday 23 October 2015. No protocol number was given for the collection. I gathered the items and put them together on the table ready for collection. The technician never showed up. As of 25 January 2016, Oi has never collected the old devices.
Up to this time, the television service was still being delivered via the coaxial cable, although the cable Internet service signals had long since disappeared. It is two months and 6 days after Oi said the cable service would be terminated. My bill from Oi, issued on 03 October 2015, charged for television service for the entire month of October. Perhaps the technician had reason not to show up. If he had then taken the equipment on Friday 23 October 2015, the charges on the bill for the rest of October could not be justified because, without the set-top box, I would not be physically able to receive the Oi cable television service. Oi gave no Número de Protocolo for my cancellation call of 27 August 2015. Consequently, there is no official Oi record that my call had taken place. However, the charges for the whole of the month of October are visibly recorded on my bill, which is in my possession and is irrefutable.
In the evening of Sunday 01 November 2015 at about 20:50 hrs, I switched on the television to see if the Oi cable TV service was still there. It was, but without all the subscription channels. Only the free channels were available, which are available anyway from the terrestrial antenna. However, at 22:15 hrs, the programme disappeared and was replaced by a message saying that my decoder had been deactivated. I shall wait and see whether or not the charges reflect the cessation of service at this date and time.
Having completed all this work to effect the change over to their new service, where am I now? I am still able to view Web pages, although I don't do much Web-browsing. I could view Web-based videos but this is not something that interests me. I am still able to send and receive emails through my email client. I am still able to maintain my hosted website via passive FTP. I am able to maintain my cloud storage. But not much else.
My LAN is still completely firewalled against incoming requests. Consequently, as of a few hours after the old W@y Internet service ceased, my articles and essays are no longer available to my friends, colleagues - and other interested people around the world - even though this activity generates no more than 5 megabytes or so per day of Internet traffic from my computer. Oi has thus shut me down, shut me up and gagged me!
The up and down velocities of the new Oi service are exactly the same as the old discontinued W@y Internet service, except that the latter was completely open. If Oi is worried about too much traffic being generated by my servers, its technicians can always use throttle-back routines to slow it down, should it veer over the prescribed limit. The old W@y Internet service did exactly this. Another way an ISP could achieve the same thing is to impose a (hopefully reasonable) monthly data transfer quota of so many gigabytes (GB).
Please note that 5 megabytes (5242880 bits) per day, which my servers generate on average, is equivalent to a constant upload speed of just over 60 bits per second, which is 1/8640th of the maximum permitted upload speed. So Oi has no reason to block my ports on that basis.
Before the event of purchase, Oi lied to me each time when I asked repeatedly for verification that the incoming ports I required would be open to my computer. Immediately after installation, I tested the ports in two ways.
- I used a remote port testing site, which saw all the required ports as open.
- I ran the relevant programs, which both saw all the required ports as open.
The installation technician asked me if the service was functioning as I wanted it. I answered that it was, and signed his form to this effect. Less than 5 minutes after the technician left, the ports closed. And they remained closed.
The situation I am now in is like subscribing to a telephone service through which I can make out-going calls to other people but can never receive calls from anybody. All the other subscribers are in the same situation. Consequently, the only way they can communicate with each other is by leaving recorded messages at a central voice mail facility, run by the service provider, where they could be potentially scrutinized. To receive messages, each subscriber must periodically ring in to his voice mail box. Subscribers are unable ever to engage in direct person-to-person calls.
By blocking listening ports contrary to a customer's wishes, Oi too is violating the Suggested Practices of the Broadband Internet Technical Advisory Group, the emboldened heading statements of which are repeated below.
- ISPs should avoid port blocking unless they have no reasonable alternatives available for preventing unwanted traffic and protecting users.
- ISPs that can reasonably provide to their users opt-out provisions or exceptions to their port blocking policies should do so.
- ISPs should publicly disclose their port blocking policies.
- ISPs should make communications channels available for feedback about port blocking policies.
- ISPs should revisit their port blocking policies on a regular basis and reassess whether the threats that required the port blocking rules continue to be relevant.
- Port blocking (or firewall) rules of consumers’ devices should be user-configurable.
I cannot find any reference to ports (portas in Portuguese) in any of the following documents (at least, this is the case at the time of writing):
Consequently, since the original W@y service, which Oi had taken over, had ports open, I think it reasonable that I should assume that the replacement service should also have ports open. But clearly this is not the case. It would seem therefore, at least to me, that the closing of all ports is a covert action, which Oi has taken unilaterally.
Sadly, because of the terms of the Oi contract, I will be imprisoned in this situation for a full 12 months. What Oi is offering is not really an Internet service: it is, for the most part, merely a Web access service. So it's function is misstated. Notwithstanding, it would appear that, for Internet services, I have run out of choices. There are only 3 possible ISPs who can provide a service to my premises. Two of them block all incoming request packets, which leaves only one more, which I shall come to later.
Appeal to Anatel
I found it impossible to break or circumvent Oi's impervious wall of ignorance and lies. The lies, of course are understandable. Oi is a commercial corporation. I do, however, find Oi's apparent technical ignorance more difficult to swallow. It is inconceivable to me that a nation-wide telecommunications company like Oi could contain nobody who understood what closed listening ports were. After all, Oi must have deliberately and specifically closed them. It cannot have been the work of anybody else. I must conclude, therefore, that the technical ignorance exhibited by Oi must be feigned ignorance. In other words, it's yet another lie.
This raises the question of what Oi's motive could be feigning technical ignorance about closed listening ports. That it is their full intention to block my listening ports is well evinced by the fact that, by apparently modifying the DSL-2500E modem's normal firmware, Oi has denied me access to the specific parts of the modem's configuration facility necessary for liberating the listening ports.
I therefore had to find another avenue through which to try to resolve my problem of blocked listening ports.
Scouring the Web, I quickly discovered that others have this same problem with Oi's violation of the Suggested Practices of the Broadband Internet Technical Advisory Group by blocking listening ports contrary to users' wishes. Registering a complaint here may help a little but I doubt very much whether it will resolve the problem. I needed to make my complaint official.
The official place to complain about ISP services in Brazil is the "Agência Nacional de Telecomunicações" (Anatel). This is the Brazilian government's Communications Regulator, which is the counterpart of the Federal Communications Commission (FCC) in the United States and the Office of Telecommunications (Oftel) in the United Kingdom.
To register a complaint with Anatel, it is necessary to fill in the fields of Anatel's Web-based compaints form. At the end of the form an option is provided for attaching a PDF document. I therefore decided to prepare my case off-line as a PDF file ready to attach when I registered my complaint on-line.
I prepared my complaint, which is a précis of selected parts of this essay, and submitted it to Anatel on 26 August 2015.
The response was very fast. At 18:17 hrs. on 27 August 2015, Oi rang from 02132651100 (Rio de Janeiro) giving Protocol 20151126739278. The woman was very polite, saying that Anatel had contacted Oi about my closed ports, that this situation was not just and that it was an oversight on the part of Oi. She asked for a time and date for a technician to come and rectify the problem. I arranged for the technician to come between 08:00 and 12:00 hrs. on the following day (28 August 2015) to re-configure the modem so that the necessary incoming (listening) ports would be open.
The Oi technician arrived at 08:15 and left at 10:15 hrs. on Friday 28 August 2015. He resolved nothing. In fact, he left us without access to the Internet at all. Fortunately, I was able to regain the same limited service I had before he came by unplugging the modem from its power supply and re-connecting its power supply a couple of minutes later. I have had to go through this procedure several times during the time since the new service was installed at 11:15 hrs. on Tuesday 18 August 2015 [10 days before].
I first demonstrated for the technician the settings of the two radio buttons on the modem's DEFAULT ACTION STATUS screen as shown below.
|Outgoing Default Action: ||◉ Permit ||◌ Deny
|Incoming Default Action: ||◌ Permit ||◉ Deny
I told him that I did not have the necessary level of access to the modem's configuration facility to change this setting to set the "Incoming Default Action" to "Permit".
I also showed him the Internet Configuration page as shown on the right. Please click on image for an enlarged view. This shows the NAPT (Network Address & Port Translation) disabled. Again, I told him that I did not have the necessary level of access to the modem's configuration facility to change this setting either. Consequently, my servers could not receive unsolicited incoming request packets from people wanting to search or download my essays. This was all apparently new to him. He made a long telephone call (presumably to his superior) about what I had told him. The technician reset the modem's configuration using a tooth-pick. He connected my computer directly to the modem (bypassing my router).
He could access nothing. This is because my computer has a fixed IP on the LAN, which the modem would not accept. He messed about with my computer trying to access the Internet through the Firefox browser. He could access nothing. My computer clearly was unable to find a DNS. He then got his laptop from his van and plugged it into the modem. He managed to access his employer's website. Obviously, his laptop was set to auto-discovery mode for DNS. He appeared to use this website to conduct a diagnostic test on the modem. He said that the modem was faulty. He installed another modem. He tested it with his laptop and managed to accesses a website to test the download speed. He said that the download speed was above the 2 Mbps contracted and that, as far as he was concerned, the service was working and that the problem was with my computers and router. He said there was nothing else that he could do, or was obliged to do. Having spent two hours messing about, he left having achieved nothing.
He repeatedly emphasised that opening and closing ports was entirely to do with my router, which was outside his jurisdiction. He clearly knew practically nothing about configuring the gateway within the modem or even what ports were. I was back where I started. My appeal to Anatel had achieved nothing. It seems that this technically simple problem is commercially unresolvable.
Subsequent Connection Problems
Ever since the beginning, on 17 August 2015, this service had been problematic. It would frequently refuse to access the Internet for long periods. The only way to get it to work was to switch off the modem, wait a few minutes then switch it on again. This had to be done repeatedly until it worked. During 02 September 2015, after only 16 days of so-called "use" of the service, it became ever more difficult to access the Internet. Finally, at about 22:00 hrs. it became impossible to access anything at all. The service had been effectively locked. I continued trying the next morning all to no avail. I had tried everything: unplugging all the cables and re-connecting them, connecting my computer directly to the modem thus bypassing my router, changing my computer's network configuration from fixed LAN addresses to DHCP automatic discovery. Nothing worked.
Finally I called the Oi help line on telephone number 103-31. I made the first call before 07:30 hrs. on 03 September 2015, Protocolo 201511298819497. The person attending could not resolve the problem. She said she would pass my call to another technician. I was kept hanging on the line for over 20 minutes. I hung up (terminated the call). I called the same number 103-31 again at 07:55 hrs., Protocolo 20151129826694. The person attending this time seemed more knowledgeable. She asked me to access the modem configuration wizard at IP address 192.168.1.1/wizardoi and to enter usuário [user name] oi@oi and senha [password] oioi. The modem went through an automatic configuration process to open my Oi Internet service account. I was then able to access web pages. I reconnected my computer through the router and re-tested. Thus, at 08:25 hrs. when the telephone call to Oi terminated, the computers could once again access web pages on the outside Internet.
From this it would seem that, although I have been billed for this service from 17 August 2015, my Oi Internet connection was only registered at 08:25 on 03 September 2015. Of course, all ports are still closed to all unsolicited incoming IP packets, which renders the service of little practical use to me.
After 24 days of this ordeal, I am tired and stressed. I must now embark on a phase of recognition and acceptance that for me a complete basic Internet service is unobtainable in Brazil. I will have to get used to the idea that I will now have to pass my essays to somebody in a free country to serve onto the Internet for me.
The Old and The New
Oi has replaced a service, provided through what it describes as antiquated technology (RF cable), by a "better" service provided through new "more advanced" technology (ADSL). Below is a side-by-side comparison of the old W@y Internet cable service with the new Oi ADSL service.
|W@y Internet||Oi Internet||NET
|Link||RF Coax||ADSL||RF Coax
|Modem||Motorola SB5101||D-Link DSL-2500E||RCA DHG534B
|Speed: incoming||2 Mbps||2 Mbps||15 Mbps
|outgoing||512 kbps||512 kbps||2 Mbps
|Ports†||UNRESTRICTED||ALL BLOCKED||ALL BLOCKED
|Length of Service||11 years||"18" Days||1 Day
|Quality of Service||No complaints||Problematic*||Failed Ports Tests
† for the reception of unsolicited incoming IP packets
‡ actual monthly subscription charges for the service
*Frequent authentication failures which are difficult and
time-consuming to resolve, plus
complete service failure every time it rains.
The price quoted for the old W@y Internet service is no longer meaningful because it was quoted 11 years ago. The discounted price is the amount actually charged. It seems to be arrived at through a battery of incomprehensible discounts. Notwithstanding, the discounted price of the current Oi service is almost 25% higher than the price that was quoted to me at the time of the changeover. Thus I am now paying essentially the same price for a vastly inferior service. The length of service shown for the new service is 18 days since installation at the time of writing. However, I don't think it is entirely correct to call it length of service.
It is well evident from the above table that the NET service, although it too failed the open ports test, was by far the better offer. Oi succeeded in getting my business for its "service" by lying about the ports being open. Now I am stuck with it. I suppose it is my fault for expecting honesty from salespeople.
To me, W@y Internet seemed to be a proper ISP with in-house technicians and administrators who provided a proper service. My distinct and reluctant impression of Oi (and equally, of NET) is that they are just a bunch of accountants who out-source practically all aspects of their operation to dubious one-man-and-his-dog outfits who exhibit the barest smattering of technical knowledge. This is evinced by the fact that, try as I might over the course of 10 whole days, I could not get to speak to anybody, within this entire enormous company, that had any knowledge above that of drilling holes in walls and plugging cables into modems. Let the inward investor beware!
A Partial Solution
After a little break doing other things, I decided to have one last try at opening my listening ports. By means of a tooth pick, I physically reset the modem back to its factory defaults. Of course, in this state, the Oi service refused to connect me to the Internet. I had to re-register my connection using the Oi Wizard, which was part of Oi's modified version of the modem's firmware. I re-registered and was, once again, able to access the Internet with closed listening ports.
I had previously tried to reproduce Oi's WAN-side PPPoE settings except with the NAPT facility disabled. The Oi service would simply not accept this. I had no option but to live with the modem's NAPT enabled as per the standard Oi configuration. This left me with two NAPT gateways (one in the Oi modem and one in my router) operating in series, a situation which is definitely not recommended.
I had to consider carefully how my servers, running within my computer (PC1) appeared from the point of view of each of these two NAPT gateways. I had to start with my servers, as shown on the light cyan coloured background in the following diagram, and work backwards towards my Internet connection.
The first part was easy. It was as it had always been. my router perceived my servers to be running inside PC1 (at address 192.168.2.100). I checked the router's NAPT forwarding entries. All were in order. The question now was, where does the NAPT gateway in the modem perceive my servers to be located? Does it see them as being in my computer (192.168.2.100) or does it see them as effectively running inside my router (192.168.1.2)?
Then I realised that the modem's NAPT gateway cannot see the addresses of devices on the Inner LAN because the router's NAPT translates to them from its own WAN-ward address (192.168.1.2). Thus, from the point of view of the modem's NAPT, my servers are programs running inside my router. That's probably why they are called virtual servers.
I therefore, once again, opened the modem's browser-based configuration facility and set up my virtual servers as running on my router (at Outer LAN address 192.168.1.2). The entries I put in the modem's Virtual Server Forwarding Table are shown on the left. Please click the image for a larger view. Note that the ports are forwarded to my TP-Link TL-WR741N router (at 192.168.1.2 on the Outer LAN) and not to my computer PC1 (at 192.168.2.100 on the Inner LAN).
I then shut everything down, waited a few minutes, and then powered everything up again from a cold start. I went and did something else for half an hour while the modem synchronized itself with the Oi service. I returned to my computer and started aMule. I went away and came back 10 minutes later. I had green indicators. This meant that aMule's listening ports were open. It was no longer firewalled. I started Gtk-gnutella. After a few minutes it was indicating open listening ports. So, at 12:34 on 6 October 2015, after being "off the air" for 50 days, my essays and articles were once again available through the eDonkey, Kademlia, gnutella and G2 networks.
Next, I started my FTP and Web servers. I then used the canyouseeme.org port checker to look for my services on Port 21 and Port 80. They were not there. These ports were being blocked at some point beyond the WAN-ward side of the modem. They were probably blocked at the ISP's distribution router's gateway. This suggests to me that the original table showing the ports blocked by Oi for its residential and commercial accounts respectively, is probably correct. Perhaps, if I were to change to a commercial account, even though I am retired and on a very small pension, then my HTTP (Web), FTP and SMTP ports would be open.
The fact that the Simple Mail Transfer Protocol (SMTP) Port 25 is closed is rather disappointing for the following reason. Microsoft has - for no good reason - decided to block my emails from its network. Consequently, people with Hotmail accounts, with whom I have been corresponding for decades, can no longer receive my emails. Google's Gmail has also made things difficult by presuming to prohibit mail attachments with certain kinds of content, which my colleagues and I need to exchange. Our solution was going to be to set up mail servers in our own computers, which we proposed to leave running permanently. With certain ISPs (including Oi) blocking Port 25, this will no longer be an option for us. It gives us the feeling that certain corporate entities are trying to squeeze us out of existence.
Thus, I have now arrived at the situation, as illustrated below, which I expected when I decided to take on Oi's replacement to the W@y Internet service. It isn't ideal. It isn't what W@y provided. But it will have to suffice for the time being.
|Pass||Pass||Pass||client HTTP access via Web browser
|Pass||Pass||Pass||client SMTP/POP3 Email access via Thunderbird
|Pass||Pass||Pass||client FTP access to my hosted web space
|Pass||Fail||Pass||High ID access to eDonkey/Kademlia
|Pass||Fail||Pass||High ID access to Gnutella/G2
Notwithstanding, getting this far has cost me 50 days of lost serving time. It has also cost me around 35 days of personal effort in learning about the D-Link DSL-2500E modem and the particular difficulties encountered in setting up two NAPT gateways to operate in series. All this work, Oi, in effect externalized onto my shoulders. It would have taken a matter of minutes for an Oi technician, with day-to-day familiarity of this modem, to quickly set up the virtual server ports for me, or at least give me a few words of orientation as to how I should go about doing it myself. But neither the Oi technician nor his supervisors would do that. Neither would anybody I attempted to talk to on the Oi help line. In fact, in this whole matter, Oi appeared to me to exhibit a distinct attitude of non-cooperation. For some reason, although Oi has no legitimate basis for stopping me from opening my ports, they didn't seem to want me to have open ports. Why?
Here Come The Rains
During the early hours of Tuesday, 17 November 2015, the first major rain of the season fell and continued most of the following day. As usual during heavy rain, the telephone line failed - obviously due to water getting into the ageing cable or the concentrator box on the street post about 500 metres from my building. Again as usual, I had to ask a relative to call Oi to report the fault. The following day, 18 November 2015, my relative called my cell phone asking if the normal phone line were working now. I checked the phone. It was working fine.
Shortly afterwards, at 12:40 hrs. a person purporting to be from Oi called my cell phone. The caller's number was 346, which, being so short, I would think could only be a special number used by the telephone company. The caller said he needed my help to do some tests on the line. He asked me to disconnect Oi's ADSL modem from the telephone line and remove the ADSL filter from the telephone so that the telephone was connected directly to the line without an ADSL filter. This I did. I thought he probably wanted to conduct an insulation resistance test on the line. However, he immediately asked me to pick up the phone and test to see if it was working. I did so. I could obtain a dial tone. The phone was working.
The caller then told me that the cause of the problem was a faulty ADSL filter at my premises. I could use the phone without the Internet or use the Internet without the phone. To use both I would have to replace the faulty filter. He said that I would have to buy the new filter since the replacement of filters was the customer's responsibility. He then said he could recommend an Information Technology company to come and replace the filter for me. At my expense, of course. I refused the recommendation, saying I would buy a new filter from a source I knew. I reconnected the filter back into my telephone's signal cord so that the phone and the modem were as they had been before. The Internet still worked. The phone still worked.
I had smelt a rat immediately this Oi technician started talking. The filters were supplied by Oi as part of the service rental, and are therefore legally Oi's responsibility. They had done only just over 2 months of service. They are completely passive components and therefore are not much more likely to go wrong than would a piece of wire. What the Oi technician had told me was complete bullshit. I suspect that the Information Technology company he recommended was his own little "business on the side" and that all this was about making himself some extra money by lying about the cause of the line failure.
On 20 November 2015 we had another rain storm. And, true to form, at 16:50 hrs. both the phone and the Internet went dead. Just the same old crackling line. I contacted my relative again by cell phone (second time in 4 days) to report the service outage. I wonder what cock and bull reason they will try to foist upon me this time. They will probably say a lightening strike to the line burned out my modem and I'll have to buy another one, even though it is Oi's modem supplied as part of the service rental. That won't wash with me though. I always, without fail, disconnect both modem and phone from the line at the first rumble of thunder. The phone and Internet came on again at 08:00 hrs 21 November 2015, Although I have very grave doubts that it was due to any repairs Oi may or may not have carried out. I think that the restoration of the service was entirely due to the cable and the concentrator box drying out on their own.
The post shown in the photograph on the right is for power and signal services entering the building in which my apartment is located. The 40-pair telephone cable, as far as I can make out, enters through the open-ended vertical plastic pipe on the left of the post. Looking at the enlarged version of the picture, it is possible to see that it is the cable forming the coil on the right of the post. It is easy to see how water from heavy rain could drain down the cable into the vertical open end of the plastic pipe. This cable is pieced into a larger cable somewhere in between two street posts.
This cable, along with a large number of others, is strung along the street posts for two blocks to the post shown in the photograph on the left, which is located at a cross-roads. As can be seen, a veritable rat's nest of power and signal cables cross, turn and go their separate ways at this post. Throughout this route, many spurious open-ended wires and flexes hang right down to the pavement. They appear to be discarded without being taken away. These could be remains of attempts to piece into a television or Internet signal cable to get free access at the expense of a legitimate customer, thereby stealing some of his bandwidth. It is what the locals call a "gato" (cat). The cable carrying my telephone pair now makes a right turn.
It then continues for a further 3 blocks to the box containing the local concentrator and distribution equipment, which is shown attached to the post in the adjacent photograph. The cable has thus covered about 500 metres from my building to this somewhat dilapidated looking steel box. Please click on the photograph for a larger scale view. Notice that the weather protection sleeving has come adrift from the bottom of the smaller box on the left of the post. Rain water can drain down the exposed cables into the sleeving and thereby potentially cause problems. The major culprit, for the recurring interruptions in service I have suffered, is however, in my opinion, the age and bad condition of the 500 metres of cable between this box and my apartment building.
I remember when, during the rains of 2013/14, my telephone eventually failed completely as usual. I asked my relative to call Oi. An Oi technician came and asked for access to the telephone wire distribution box down in the garage. He was an older man, probably approaching retirement. I watched him make his tests. He said that he had to search for a good wire-pair. He said the cable connecting the distribution box in the garage with the concentrator in the other street contained 40 pairs of telephone wires. But the cable was very old. Over the years, the cable swaying in the wind gradually fatigues the thin steel wires. Eventually breaks occur. One knows not where. Consequently, pair after pair becomes useless. An intact spare pair has to be found each time a pair becomes too fragmented. He eventually found a good pair and with it restored my telephone service.
On Saturday 16 January 2016, I had to ask my relative again to call Oi because the telephone line had failed completely. A younger man came this time. He said that the number of intact wire-pairs in the cable had become very few. So much so that there was no longer enough wire-pairs for everybody. Many people were dispensing with their fixed telephone lines, opting to use only their cell phones. Thus the demand was dropping. However, many people used the telephone line also for ADSL Internet service. He said this scarcity had caused a war between the various telephone service companies. The result was that when one company's client in the apartment building reported a faulty line, its technician would rob a wire-pair from another company's client. Then the other company's client would report a fault, and so on... It was still raining and this man went away unable to resolve the problem.
At about 22:00 hrs that night, I received a call on my cell phone from a number in São Paulo. It was an Oi operative responding to my relative's call that my telephone and Internet services were not working. I told him it was a cable problem, which occurred every time it rained, so it was obviously something that could not be resolved over the phone in my apartment. Despite this, he asked me to take the low-pass filter out of my telephone cord and reconnect. He tried to call my fixed phone. Nothing happened. I reconnected the filter. He then asked me to try the Internet. The rain had by then lightened a little and the ADSL service had started to work intermittently. He made tests remotely and said it appeared that the problem was because my modem was not configured properly. This was ridiculous. How could its configuration change all by itself? It was clearly because the service kept dropping in and out as indicated by the Internet LED on the modem flipping between green and red.
He asked me to connect my modem directly to my computer without my router in between. I did so, knowing full well that what he was trying to do would not work. And naturally, the modem did not recognize the LAN fixed IP address of my computer so I could not even get through to the modem's configuration web interface. I decided to ignore what he had asked me to do and reconnected my router. I could then access the modem's web interface without any trouble. He then asked me to access the modem's Oi-wizard, which would automatically reconfigure the modem. I went through the pointless process of reconfiguring the modem, after which I was able to access the Oi website. He terminated the call after having "resolved" my problem. Within 10 minutes it started raining hard again and both the telephone and the Internet failed completely again. Hey-ho!
I'd had enough that night, so decided to leave it until the next day (Sunday) to ask my relative to call Oi again. He made an appointment for a technician to come again on Monday 18 January 2016. At 11:50 hrs that morning a young man called Tiago arrived. He must have been over 2 metres tall. He seemed frustrated by the number of faulty wire-pairs. I asked him if it wasn't time the company replaced this ageing cable. He said he thought Oi hadn't enough money to do that. My cynical thought was that they may not have enough money to replace the cable but they certainly had enough to give a good return to their share holders. Tiago then embarked on a series of trips back and forth between my building and the street box 500 metres away in another street. He persevered with this until he found a sound pair of wires for my telephone connection. He left me with a good line. The telephone and Internet both worked fine.
At 15:40 hrs I received a phone call on my fixed phone from 062 3240 3399. It was an automated call which asked me to press "1" if my telephone was working properly now. I pressed "1". Tiago's work was well tested that night through prolonged heavy rain. The connection remained solid, which I expect it will do until that wire-pair also breaks. The following is a diary of service failures, which correspond exactly with the local rainfall.
|Phone ||Internet ||Failed||Restored||Downtime
|Failed||OK†||17NOV2015 05:22 ||18NOV2015 12:00 ||30:38 hrs
|Failed||Failed||20NOV2015 16:50||21NOV2015 08:00||15:10
|Failed||Failed||29NOV2015 16:15||30NOV2015 06:30||14:15
|Failed||OK†||02DEC2015 20:00||02DEC2015 21:30||01:30
|Failed||Failed||07DEC2015 00:20||07DEC2015 05:30||05:10
|Failed||Failed||08DEC2015 00:45||08DEC2015 07:30||06:45
|Failed||Failed||18DEC2015 16:50||18DEC2015 17:05||00:15
|Failed||OK†||30DEC2015 17:45||31DEC2015 00:00||06:45
|Failed||Failed||12JAN2016 20:00||13JAN2016 07:15||11:15
|Failed||Failed||15JAN2016 03:10||15JAN2016 13:50||10:40
|Failed||Failed||15JAN2016 14:15||16JAN2016 21:45||31:30
|Failed||Failed||16JAN2016 22:15||18JAN2016 13:30||39:15
|Failed||Failed||08APR2016 11:00||09APR2016 18:30||31:30
|Failed||Failed||24JUN2016 06:30||25JUN2016 15:00||20:30‡
|Failed||Failed||30JUN2016 06:00||01JUL2016 15:30||20:30‡
† If there is an intermittent break in the phone cable, the phone will go dead when it gaps. However, if the gap is small, there could be sufficient capacitive coupling across the break for the much higher frequencies of the DSL signal to pass. I know when a failure occurs in the early hours because the telephone dings intermittently and wakes me up.
‡ I have heard t said that the reason for these outages was that, due to the economic crisis in Brazil at the time, thieves cut lengths of cable from the street distribution poles to sell on the black market.
As Best As Can Be Expected
On 26 November 2015 I received my monthly telephone bill from Oi covering the services purportedly rendered during the month of November.
At this point, I need to clarify the arrangement of the billing for the three services previously rendered to me by Oi. These are:
- conventional fixed (wired) telephone service
- cable television service
- Internet service
From antiquity (long before 2004) I have had a conventional fixed (wired) telephone service. This was originally supplied by Telemar, which, somewhere along the way, became Oi. This was, until the end of October 2015, always billed completely separately from any other Oi service.
From 18 October 2004, I contracted a combined cable television and Internet service from W@y TV. Obviously, this was billed to me by W@y TV and was nothing to do with Oi. Sometime, during the intervening decade, W@y TV was taken over by Oi. From that time, Oi billed me for the cable television and Internet service previously rendered by W@y TV.
Consequently, I received two bills from Oi every month:
- for my fixed telephone service
- for the combined cable television and Internet services.
So, on 26 November 2015 I received my November telephone bill from Oi. However, as well as the charges for my November telephone usage, the bill contained also a charge of R$49.89 for the Oi Velox Internet service. Gosh! One whole centavo cheaper than advertised!
Like all commercial bills nowadays, this telephone bill is presented in a form that is essentially incomprehensible. Only by spending time analysing and comparing items was I able to construct the cogent representation of the information within it, which is shown below.
|Phone||Assinatura Plano Franquia LDN||16.03||
|Oi Fixo Sem Limites||14.94||
|Franq. 30 min - Qualquer Móvel||13.78||
|Assinatura sem Franquia Oi Fixo ||20.99||
|Pacote Fale Digital||4.26||
|Phone Subtotal .............................||70.00
|Internet || Velox 2Mbps||34.99||
|Internet Subtotal ..........................||48.70
|Total Payable ................................................|| 138.70
This month's account is correct. The only serious overcharge has been the fact that, from 18 August to 31 October 2015 (a period of 75 days) I was charged a discounted price of R$62.35 (full price R$87.74) for the inferior Internet service instead of its proper price of R$49.89. This works out to a total overcharge of R$31.15.
A more significant frustration is that I will be charged, from now onwards, R$14.90 per month for the use of Antivirus software, a cloud Backup service and some obscure thing called Educa, all of which only function on computers running Microsoft Windows. Since all my computers run Linux, I have no means of using them. Thus I am forced to pay, month by month, for three services I cannot possibly use and which I do not want or need.
As advertised, Oi affirmed that the Internet service it was offering was compatible with Linux. This is not unreasonable since an Internet connection has nothing to do with the proprietary specifics of an operating system. Besides, the whole Internet is based on Unix, of which Linux - unlike Microsoft Windows - is a completely compatible derivative. Since Oi affirmed that its service was compatible with Linux, Oi is obliged to ensure that all components of that service are Linux compatible. But unfortunately, like Microsoft, Oi is effectively behaving like a sovereign state by charging what is cynically referred to as a Windows Tax.
The notion of the Windows Tax stems from the fact that it is generally impossible to buy a computer from a "legitimate" source without it having been pre-loaded with Microsoft Windows, which, of course, is fully charged for in the price of the computer.
This effectively elevates Microsoft from being a mere commercial corporation to become a sovereign state with the power to charge a sales tax on other people's products. There is (purportedly) a procedure for recovering the Windows Tax from Microsoft. However the reimbursement is small and obstructively difficult to obtain.
I cringe to think of how many computers I have bought over the past couple of decades for which I have had to pay for Microsoft Windows only to immediately wipe it from the hard drive and install another operating system. For this reason, I have adopted a policy of buying my computers in component form from what are thought of as "illicit" sources.
Gross Overcharging by Oi
Oi sent me a letter stating clearly that Oi's old cable services would cease on 18 August 2015. By ceasing to provide the service on 18 August 2015, Oi thereby factually terminated the contract on 18 August 2015. Consequently, without any further action by me, my contract with Oi terminated on 18 August 2015. Oi's statement that the service would terminate on 18 August 2015 is definitive. Whether or not Oi engineers happen to leave TV and Internet signals on the cable or fail to collect the decoder and modem from my premises after 18 August 2015 is immaterial to the fact that the contract was terminated on 18 August 2015 in accordance with their written intimation.
Notwithstanding, events show that, because I did not actively cancel the service, Oi continued to charge me under the terminated contract for the no longer existing service, which it would apparently do unless or until I took deliberate action to cancel this no longer existing service via Anatel. My reasonable understanding from Oi's letter had been that, in the absence of any action on my part, Oi would automatically substitute a replacement service on or before 18 August 2015 under the same contract, which they did not do. I had to request Oi's replacement ADSL service, which was "installed" on 18 August 2015. As a result, from 18 August 2015, Oi began charging me for two parallel Internet services, only one of which was actually usable.
The change in my Internet service, from cable to ADSL, was forced upon me by Oi, solely for Oi's own benefit and convenience because Oi no longer wanted to provide the old service Oi had bought from W@y TV. Notwithstanding, Oi overcharged me a total of R$332.84 in the process of this changeover to the inferior service. I desperately wanted to continue with the old superior service. Furthermore, I now have to pay an on-going charge of R$14.90 a month for separately charged additional services which I do not want or need and which I cannot possibly use anyway because these services are totally incompatible with my standard Linux operating system.
The charges made to me by Oi for the period of the change-over are shown in the following table. Over-charges are shown in red.
|PERIOD†||CABLE iNET ||CABLE TV||ADSL iNET
† Month in which the service charged for was actually or supposedly rendered.
- Overcharged by R$26.11. Charge should have been R$36.16.
- Overcharged by R$31.55. Charge should have been R$43.69
because Oi stated that the service terminated on 18 August 2015.
- Included with the September period: R$19.94 + R$49.89 = R$69.83.
- Wrongly charged: I cancelled my transfer to satellite TV service on
27 August 2015 because of the problems with the Internet service.
- NOTE: Internet signal not present on coax from 18 September 2015;
TV signal not present on coax from 01 November 2015.
- Includes overcharge of R$14.90 per month for services I cannot use.
And, of course, like NET, Oi threatens to place my name on “bad debtors” lists if I refuse to pay. So having been overcharged R$309.18 by NET plus R$332.84 + R$14.90/month by Oi, direct personal experience has taught me that I must resign myself to the fact that it is necessary for me to accept, and make reservation for, what I call a built-in corruption overhead when dealing with Internet service providers.
14 February 2016: I entered my final appeal to Anatel regarding the overcharging during the transition and the on-going charging for additional services I do not want, do not need and cannot use.
17/02/2016: 09:40 Sergio of Oi phoned. Asked for the amounts of the invoices overcharged. Said Oi would resolve the problem within 72 hours.
19/02/2016 16:25 Alessandro of Oi phoned. Said the reibursements would be credited on future bills. Mentioned R$44.76 but I did not understand how this related.
26 February 2016 I received my telephone bill from Oi relating to the services rendered during February 2016. The total amount to pay was R$44.76. Now I understood what Alessandro of Oi was saying. This bill had been reduced by R$48.28, the amount of the Internet service, which meant that I had been effectively credited with twice that amount, namely R$96.56. This leaves a further R$236.28 of the overcharge + the R$14.90 a month for the unusable services.
I must now wait and see if the rest will be forthcoming...
Thus it would seem that, although I must now make do with an inferior Internet service, at least it is cheaper than the old W@y Internet service. And that is all I can say about it. After all, it is not really adequate for my purposes but there is apparently no way of obtaining a better service at the place where I live.
Global Village Telecom (GVT)
Global Village Telecom is the third possible ISP which could have provided me with Internet service. As a former telecommunications professional, I had been marginally involved during the early 1980s with a proposal for providing full telecommunications services in the rural areas of South America. As such, this company's name rather appealed to me. But alas, for me, it is simply not an option.
GVT is a company with which I have never done business. I have never subscribed to any of its services. I have never entered into any kind of contract or agreement with it. Notwithstanding, this company has placed upon me untold stress and has cause unmitigated disruption to my life and work. I truly wish I had never heard its name.
I started to receive sales calls from GVT in 2007. At times these reached peaks of 3 to 5 calls per day. They offered "promotional" Internet and television cable services. GVT's calls were certainly the most frequent of any commercial nuisance calls, but not overly excessive for Brazil, where unfortunately one simply has to accept a certain amount of pointless telephonic disruption to one's concentration throughout the working day.
In July 2011, however, the situation changed dramatically. The calls increased to between 8 and 12 per day. The call log for a typical day [12 December 2011] is shown below.
|Time||Phone №|| Rings ||Call Type
Sometimes calls were as late as 8:45 at night.
The phone calls were aggressive and varied in nature. To me, they constituted a determined campaign of psychological torture, which I can only assume had some kind of commercial motive. Notwithstanding, I cannot imagine how even the most belligerent marketing planner could ever think that this sort of behaviour could generate a positive result. The calls continued at this level for almost 22 months.
At the beginning, in July 2011, the calls were all the same. Simple and boring. They asked to speak to João. I said I did not know anybody here with that name. Next call: same question, same answer. And so it went on. Then, in September 2011, the name was changed. The telephone caller started to ask for Leonado Borges. I said that I did not know anybody of that name. Next call: same question: same answer. And so it continued call after call, day after day, week after week, month after month.
Then, in October 2011, the name changed again. The telephone caller (always a young woman but I got the impression that there was a whole battery of women making these calls to me) asked for Carlos Eduardo de los Angeles. Who the hell he is I can't imagine. I expect it's an invented name. But obviously it was part of GVT's sick vicious technique to wear me down psychologically to make me give in and subscribe to their services.
These calls drove me out of my mind. I could not concentrate on my work (which requires creative thought) and I could not disconnect the telephone to get any peace as I needed to receive important legitimate calls. So I lost my cool. I finally began to shout and swear at the women making these calls. I had to be very careful to make sure it was not a legitimate call before I embarked on my furore, which was at times very difficult. The telephone women making the calls would defensively reply that they had to make the calls because my number was "on the system". I remember once exploding at the woman saying "then take it off your ****ing system!", to which she replied that she couldn't.
One possible solution to this nuisance would be to have a telephone through which I could make out-going calls but which would not receive calls. But then I would not be able to receive legitimate calls from family, friends and colleagues. This would be exactly the telephone equivalent of the Internet “service” with closed listening ports, which I had to put up with from Oi. I would be telephonically deaf, which, for me, is not a practical option.
My outbursts obviously had some effect because, in December 2011, they adopted yet another tack. They would ring my phone between 1 and 4 times only so that I could not get to the phone in time to answer it. On the occasions I did manage to lift the phone there was silence and the caller immediately hung up. With this technique GVT expanded its coverage from just weekdays to include Saturdays. Then came something worse.
In addition to the normal (now silent) phone calls, GVT began to intersperse automatic calls between them. These were entirely pre-recorded. They always began with the words: "Joâo, we have a very important message for you". Then one of three names would be said, the first being simply "João", the second "Leonado Borges" and the third "Carlos Eduardo de los Angeles". Then came the words: "if you know this person, press 1. If you don't know this person, press 2". Naturally, I always pressed "2" because I hadn't a clue who any of them were. Everything was spoken in Portuguese, of course. And so these additional calls continued day after day, week after week, month after month. I couldn't do my work. I was out of my mind with anger and frustration.
Every GVT phone call, throughout this 22 month campaign of psychological torture, lost for me my concentration and train of thought on my work. It lost for me at least 15 minutes working time every call, exacerbated by the exasperation caused by my helplessness to put a stop to it all. At a conservative estimate, that's 2 hours of ineffective prime working time per day. At $30 per hour, that comes to $29,040 in lost working time. That's what GVT's shenanigans has effectively stolen from me. And that does not include any damages for the stress involved. I suppose GVT would think of it conveniently as one of their externalized costs of marketing.
At last, during early 2013, the automatic calls gradually faded away and the silent calls gradually diminished to about 4 per day.
Earlier that same month, I had received a different kind of call. The voice was that of a live human woman who seemed somewhat more intelligent than the call centre girls. From her manner of speaking, she seemed to me to be some kind of lawyer. She assumed I was João. I corrected her. She then asked if I knew João. I said no. She then asked if I knew Leonado Borges or Carlos Eduardo de los Angeles. I answered rather loudly in the affirmative. She asked how I knew them; in what connection. I replied that I knew them as a result of having their names blasted into my ears 12 times a day for the past 22 months through nuisance telephone calls from GVT. Her tone turned a little apologetic and then she "politely" terminated the call with no explanation. I have no idea who she was.
From that point on, the GVT nuisance calls seemed to tail off. This just left me with a once or twice per week promotional call for their ISP and cable television services, which they must have well known were utterly futile, and therefore simply a continued nuisance to me. There were other silent calls about 4 times a day in April 2013 from 03135078700. However, because they were silent, I couldn't be sure they were from GVT. Silent nuisance calls (again about 12 per day) started again early in 2015 from numbers: 01121450020, 01123776800, 01132155800, 01137926860. My phone rings 4 times and then hangs up. If I pick up in less that 4 rings the caller simply hangs up immediately. Again, I can't be sure they were from GVT. A couple of months later they died away.
I had tried from the beginning to find out how to contact GVT by letter in order to send them a recorded delivery notice to the effect that I was receiving nuisance calls from them which were significantly disrupting my work. I searched long and hard, but nowhere on the Internet could I find the address of GVT. Eventually I found it on the website of the American CIA regarding some kind of pending action against GVT. This site contained a link to the site of Business Week, which gave details of GVT, including its official postal address in Curitiba, Paraná and the names of its executive officers.
Having finally found this information, I decided not to take the matter further because, as a lone individual, I would have little chance of achieving satisfaction against a telecommunications giant like GVT. Besides, I couldn't afford the cost and I had suffered an enormous loss already in terms of working time. Nevertheless, looking at this list of executives, I can't help thinking what a pathetic bunch of immature excuses for humanity they must be, as obviously it is they who are responsible for devising and authorizing GVT's reprehensible behaviour towards me. Where did they come from? One thing I can surmise is that if ever GVT were to go bust, they would have no trouble getting jobs with the psychological torture department at Guantanamo Bay.
I am sure that if any lone individual were to perpetrate such a campaign of nuisance calls upon any GVT executive, that individual would be rapidly prosecuted and jailed. But if you are a giant corporation perpetrating it upon a lone individual, that's OK. What is not OK, apparently, is for the victim to say anything about it.
In view of all the trouble GVT has caused me without ever entering into any relationship with it, I shudder to imagine what woes would befall me were I ever to do so. And this is why GVT is, at least for me, well and truly off the list.
When a new technology takes over any element of public infrastructure, the old technologies it replaces fade away. Throughout history, society has always burned its technological bridges. The point is rapidly reached where those who do not have access to the new technology become excluded from society. They become unable to participate in its mandatory processes. The Internet has, in this way, become a vital element of public infrastructure to the extent that anybody without access to it can no longer function adequately within society. All should have the inalienable right to the necessary and sufficient means and facilities to participate in the basic functions of the socio-economic system under which they must live.
With regard to one of these necessary and sufficient means, namely, the Internet, the private corporations of the telecommunications services industry, like a malignant cartel, have effectively seized unelected sovereign control over this vital element of public infrastructure. They have unilaterally decided that subscribers' listening ports shall be closed. The subscriber has no choice. To them, customers are mere cannon fodder in a great economic war fought solely for the purpose of enriching their precious shareholders.
One should not be surprised at the way these giant ISP corporations behave. After all, they are corporations. As Lord Thurlow (1783-1792) said, "Corporations have neither bodies to be punished, nor souls to be condemned; they therefore do as they like." Lord Thurlow's words are often paraphrased as "Did you ever expect a corporation to have a conscience, when it has no soul to be damned, and no body to be kicked?" In his day, however, corporations could only come into existence by Royal Charter and had the nature of national or ostensibly public entities. How much more extreme is their nature since the private limited liability entity (pessoa jurídica) came into being during the mid Nineteenth Century.
I remember once seeing an excellent film called The Corporation. Somewhere in this long film was presented a step-by-step list of behaviour traits, which limited liability corporations are required - by the very law under which they are formed - to behave in their dealings with customers. The film later revealed that this list of behaviour traits is the clinical definition of a psychopath. For this reason, I see the placing of such a vital element of public infrastructure into the greedy hands of profit-driven private corporations as a supreme act of unmitigated madness.
I see the blocking of listening ports as the amputation a basic and expected Internet function. The practice effectively prohibits all direct peer-to-peer communication, including the running of a POP and SMTP server within one's own computer. [This latter is becoming more and more essential with the increasing arbitrary blocking of emails and email attachments by Microsoft and Google.] The blocking of listening ports is, in effect, a total and permanent Denial Of Service (DOS) attack perpetrated by the ISP upon the subscriber.
If the ISP is concerned about the amount of data traffic my servers would create, then it is an easy matter to use throttle-back and monthly data transfer quotas to control the amount of traffic. ISPs do this anyway. Consequently, I can see no good technical reason to implement port blocking, especially the total blocking of all unsolicited incoming IP packets. Blocking the listening ports to my (very low traffic) servers is an infraction of the Suggested Practices of the Broadband Internet Technical Advisory Group. It is also an unjustifiable infraction of my individual liberty - a liberty I have enjoyed for almost 20 years of using the Internet until this present situation arose.
Looking back to the years I had the W@y Internet open-port service, I remember being somewhat puzzled by something. Whenever I looked at the list of connected peers on the various networks, I saw peers from many many countries all over the world, including small and little known ones. But I only ever remember seeing one from Brazil. And that was only on the eDonkey network. I never saw any Brazilians on the gnutella or G2 networks. Why this distinctly disproportionate absence of peers from a country of over 200 million people? Could it be because, in Brazil, practically all Internet access has closed listening ports? The situation would tend to suggest this.
I can only speculate as to ISPs' motives for this Denial of Service. Perhaps they are being pressured by the film and media corporations to shut a means by which music and films are known to be copied and distributed illicitly. Perhaps they are suffering pressure from law enforcement agencies to close a possible means of distributing pornography and paedophilia. But these are obviously scape-goat excuses. Neither is a just or valid reason for closing these means to everybody.
The original purpose of the Internet was to facilitate the free and unencumbered exchange of information and knowledge between any and all. Perhaps this is the problem. Perhaps the real reason for port blocking is that ISPs are suffering international political pressure to close all means through which ordinary people may exchange information and ideas point-to-point, unsurveilled by the clandestine agencies of foreign powers. Perhaps somebody considers person-to-person intellectual exchange to be a real and present threat to the status quo. I don't know. Whatever the motives, I feel that right now I am witnessing the on-set of a new Dark Age of Closing Doors with regard to freedom of communication in Brazil. Or is it the whole world?
Despite my continued pressure, those who represent Oi to me continue to claim total ignorance as to the nature of my problem. They - Internet professionals - seem not even to understand what ports are or what is meant by closed ports. This seems very strange. They seem to be under some kind of oath of silence regarding closed ports. Is the ISP being pressured or paid for its silence? Are ISPs receiving hefty backhanders from the American Thought Police (ATP) to keep listening ports closed in order to force all person-to-person exchanges through giant American-owned servers, where everything can be monitored and recorded?
The apparent "inability" of Anatel, the Brazilian Government's Communications Regulator, to enforce the suggested practices of the Broadband Internet Technical Advisory Group upon the ISP suggests something more Draconian. Perhaps the ATP are pressuring the US government to pressure all governments to mandate that ISPs close all listening ports on domestic Internet accounts, thus closing the doors to low-traffic servers, thereby plugging all the little holes and gaps where truth may leak out.
Whatever the reasons, it would seem that full-function access to the Internet is no longer available in Brazil, at least for domestic subscribers like myself. I don't know about accounts for government and heavy commercial use. In other words, Internet services in Brazil are not continuously scalable. It is not merely speed (which consumes bandwidth) that is limited on small accounts but also functionality (which does not). Thus, it would seem that my W@y Internet account must have been a hang-over from the old days of an open fully-functional Internet, which fortuitously continued unnoticed until the recent change-over.
It would seem, therefore, that small-account Internet users (the people) are meant only to listen: not to speak. They are meant only to buy products from Internet shops and partake in trivial exchanges via social media sites (where they can be monitored). Only government, celebrity and corporation may speak and be heard. This is a serious question for individual liberty. It is also a serious consideration for inward investment and expeditionary business projects, which must frequently start small from one or more home-based offices.
I think that, for the purpose of private person-to-person telecommunications, the time has come to consider alternatives to the Internet.
© August 2015 to January 2016 Robert John Morton
 I was not the ISP's actual customer, that was somebody else, who subscribed to the service on my behalf. However, throughout this essay, for clarity of prose, the first person singular has been used to indicate either or both of us. The other person has no knowledge, involvement or responsibility regarding any of the content of this monograph essay.
Within this essay, an open port is a TCP or UDP port number that is configured to accept unsolicited incoming IP packets. An open port in this sense is also known as a listening port.