Unrestricted APN

Do you want/need an APN that allows connections initiated from outside the APN?

  • No thanks, no idea what this means - don't think it applies to me

    Votes: 17 8.5%

  • No thanks, I know what it means and I will never need it

    Votes: 15 7.5%

  • Yes please, for [desktop or other] remote support

    Votes: 110 55.3%

  • Yes please, for hosting

    Votes: 61 30.7%

  • Yes please, for some other reason explained in my post in the thread

    Votes: 27 13.6%

  • I clicked a 'Yes' option above, and am prepared to accept the risk of being hacked

    Votes: 93 46.7%

  • I clicked a 'Yes' option above, and am NOT prepared to accept the risk of being hacked

    Votes: 6 3.0%
  • Total voters
    199
Vodacom is blocking incoming traffic on their side... you can only initiate connections from your pc.
 
lin_ux

I guess the title of the thread could be more descriptive...I suggest reading the thread to get a better idea of the issues. Thanks pieter, the incomings ports are indeed block.

Thanks to V3G for escallating this issue up to a point where the release of this APN is imminent.
 
vodacom4no1

I think they should rename this site to vodacom4no1. Got this error when I tried to access "modify services" -> "Activate Unrestricted APN"

We are currently experiencing problems servicing your request.


Please try again later or log your error with our Web team.
Click to expand...

I suppose the unrestricted APN is not active yet.
 
Saw that on the site - exactlyt what does it do and what is the difference between that and the normal APN?
 
From the site:

Unrestricted APN

PLEASE NOTE: You have to be provisioned for GPRS/3G/HSDPA data usage and be an active Vodacom data users to request this APN (Access Point Name).
What is it?

Normal APN's (Access Point Name) used by Vodacom customers (e.g. Internet APN) allow subscribers to access Internet services via their Vodacom cellphones or Data Cards. Vodacom protects our customers from the risks of bill shock, hackers, unauthorized access of their devices by third parties or spamming from third party persons, applications or servers, by limiting the kinds of access that is possible on these APNs. For instance, machine-to-machine access of customer's devices is not possible. The Unrestricted APN does not have any of this protection or limitations and for instance caters for customers who want to host applications on their devices as well as other machine to machine applications. While this allows the deployment of additional applications and services, there is a real risk to the customer when using this APN. Customers are expected to enforce their own security precautions when using this APN and expected to monitor and control usage of their devices themselves. When using this APN, Vodacom can not control, monitor or support any traffic and can not be held liable for any traffic, usage or costs associated with the use of this APN.

How do I get it?

Customers will be expected to sign an indemnity stating that they accept all responsibility associated with requesting and using this APN. This can be done by clicking the "NEXT" button below.
Click to expand...
 
The 'Unrestricted APN' is the official name for the 'Hosting APN' discussed in this thread.

As you can determine from the fact that it's already on the 4me portal (but not yet available :( ), it's due for release soon.

Someone suffered from 'premature publication' it seems :)

Basically we'll have three APN's for public consumption:

1) Internet APN - NAT'ed IP with incoming port blocking. No restrictions on outgoing ports, no shaping.
2) InternetVPN APN - Routable IP with incoming port blocking. No restrictions on outgoing ports, no shaping.
3) Unrestricted APN - Routable IP with NO incoming port blocking. No restrictions on outgoing ports, no shaping.

If the above does'nt send a tingle down your spine, you probably don't need it. :)

Once it's available, you'll be able to auto-provision on 4me.
 
Exactly, the vast majority (99.9%+) will be just fine on the internet APN.

When do you need the internetVPN APN?

When you use some security / authentication software that gets confused by NATing. Most decent VPN clients are not affected by this.

When do you need the Unrestricted APN?

When you need to initiate a connection from outside the Vodacom data network to a GPRS/EDGE/3G/HSDPA device on the Vodacom network. For example:

1) Doing desktop support
2) Up- or downloading a file
3) Hosting a WEB site

Because the incoming IP ports will be open, you WILL get port scanned by every hacker and his dog out there (and will pay for the privilege!), so I'd suggest you provision both the internet and unrestricted APN's and only switch to the latter for the period you need the functionality.
 
/me rocks the boat :D

vodacom3g said:
*snip*

When you need to initiate a connection from outside the Vodacom data network to a GPRS/EDGE/3G/HSDPA device on the Vodacom network. For example:

1) Doing desktop support
2) Up- or downloading a file
3) Hosting a WEB site

Because the incoming IP ports will be open, you WILL get port scanned by every hacker and his dog out there (and will pay for the privilege!), so I'd suggest you provision both the internet and unrestricted APN's and only switch to the latter for the period you need the functionality.
Click to expand...

Most of us know that a TCP connection is a three way hand shake. Can't Vodacom look into billing for "connections" rather than traffic. UDP is a whole diff ball game, but still, one can't really do something without a reply. On TCP, the "server" has to send an ACK packet back to accept the connection. Most firewalls have a drop option, where by traffic is simply ignored. The little SYN packet that is send to start the connection can't kill Vodacom's network ? :)

Most of the port scanning is based on the last part of the handshake - the SYNACK (iirc) so a packet that is sent like that is invalid, if SYN wasn't send before it. Something like this could be usefull ?

Laterz !
 
Tazz_Tux said:
Most of us know that a TCP connection is a three way hand shake. Can't Vodacom look into billing for "connections" rather than traffic. UDP is a whole diff ball game, but still, one can't really do something without a reply. On TCP, the "server" has to send an ACK packet back to accept the connection. Most firewalls have a drop option, where by traffic is simply ignored. The little SYN packet that is send to start the connection can't kill Vodacom's network ?

Most of the port scanning is based on the last part of the handshake - the SYNACK (iirc) so a packet that is sent like that is invalid, if SYN wasn't send before it. Something like this could be usefull ?

Laterz !
Click to expand...


You want us to bill down to port-level?? :eek:
In real-time???? :eek: :eek:

That Durban Poison must be good this year... :)

Let's first get billing down to packet level, in real-time, (aka PPDB) before we start dreaming....
 
[dream]
Well, not really port level, but more connection level
[/dream]

:D

vodacom3g said:
You want us to bill down to port-level?? :eek:
In real-time???? :eek: :eek:

Let's first get billing down to packet level, in real-time, (aka PPDB) before we start dreaming....
Click to expand...
 
Even more difficult, you'll need to keep a table of succesful connections.

Do you really want engines in the network that will understand who is using which application? Wasn't VoIP lodged at R10/Mb?
 
Yeah - why not :)

It doesn't need to understand the protocol - just connections/sessions - so a connection from IP:PORT to IP:PORT for x amount of bytes. BTW keep in mind that this is only for incomming connections on this APN - the rest is un-touched :)

Anycase, like you said - we can dream :)

vodacom3g said:
Even more difficult, you'll need to keep a table of succesful connections.

Do you really want engines in the network that will understand who is using which application? Wasn't VoIP lodged at R10/Mb?
Click to expand...
 
Tazz_Tux said:
It doesn't need to understand the protocol - just connections/sessions - so a connection from IP:PORT to IP:PORT for x amount of bytes. BTW keep in mind that this is only for incomming connections on this APN - the rest is un-touched :)
Click to expand...

Will still need to deep-scan every packet......

[OT] Sent you a mail on an unrelated subject but got a Out-of-Office reply. Won't you check please?[/OT]
 
ic said:
My TCP/IP is quite rusty, but if I correctly understand Tazz_Tux's suggestion, [on the unrestricted APN] Vodacom would only have to update a table whenever:
  1. a SYN-ACK [sent by host being connected to] & a corresponding ACK [sent by the other host initiating the TCP/IP connection] packets pair are detected [i.e. sniffed]; and
  2. a FIN [sent by either of the 2 hosts involved in the TCP/IP connection to disconnect] & a corresponding ACK [sent by the host receiving the FIN, followed by its own FIN to the other hostwhich is then ACKed by the other host].
The table key would be comprised of the IP addresses of both hosts, as well as the port numbers involved at either side of the connection...
Click to expand...

Yep, agree.

To do this you would need to inspect every packet.

AND keep the MSISDN (cell number) / IP number relationship.

You'd get pretty peeved if you were on an IP adress and release it for another user to pick up (i.e. you disconnected) and you get billed for all his 'connections'......
 
Hi ic
I was asking if the apn is active yet (meaning does the activation on 4me work now)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X