Internet access here at the haus was amazingly slow for the last couple of days, even after some warm reboots of the firewall/router, changing DNS entries, etc. I didn't spot anything on cox.net's network status about an outage, and was getting normal network speeds on the internal network. Traceroutes to multiple external sites weren't consistent as to where there might be an issue. I took my time troubleshooting because I didn't have a good reason to need full Internet speed and figured that cox.net would find the problem in a couple days if it was in their network.

I finally looked at my firewall/router logs when the problem didn't resolve by day three and found a bunch of malformed ICMP packets hitting my external IP address from multiple external sources. It looked like my router was under a light DDOS attack. Why? Hell if I know, I don't have anything running back here that might be of interest other than my file server, which stays powered off when no one's using a system on the network, like all the client systems. The router was saying that the packets might have been a JOLT attack. Reading further, I discovered that JOLT attacks target Windows boxes trying to lock 'em up, so someone may have thought I had a Windows box available at this IP address that they wanted to lock up for some reason. More likely it was some automated script kiddie activity. Again, wtf? Stupid script kiddies fishing for whatever joy they can, I guess. Maybe since my firewall/router didn't go down, their automated setup just kept at it, trying to knock it down before moving on. Would have been fun to tie up their resources further, but my wife and I gotta have our IntarWeb when we want it.

Simply turning off the target system usually resolves a JOLT attack according to the above site, so I cold restarted the firewall/router, effectively dropping the target completely off the Web for a couple minutes, and when the thing came back online, poof, Internet connectivity returned to normal speed. I'm not seeing malformed ICMP packets coming in like they were before, either.

My unknown assailant probably has chalked up another Windows box or router locked up and moved on. Whatever. Hope their system(s) overheat.

I got the router configuration working fine as a PPTP server. It turned out to be one of those situations where a setting in a different part of the router configuration made all the difference, so it was only after I decided to make a full sweep of the settings that I found and resolved it. Testing went well after that, and life as we know it remained on planet Earth for nanoseconds to come as a result.

One thing I noted while I was working on the router is that many of the home router solution companies tend to have poor external support that doesn't involve actually getting someone involved. I really really don't want to get someone else involved in my technical issues unless I know for a fact that they will A) have some idea of what I'm talking about and 2. be able to actually assist me. I have had much of my life wasted by poor support people. I know many excellent support people, but never seem to reach them when dealing with a home router solution. Why? Because these routers are marketed at Joe User rather than at someone who knows what they're doing.

Joe User isn't going to be setting up a PPTP tunnel on his home network, so I'd probably have to go through two techs to get to someone who could really assist me. Meanwhile, I'd've probably been able to Google up a solution while waiting on hold and going through the basics to ensure that the support team on the other end of the phone is sure that I have some kind of clue as to what I'm doing with the router.

Now if a router costs over a few hundred dollars, some decent support would be expected right away on the other end of a tech support call. There seems to be an assumption in support management that if the product is expensive, Joe User isn't going to buy it, or he has some guru helping him out who will be the front line of support for Joe User's product. The guru would then tap the product's external support team for assistance if needed. This is smart allocation of a support team's efforts, but it's rather frustrating when you ask for a high-tier support person and you're barraged with the simple things to go through before you are allowed to reach the most holy of support engineers. Again, though, that is just smart, right? Teams should have their big guns working on the real tough issues rather than having the front line forward an issue where someone miskeyed a doman name. But again, it's still frustrating when dealing with Joe User products that are technical.

Geek Squad is working on a potential solution to this already, though they are still a bit expensive and have an odd image to uphold in addition to focusing on giving good support. Add an interactive, searchable forum a la Experts Exchange to Geek Squad and remove the funny/cool image. Pay support personnel to be online from home, handle phone calls, and be dispatched onsite as needed. The team would have to be flexible, knowledgeable in many areas, and have a strong central communication framework so that a rep needing some extra support could go to their coworkers first and bring them into issues as needed. The entire support group could spend money on the back end to get support contracts from major companies like Cisco to expedite support from their teams also, so this would be great for product manufacturers as well. Multiple potential support vectors would be covered, and unknown products could be covered as well, removing the support response of "We don't support that." It would cater to the people who want immediate phone support, on-site support, or slower Internet-searchable support. Knowledge would have to be maintained in a big database for all reps to use and could be made searchable for a fee to Joe User. Reps would be paid based on time spent on issues or on results, depending on what they preferred, well enough that there would be an ever-growing group of reps who could spend time helping others.

I think it would work, but I don't have the cash or the management skills to start it up just yet, much less the knowledge of current support markets to determine any sort of pay or pricing structure. What do you think? Let me know in the comments!