Re: blocking traffic comming from a LAN

From: Frank Winans (fwinans_at_airmail.net)
Date: 01/22/04 

Date: Thu, 22 Jan 2004 09:57:41 -0600

"Tobias Skytte" wrote
> Hi,
>
> I have a server with dial-in clients and I suspect one dial-in client
> of using his account to serve his whole LAN. Now the question is:
>
> 1) How do I detect if this is indeed going on?
> 2) How do I stop him from doing it without denying him access from a
> single computer at a time.
>
> The server is running rh with iptables as a firewall, in console mode
> only. Any ideas would be greatly appreciated.
>
> oh, I also have a third question, btw:
>
> 3) Should ISP's (morally speaking) limit their dial-in accounts to be
> used from a single computer? or should they allow the usage of IP
> sharing devices (as I am suspecting is happening) on normal cheap
> dial-up accounts?
>
> What do you think?
>
> Best regards,
> Tobias Skytte
I'd say the modem bottleneck keeps 'em from making excessive
demands on your service, no matter how many users at their end.
Your dial-in service must be pretty low-margin; it is a real headache
maintaining the phone/modems at your end, and even if you could
force all your clients to open multiple accounts for multiple users,
I'd almost say that should make you cry more than laugh. Most
likely tighter restraints would just make them dedicate one box and
line up to use that, not reduce their overall use.

In line with that, you'd sure hate to see them tie up your modem a
large number of hours per day; I do hope you've mentioned
near-24/7 penalties in your terms of service.

At the client end, I suspect various users would go through different
numbers of routers/whatever, and so you'd see the time to live {ttl}
count differ from one client to another when the packets hit your
modem. As far as proving multiuse, I'd say noticing several
concurrent dhcp or smtp connections, or long-term clustering of
connections to what turns out to be each users' home web site,
would be a hint.

If you've got a lot of subscribers, and just a few problem cases, you
could gradually degrade service on the multiuser cases, perhaps
preferentially on just those additional concurrent dhcp connections.
If their ping times are always great, and so is one of their browser
sessions a time, they won't get much sympathy when they badmouth
you to their pals or the press, especially if this is an unannounced
and gradually instituted policy.

Relevant Pages

  • Re: Free Internet Access
    ... What hacker would go on the ... > their bank accounts, but neither did they pay for those services. ... > charged for multiple connections. ... you need to review the agreement to ensure you don't violate it. ...
    (comp.security.firewalls)
  • Re: E-mail filtering recommendations needed.
    ... company's server and send outgoing e-mail through the same server. ... You could put up a local mail server which will poll the ISPs ... Then the user pop accounts would be removed from ... SS numbers and protected client information? ...
    (comp.unix.sco.misc)
  • Re: Cannot login to retrieve internet mail
    ... You are correct in that when I connect with one of these accounts (that do ... not work) from an outlook client I am attemting to receive mail. ... > POP client - only the Exchange server for POP, ... > Internet - this is entirely different. ...
    (microsoft.public.exchange.admin)
  • Re: Windows Live Hotmail
    ... Inbox via Outlook Express. ... that you download Windows Live Mail, ... client that has the familiarity of Outlook Express and much ... plus other e-mail accounts that support ...
    (microsoft.public.internet.mail)
  • Re: How to set up DCOM properly to allow server and client connect remotely
    ... their accounts if said accounts have the same username ... I need to know how to set up DCOM properly so the OPC server and client ... local user ...
    (microsoft.public.win32.programmer.ole)