dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1289

derekm
join:2008-02-26

derekm

Member

UBB, Overages, and malicious users

Here's a question... Does anyone know what the various residential ISP's policies are towards unsolicited traffic counting toward monthly usage caps?

Phrased another way, what if someone decided to hit me with (say) 1.5Mbps sustained, (possibly) spoofed, traffic (say ICMP or DNS). I might not notice it (most people aren't watching for this), but at the end of the month, I sure will.

1.5Mbps is enough that you might not even notice it speed-wise, but still adds up to ~486GB/mo. This could be big bucks.

An end-user can't block the traffic with their firewall, as just having the traffic transmitted to their firewall is the damage.

1. Do ISPs check for this?
2. Are you on the hook for it?
3. How can an end user possibly even prevent (and therefore be in control of it)?

I'm going to say:

1. no
2. yes
3. nothing

Can anyone show instances where this isn't the case?

What recourse is there, especially users with either known static IPs, or those who have dynamic IPs but participate in services where their current IP is easily discoverable?
prairiesky
join:2008-12-08
canada

prairiesky

Member

1) no, they're supposed to be a dumb pipe
2) yes, everything that goes through your modem counts
3) yes, turn off equipment when not using it.

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt to derekm

Premium Member

to derekm
Also add to that all advertising shown, whether it be static pictures, flash video, etc, count against your cap too. How nice eh?

None of this was argued during the UBB proceedings, despite myself and others talking about it...

I compare it to receiving ad flyers in your mailbox, and having to pay for their delivery... Nobody would ever have that, would they? Yet we get screwed for it on the internet.
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

web advertisers should subsidize ISP's for delivering their ads.. Much like TV and TV ads.. If advertisers don't want to pay then ads get blocked, everyone wins :P
MichelR
join:2011-07-03
Trois-Rivieres, QC

MichelR

Member

said by BoogaBooga:

web advertisers should subsidize ISP's for delivering their ads.. Much like TV and TV ads.. If advertisers don't want to pay then ads get blocked, everyone wins :P

Advertisers pay web sites so that you get their content for free (in most cases anyway).

The usage by ads is pretty low - a drop in the ocean.
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

I realize that. I was just sarcastic.

derekm
join:2008-02-26

derekm to prairiesky

Member

to prairiesky
said by prairiesky:

3) yes, turn off equipment when not using it.

That negates the promise of an 'always-on' connection, and static IP... Sure it would work - you can't hack a computer that's not turned on. You also can't use it.

Likewise, you could be hit with 10Mpbs instead, whenever you are on. (i.e. faster rate over shorter time frame)

This is especially pernicious, as consumer-grade routers won't ever show what type of traffic is coming in.

Obviously the other solution is to get an unlimited package, but if someone wanted to cause you trouble for a month or two... Especially on Cogeco with thier insane overages.
funny0
join:2010-12-22

funny0 to derekm

Member

to derekm
said by derekm:

Here's a question... Does anyone know what the various residential ISP's policies are towards unsolicited traffic counting toward monthly usage caps?

Phrased another way, what if someone decided to hit me with (say) 1.5Mbps sustained, (possibly) spoofed, traffic (say ICMP or DNS). I might not notice it (most people aren't watching for this), but at the end of the month, I sure will.

1.5Mbps is enough that you might not even notice it speed-wise, but still adds up to ~486GB/mo. This could be big bucks.

An end-user can't block the traffic with their firewall, as just having the traffic transmitted to their firewall is the damage.

1. Do ISPs check for this?
2. Are you on the hook for it?
3. How can an end user possibly even prevent (and therefore be in control of it)?

I'm going to say:

1. no
2. yes
3. nothing

Can anyone show instances where this isn't the case?

What recourse is there, especially users with either known static IPs, or those who have dynamic IPs but participate in services where their current IP is easily discoverable?

redirect traffic to local host
then they can spam hte crap out of themselves

btw her is a quiz for the smarties how can a 56 K connection completly overwelm a 5 megabit line

answer that and you are on your way to understanding that whom ever you made angry maybe you should not have and it actually is good to have LOTS of friends after all a single dos from one ip is easy to slap back

i had this happen when some argentinian with a OC 3 line decided to attack the united hackers website
i did the legal bit i contacted the host , hte host told me to contact uunet , uunet told me to contact the host and ever down time was costing me 150 bucks

well thats it i made a program gave that to 150 friends and emailed both the host and uunet back and said if they are unable to look after there users then i will look after myself and do not ask nor bother me about your laws in this regard.

a week later that argentine isp begged for US to stop.
-----
if you program your firewall and dont have a retarded one you can say all traffic from X ip is dropped , they need a real real real haeavy fast connection then to bother you... so that 1.5 megabit crawl might only use up 500K or less now that packet dropping is occuring and without a firewall your gonna really begin to feel that....

-----
and unless your using a ton of constant changing differing ips this lil trick wont work long

ive 12 year old software that in fact worked so well agaisnt even that type of attack that after an attack in a irc chat room of 1000 people i and the attacker were only ones left and when i tired of him i pressed a weeee button and poof he went away
and that was done 2 years back so dont tell me kids that dos know what they are always doing.

my question to you is ..what are you doing that would aggrivate someone enough to have htem go thorugh the trouble and potential legal issues of attacking you with such a pittance of bandwidth....

no really imagine a bot net of 1000 - 100 megabit servers and what that could do....thats the big leagues as they say....and there out there....

dillyhammer
START me up
Premium Member
join:2010-01-09
Scarborough, ON

dillyhammer to derekm

Premium Member

to derekm
said by derekm:

if someone wanted to cause you trouble for a month or two... Especially on Cogeco with thier insane overages.

Yup. Some anecdotal evidence that the modem doesn't necessarily need to be powered on for a user to actually, you know, incur usage.



Mike
funny0
join:2010-12-22

3 edits

funny0 to derekm

Member

to derekm
setup apache webserver , configure the httpd configs to only allow the offending ip and port and then use the webalzier to note traffic and then after a few days send all that data to cogeco and tell them you also will be contacting the RCMP for there fraud and abuse people, that you are not going to pay the overages in regard to this and htat cogeco should be looking into that spam / virus/bot on there end as a term of condition on your contract.

pretty sure that abuse is pretty well covered on most isp contracts.

otherwise lets all jsut hammer coneco ips until none of there users can afford to pay them .....
tell them the president of the united hackers told you this...
and make sure you do give your rcmp a call , just might be whomever is pestering more people and cogeco will then take you very seriously as it will be on another record that your doing all hte above ....

if this is occuring when you hav eno modem on film it for a week and date and time the film/video and then take cogeco to small claims court for fraud...
let htem deal with why and whom then.

oh and a week a video might require a terabyte hard drive on another pc to record it and get a local paper every day and just shove it in front ...be tactical and this is jsut total way to prove nafarious stuff...is up...

then cogeco can tell you what overages or bandwidth you used and you go OH REALLY....
the pain and suffering of all this might make me sue for 25 grand or take a class action on behalf of every cogeco user and go big on it.

derekm
join:2008-02-26

1 edit

derekm

Member

...

You are missing the point. DoS isn't the attack. Just usage service fees.

$100 of usage would be enough to piss me off. In fact, it's better if their service isn't affected, it would go undetected longer. No need for amplification.

How could a residential user even begin to 'prove' an attack after the fact?

Chances are, their D-LINK router is silently dropping the easily available 1.5Mbps garbage traffic.

End user won't know anything's up until the next time they check their usage.

EDIT: Also, I'm not being attacked. For a home user though, this is a nightmare.

kownter
@telus.net

kownter to derekm

Anon

to derekm
Well the issue here is if a ISP's modem(cable or dsl or stupid combo modem/router) decides to not play nice and instead of silently dropping unsolicited traffic(no ones home), it keeps saying 'hello, how may I help you?"

I think it was in the Hughesnet forum where occasionally people see their bandwidth draining and the fix was for hughesnet to change the IP of the users modem or something. But of course by the time the users noticed, half of their tiny cap was gone for the day, too late.

I can look in my router logs/live traffic and see all sorts of occasional random traffic. Filesharing, botnets, port probes. My router ignores it but if the ISP were to log what comes down a users pipe 'before' it hits the actual modem or router that could be expensive if it were a targeted attack.
On cable all your neighbors internet shiate is in the same pipe so the modem has to register it, unless of course in the case of a cloned cable modem running up your bandwidth limits and having to fight with the ISP to check their logs that should show two of the same modem macs are on at the same time(registered to you). »FBI Arrests Another Cable Modem Hacker [142] comments

Lets say your ISP uses an Ad injector in your Connection. Scumbag injection to white spaces on a page or even replacement of a webpages ads.
Mediacom and injection of ads. »Mediacom Injecting Their Ads Into Other Websites [94] comments

Ignorant Rogers injecting ads/system notices. »www.michaelgeist.ca/cont ··· 083/125/

Cogeco meter doesn't work due to wherever the heck they are using to monitor the bandwidth.
»stopthecap.com/2009/06/2 ··· nt-work/
Cloneman
join:2002-08-29
Montreal

Cloneman to derekm

Member

to derekm
I don't see charging for advertising bandwith as an issue unless bell media is providing the advertisement. When you pay for internet, you're paying for access to a network and whatever it might contain, controlled mainly by third parties.

At issue is weather the government should allow media companies making record profits to constrain internet usage for any purpose.

I'm a lot angrier at cell companies that make it really hard to set billing caps for pay per use services, especially roaming.