how-to block ads
|
aryoba
Premium,MVM
join:2002-08-22
| Let's say A is down said by Covenant  :
If customer B who "borrows" customer's A settings to connect to the Internet, customer B needs to connect his router to customers A line. So there is no way for customer B to use the same settings as customer A unless customer B connects his router at customer's A site.
What if A is not using his account; and B borrows at this time; would B be able to connect using A's account from B's location?
If yes, how would the ISP find out if B was using A's instead of his own? | |
|  
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: Let's say A is down If there is no authentication occuring then there is no dynamic configuration occuring. All of the user's configuration is hard coded on the ISP's side in this case, so it is impossible for user B to steal user A's configuration. The ISP's router will not route user B's traffic because it is not configured for user A's settings on user B's interface.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." | |
| | aryoba
Premium,MVM
join:2002-08-22
| "Hard coded" said by rolande :
If there is no authentication occuring then there is no dynamic configuration occuring. All of the user's configuration is hard coded on the ISP's side in this case.
When you said "hard coded"; did it mean that the ISP always check all customer's MAC address before routing their traffic?
Or maybe there is another checking method? | |
| | |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: "Hard coded" They use static routing to the physical interface. The only way you could reuse user A's configuration is if you were physically connected to the same circuit. The ISP controls what traffic routes to where by the routes they add to their network. As a customer, you do not have control of these routes just by adding another user's configuration to your own network.
In a dynamic config scenario, the user authenticates either via PPP or PPPoE or something similar and all of the settings are passed to the client via a control protocol. The ISP's upstream router then dynamically inserts the new route into its routing tables and announces it to the rest of the ISP network using the local routing protocol. In that case, if you knew user A's username and password you could potentially steal their configuration and reuse it on another physical circuit and interface, since it is dynamically configured as a part of authentication.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." | |
| | | | aryoba
Premium,MVM
join:2002-08-22
| With both PPP and static routing said by rolande :
They use static routing to the physical interface. The only way you could reuse user A's configuration is if you were physically connected to the same circuit. The ISP controls what traffic routes to where by the routes they add to their network. As a customer, you do not have control of these routes just by adding another user's configuration to your own network.
In a dynamic config scenario, the user authenticates either via PPP or PPPoE or something similar and all of the settings are passed to the client via a control protocol. The ISP's upstream router then dynamically inserts the new route into its routing tables and announces it to the rest of the ISP network using the local routing protocol. In that case, if you knew user A's username and password you could potentially steal their configuration and reuse it on another physical circuit and interface, since it is dynamically configured as a part of authentication.
Some ISPs give out PPP settings to all their static IP customers. Does it mean the ISP router use static routing to physical interface AND authentication? | |
| 
Covenant
Premium,MVM
join:2003-07-01
England
| I will assume this is a typical xdsl environment, so all users connect to a dslam. The dslam contains linecards that have modem ports, not like dialup modems, but modems none-the less. This means that there is a dedicated connection or one-to-one ratio of client's to modems. The linecard usually has LEDs that indicated various status conditions on the ports. If you are doing ppp, they can verify your username and ip address as well at the datalink layer.
Now I have one question for you aryoba :
Why the interest in authentication and line security???? | |
| | | |
|
