 
ThirdShifter
Premium
join:2002-03-16
Vernon Rockville, CT | Comcast would be very happy Die comcast! die! | |
|
 | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD |  Re: Comcast would be very happy
said by ThirdShifter  :
Die comcast! die!
| |
|
| 
parasonic
I Am Not A Bot
join:2002-03-29
Atlanta, GA
clubs: | Who said that ConCash is doing this? | |
|
succinctly put
@207.99.x.x
| Rolling my own This is why I am now 'rolling my own' GNU/Linux iptables based router. It will look like a single computer no matter how they try to analyze the packets. Even down to the single MAC address.
Good thing I live in NJ where we don't (to my best knowledge) have any S-DMCA proposals yet.
And if/when we do, as others have said, they'll have to pry my NAT router out of my cold dead hands. | |
|
| hescominsoon
join:2003-02-18
Brunswick, MD | Re: Rolling my own so far this is easy to defeat..do not let NAT decrement the counter..and use a firewall(either in the NAT box itself or the clients) that block OS fingerprinting..problem solved.
--
God Blesshttp://www.faithwalk.org | |
|
| | |
| | | DonLibes
Premium,ExMod 2001
join:2003-01-19 | Re: Rolling my own I think the reference to decrementing the counter was a reference to TTL. But that's not how Bellovin's technique worked. | |
|
| | | |
| | | |
succintly put
@207.99.x.x
| Re: Rolling my own Iptables supports 'packet mangling' as just one of it's many functions. Packet mangling changes the packet headers.
You can get a lot more advice and help in the 'All Things Unix' forum. I -may- get a friend to write and post a 'how-to' in ATU when I'm done. 'nuff said. | |
|
| | | | | 
amenite
The Soylent - It's People
Premium
join:2002-11-21
Ridgewood, NJ
clubs:
| Re: Rolling my own said by succintly put:
...
You can get a lot more advice and help in the 'All Things Unix' forum. I -may- get a friend to write and post a 'how-to' in ATU when I'm done. 'nuff said.
That would be excellent, the topic is a little obscure to many of us.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay.-Thunderclese | |
|
| | |
| | |
amenite
The Soylent - It's People
Premium
join:2002-11-21
Ridgewood, NJ
clubs:
| Re: Rolling my own said by pvale :
What if you are running 2 NAT devices in series? I'm running a Freesco PC-made-into-router, feeding a Netgear RT314, and my machines are connected behind the Netgear box. I haven't read the mentioned paper, but the only ID that would show on the WAN side of the Freesco would be the Netgear's. Since Freesco is built on a small Linux distribution, I'm sure I can change what it does/reports.
The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device. It only has to do with the IP address in that you would be monitoring/analyzing the all packet headers originating from a particular IP address.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay.-Thunderclese | |
|
| | | | 
AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO
 ·Comcast
| Re: Rolling my own said by amenite :
The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device.
Are the IPid's not assigned by the NAT device? Seems like they would have to be. (so the NAT device could send the packets to the correct IP in the LAN) | |
|
| | | | | |
| | | | | |
AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO | Re: Rolling my own Thanks, I reread it and much clearer now. You are correct. | |
|
| vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
 ·Verizon FIOS
| Linux routing definatly would come in handly with a situation like this. Also someone will market a router and switch that is "privacy enabled" so that they wont be able to see it anyways.
Comcast will make their enimes rich if they persue this avenue.
Remeber, Hack the Crack, Crack the Hack never ending cycle.
vic102482 made that up!! remember that lol.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
|
| 
aurgathor
join:2002-12-01
Bothell, WA
 ·Verizon west (ex G..
| Re: I'm glad Mine too. I think they even have some rebate forms on their website for a handful of routers. 
BTW, after reading the papers, it seems to me that completely stealthing the PCs behind a NAT box may not be a trivial exercise. | |
|
| | |
|
| iamgod1
join:2001-01-28
Bronx, NY
| Re: They need to make up their minds please dont give them any ideas!!! charging for different apps that utilitze the connection, oh lord, can you imagine that!! speaking of such, whatever happened to the email bill that was floating around last year? something about charging people who email since the revenue from postal mail decreased due to people using email now...
it seems as though everytime consumers find something that saves us money and make our lives simpler companies think they can change and charge for a service that has been working with no problems. either were suffering in paying taxes to support/not support legislation (depending on what bill is being pushed or we suffer because the companies tries to get even by decreasing service or support for their products... no win situation... i know some people are saying to vote in the right politicians but what happens when these changes are made at the beginning of their term? it just sucks.. just my 2 cents.. with all this capping thats being done by cable companies i wont be suprised it they try to cap your internet use!!! | |
|
| | |
| | | iamgod1
join:2001-01-28
Bronx, NY | Re: They need to make up their minds thx iggy!!! | |
|
averagedude
join:2002-01-30
Mesa, AZ
·Cox HSI
| Good 'Ol Days I remember when the TV cable guys would try to "count" how many TV sets you had by using signal bleed. If they couldn't, they would use an old trick - disconnect your cable, you call for service, they say it is inside and could they take a look for free, then count how many TV's you had inside, then they would hook cable back up, say all fixed, and bill for every outlet.
Didn't Ma Bell use to charge for every telephone outlet before they were found to be a monopoly?
Nobody liked being nickel and dimmed then, and nobody likes it now. | |
|
| |
justvisiting
@rr.com | Just one pC Perhaps I should run a dual-monitor PC with "extra-keyboard-&-mouse" splitters and emulation software and multiple instances of web browser so that many processes and people could use JUST THE ONE PC to access the internet.... ? | |
|
|
Marine in desert
@adelphia.net
| Wireless people This seems very unfair to me. I am in the military and live in government housing. I have one cable inlet into my house ( going to tv). Now, unless I want wires everywhere, I have to put my computer right next to my t.v. right? No way, that's why I bought all my wireless adapters and routers! I f everyone takes a stand there will be a decision made like the original cable case mentioned in earlier posts. Down with monopolies!!!!  | |
|
| 
MrTangent
join:2001-12-28
Earth
| Re: Wireless people said by Marine in desert:
Down with monopolies!!!!
I hope you're not using Microsoft products. Because if you are, then you're supporting a monopoly (that was found guilty of being so by the U.S. Government).
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength" | |
|
| | scorpiox
join:2002-05-05
Bristol, CT | Re: Wireless people I use microsoft products but i havent ever spent a dime on microsoft products so how am I supporting them?
P.S.
the RIAA and Disney and MicroSoft can all eat me | |
|
| | | |
njuser
@datalife.com
| Just use a tweak tool and up your TTL by 1? As I read it, the counting of hosts depends on "known" values of TTL being decreased by a NAT box. Why not just use one of the many "tweaking" tools to up your TTL by one - then the NAT box appears as if it were your Windows box...
Of course, the "high port numbers" would show up from some NAT boxes..... | |
|
| 
NetGeek6
Who?? Me??
Premium
join:2000-02-22
Mount Clemens, MI
| Re: Just use a tweak tool and up your TTL by 1? This is NOT the TTL they are talking about, it's the ID portion of the the IP packet header.
Look at the following RFC »www.faqs.org/rfcs/rfc791.html
which explains the IP packet. Page 8 has a diagram of the sections of the packet, and Page 10 talks about the identificaition section of the packet.
When a machine sends out packets, they put a number (somewhat random) into this section of the packet, and incrament it for each packet after that. This helps the reciever put the packets back into the proper order (this is needed because not all packets always take the same route, so some later packets can actually arrive before earlier packets, so they need something to identify what order then need to be reassembled in)
Mangling this CAN be done, but some higher end firewalls and Linux type NAT boxes, but they have to track it in a very percise order, to make sure that the packets ID numbers still make some sense.
This method of identifying multiple machines works by relaying on the fact that each machine will be sending out packets in order, but will be in different number ranges. I.E. if you see 9 packets, and 3 have IDs of 55,56,57, 3 have ID's of 1001, 1002, 1003, and 3 have ID's on 50000,50001,50002, you can sort of determine that there are 3 machines. It's a bit more complex then this, but this is an simplification.
--NetGeek
--
I'm not even suppose to BE here today!!! | |
|
| |
succinctly put
@207.99.x.x | Re: Just use a tweak tool and up your TTL by 1? Excellent explanation. But I think you meant to use the word 'by' instead of 'but' in the following.
"Mangling this CAN be done, but some higher end firewalls and Linux type NAT boxes, ..." | |
|
| | 
DSLTech
join:2000-12-30
San Jose, CA | Good stuff, but how far are we going to go in dismantling and modifying the way packets travel before we're adding more overhead, modifying OSI standards, etc.. when will it all stop. | |
|
USR56K
join:2000-05-20
Seattle, WA
clubs: | change the TTL Why not just change your TTL value to something nonstandard? | |
|
russotto
join:2000-10-05
Collegeville, PA
| NAT detection can be defeated Pre-increment the TTL on your OS and use pseudo-random packet ids (some BSDs) and you can eliminate the problem without changing the NAT. NAT which re-writes the packet IDs and doesn't decrement the TTL will work also. Of course the "Super-DMCA" legislation might make NAT improvements illegal.
Best is to use a provider which doesn't object to NAT, but when you're stuck with The Phone Company and/or The Cable Company, that's not always an option. | |
|
| jim78
join:2001-03-31
Clay, NY
|  Re: NAT detection can be defeated
When i had adelphia cable I told them I had a home network the tech even came to my house on a number of times to check poor pings and to run new cables to computer they never charged extra.
Now i moved to timewarrner roadrunner same thing they know i have a router and 4 computers on it there sign up page even says you can have extra computers on just if you want them to set them up there is a 1 time charge of about 20.00 per computer.
Its not something most isp want to check they only care if you uncap there modem (i did it worked for 6 hours before they turned me off,had to really beg to get it turned back on)and if you are one of those p2p superservers that use 114 gig a month like the guy i just read about in fourm.even he was told if he uses that much bandwith for 25.00 extra a month they would up his bandwith cap to 3000/512.
I think every one should forget about them somehow checking how many computers are behind a router because if the new DMCA laws pass routers will be outlawed | |
|
| | DonLibes
Premium,ExMod 2001
join:2003-01-19 | Re: NAT detection can be defeated Well the largest broadband ISP (Comcast) cares (so you should care). | |
|
| MrBentor
join:2003-02-18
Seattle, WA | Interestingly, one of my providers strongly encourages the use of NAT's and they discourage connecting any computer directly to the line. They say it is a bad idea to connect directly as it is poor security. | |
|
dallasdsl
@attbi.com
| bunch of crap this whole nat thing is a bunch of crap. how can the lawmakers even consider outlawing nat and firewalls. will it help anything?? not one little bit. under normal circumstances whatever you do is tagged with the public ip of your firewall/nat device. there is no reason to outlaw it. you have these idiots out there that think that people are hogging bandwidth due to nat. 1.5 is 1.5. it doesnt matter how many computers you have. for the normal user nat/firewalling does not hide anything. and for those out there that are spoofing and performing the illegal activities they really arent doing that behind a linksys broadband router or even a cisco for that matter. it is amazing how stupid some people can be when they consider doing these things. | |
|
yock
The Internet Is For Porn
Premium
join:2000-11-21
Fairfield, OH
| another angle I'd rather sit back and watch closely which providers invest in this technology, if any. I think you'd find it would the the ones hurting the most for cash. Broadband is still a tool for the computer geeks (for the most part) and you would upset a large portion of your userbase if you suddenly changed your TOS and billing agreement is such a radical way as to charge for each terminal connected to the network.
If they want to bill me for every terminal, I was static IP's and dedicated bandwidth for every workstation and server.
--
BBr SetiBBr Folding
BBr Gaming Clans
Dystopia | |
|
|
| sago
join:2001-12-19
edited
| Re: Don't swat at my gNAT. It must be easier for ISP's when customers use routers; there are less IP addresses they need to hand out. Also, with wireless being as popular as it is these days, routers are probably here to stay. Most ISP's allow home networking - they just don't offer tech support for it - I think home networking is probably here to stay.
I wonder if it would be feasible to try to figure out how many computers are behind a router. What would happen if the software detected more than one computer? Would the customer get cut off? Would they be forced to pay extra? And how reliable is this information? If the detection software makes a mistake what happens then? It doesn't seem to be 100% foolproof.
The ISP might be able to accomplish the same goals by setting monthly data transfer caps. Heavy users would be encouraged to switch to a more expensive plan, and beyond that, the ISP might start cutting people off. Also, because file sharing and peer-to-peer applications use up lots of bandwidth, monthly transfer limits might be considered as a way to discourage copyright infringement.
[text was edited by author 2003-04-24 19:30:28] | |
|
ricep5
Premium
join:2000-08-07
Jacksonville, FL
·Comcast Formerly ..
 ·AT&T CallVantage
·AT&T Southeast
| They can't catch Virtual PC They may catch how many hosts are NAT'ng on a router, but can they catch how many Virtual PC's you are running on your one PC?
I am getting worried about some of the "reactionary" headlines appearing here on BBR. Like John Dvorak on PCMAG, they seem to want to provoke you into posting instead of just providing the information. As John found out this week, just having PORN in your topic creates a 25% jump in reads and responses.
BBR is getting to be a The Paranoid Report at times. | |
|
| 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Budd Lake, NJ
| Re: They can't catch Virtual PC said by ricep5 :
They may catch how many hosts are NAT'ng on a router, but can they catch how many Virtual PC's you are running on your one PC?
If you're running something that truly makes virtual machines, like VMware or VirtualPC, yes.
I like that to enable scrubbing I just have to add one line to my OpenBSD firewall config. Those guys are so nice. | |
|
| | 
beerbum
Premium
join:2000-05-06
Here!
·Comcast
| Re: They can't catch Virtual PC said by sporkme :
I like that to enable scrubbing I just have to add one line to my OpenBSD firewall config. Those guys are so nice.
yup.. if this should ever become an issue I can just toss my linksys router and compile a recent version of IPFilter on my sparc.
Just like the RIAA fails to understand why they are and will lose the file-sharing battle, tracking down NAT will also be a losing battle, only because the Internet - as it was originally designed to do - will "route around" any "damage".
--
Even if you are anti-war.. You are still an "Infidel", and Bin Laden wants you dead too. | |
|
mrs213
join:2002-05-25
Pittsburgh, PA
| Comcast cares? Really? See, when I was with Comcast in MD, they simply wouldn't support my network. They knew I had an OpenBSD 3.0 firewall sitting on it, and multiple machines. Never cared. They said I could purchase 'additional IPs' for the other machines if I wanted. I understood this to be additional MAC addresses which were authorized to pull an IP address down.
Did something change? Or was I screwing with the ToS and never realized it? | |
|
| wullger
join:2002-12-24 | Re: Comcast cares? Really? you cant purchase a MAC addy--its hard coded onto your NIC.
And about the cable companies, etc caring about networks--Cox Cable(here at least) even -sells- home networking kits and will set it all up for you to use with their net service=) | |
|
| | mrs213
join:2002-05-25
Pittsburgh, PA
| Re: Comcast cares? Really? Nono, no. I know you can't buy MAC addresses. You could sign up *additional* MAC addresses (including your primary machine) to be able to DHCP an addy. So you could use a hub vs. a router.
AT&T BIS did the same thing (selling home networking kits). Most DSL companies don't seem to care. Comcast just seem determined to make an ass out of themselves. | |
|
Omega1963
join:2003-04-26
Pittsburgh, PA
| Jack Sprat configured his NAT. There seems to be a bit of confusion here about what
NAT is, routers, Etc.
NAT=Network Address Translation. (one public address
translated into private ip's feeding multiple boxes)
Also known (to linux people mostly) as IPMASQUERADING
IPMASQ is identical to NAT {afaik}.
I would also like to clarify that a "router" in the
consumer sense (linksys BEFSR series for instance).
That is being used to share a single IP is performing
NAT TRANSLATIONS, so in a sense router=nat.
My preference btw is FreeBSD (one of the OS's mentioned
that is able to obfusticate the packet id's.
I remember somewhere in one of my TOS's for a former
cable co that it was inferred that it was ok to use
multiple computers via a router/nat system as long as
you didn't resell the service to your neighbors!
I also remember a fellow on @home in California who
was running a web server operation and had like six
machines behind his linux box and they caught him and
spanked him for commercial rate times six machines.
I think they found him out via ARP tables or something
On a semi-related issue, for those running unix look
at a package called "port sentry", it can automatically
take action on port scanning events etc. In other words,
it can see a port scanner coming and DUCK, or better yet
black hole the ip of the scanner!
I have set this up for a few people who run web servers
on attbi since att is in the habit of PSing their WAN
sometimes several times per day. (ports from 1 to >10,000)
(I can understand looking for "servers" but the "server"
ports are all 1024, what are they doing in the tens of
thousands?) | |
|
hiked again
@attbi.com
| Comcast now offers multi user Home Networking Strange that Comcast suddenly offers a new Home Network service. Seems like you wouldn't need to pay for your Home Network if you can have multiple machines behind a NAT router. Comcast Home Networking gives you 5 machines access for:
$65.95 Comcast Cable customers
$80.95 non-Comcast Cable customers
If they wanted to sell this service, seems like they might be glad to able to "see"/terminate current NAT router interfaces with technology like this.
»online.comcast.net/products/home···view.asp | |
|
floxer
join:2003-04-27
SWEDEN
| Hmm Strange indeed... Isnt the IPid new and random for every new TCP-Connect??
It should be, and if it is, how can the sniffer differ from the different conns an ordinary browser does??
It should be that the NAT-box get a (e.g) tcp-conn packet, remember the ipid "hmm ip-id blalba, and its coming from 10.0.0.x. I'll remember that". When the incoming packets are coming back "Uhh, ip-id blabla(incremented) that should go to 10.0.0.x" I dont get it. Isn't the number just an random one to start with?? | |
|
bjbrock57
@cox.net
| NAT When I signed my contract for cable broadband, the only limitation was the bandwidth. When companies charge for a specific bandwidth, why should they care how many computers you have behind a NATting router? I am allowed a certain bandwidth. The way I choose to use that bandwidth is none of their business. | |
|
|
|
|
I'm glad
Re: I'm glad
·