ISPs kicking routers off internet?

That depends entirely on the particular ISP, some have extremely convulated means of calculating usage, which seems to change on a month by month basis.

Gaz

Reply to
Gaz
Loading thread data ...

I already know. Do you want to know?

There isn't and there is no reason for them to do so.

Are you sure you don't lose internet?

Or a soft reboot.

It could be the fault of the isp but not deliberate.

Barry ===== Home page

formatting link

Reply to
Barry OGrady

Since ADSl routers and Ethernet modems use basically the same chip set and software I guess this is "Urban Myth and Legend". If you are daft enough to leave RIP or one of the routing protocols enable I guess they couold mess up the routing table, but thats easily sorted...

This is fairly typical of behaviour in marginal service areas...

Look up how to check the attenuation and noise level figures in you router then see if they are acceptable...

Reply to
David Wade

Not that it really matters, but I don't think they can really tell how many computers someone has if it is running a good OS that randomizes initial sequence numbers, they use the same OS on all their computers and their NAT allocates ports from the same ephemeral port range that the OS uses when it opens an outgoing connection. There shouldn't be any traffic difference between 4 people logged into one computer and 4 people on identical computers, nat-ed by the above computer.

(Of course, the real solution to dealing with an ISP that limits all sorts of things that aren't any of their business is to just dump them. There are still ISP's out there that effectively only limit one's overall bandwidth usage and any anti-social behavior, like spamming).

-wolfgang

Reply to
Wolfgang S. Rupprecht

Well, there's more exposed on the WAN side than just sequence numbers. The TCP time stamp can be used:

formatting link
formatting link
(search for 0x03-2 section)
formatting link
can assure you that whatever Comcast was doing, it worked well onough at the time with conventional consumer routers.

Reply to
Jeff Liebermann
[smip]

Not alot if you turn off the 5th beforehand ?? ;) Wonder how that would work if you placed another level of NAT indirection between the router and the internal kit ??

I can understand the rationale based on bandwidth arguments perhaps or ISP tiered-service levels and it may have worked if all ISPs thought the same way. Thankfully they don't. To be honest, that's something I've never had to check up on. Maybe I'm pissing off my ISP. Do they know ? Do they care ? What's the meaning of life etc...??

Rgds, S

Reply to
Steve Berry

Let's just say I have a thing about unenforceable rules and contract provisions. Trust by verify?

The TCP timestamp originates from the client computers are transparent to any number of NAT routers. However, if the ISP is using sequence numbers or IP socket ranges to guess the number of machines, the 2nd router would do a very effective job of hiding the clients. Everything to the main NAT router would appear to be coming from a single IP address (the 2nd NAT router).

I'm a big fan of metered service. I don't like subsidizing someone else file sharing habit.

Well, that's easy enough. Just call your ISP's support department and ask them if they're angry at you. That should break the monotony of their day.

Oh yes. Many ISP's do detailed traffic analysis to detect abuse. Individual users are not tracked unless the ISP suspects suspicious or criminal activity. However, to maintain privacy, the records and output are usually vaporized before the friendly and helpful government can confiscate them.

About abuse? Yes. About what you do on the internet, no.

42.
Reply to
Jeff Liebermann

If they did that, then I would just find another ISP. Of course, the router is mine. I would have my own modem too. But some users are stuck with a limited number of ISP(s) and cannot do that.

Duane :)

Reply to
Duane Arnold

Think I know you well enough by now to trust you on that one. ;) Besides I don't like exploding computers. Call me a party pooper if you wish.

Oh bugger !

So much for the chain of 35 routers in my bedrrom theory. ;)

The only really fair way I guess.

Time to check the T&Cs first. Unfortunately my ISPs Support team seem to know less about their network than I do ( and that's saying something ).

Dunno' what a friendly Govt is. Seem to remember there's some fairly recent legislative effort here in the UK to maintain user based ISP-Net activity logs for a period of X years apparently justified around the Prevention Of Terrorism Act. Not really my bag but a fairly obvious Avenue for them to go down.

Always thought it was 43 - darn it - wrong again. Thanks for the insight Jeff.

Cheers, S

Reply to
Steve Berry

Oops. It's "trust but verify". Gotta work on the proofreading.

"Trust me". It worked for Jimmy Carter. |

formatting link

No need to call support. We have the top 10 boiler plate answers for wireless problems. One of them is sure to work: |

formatting link

The meaning of life is 42. See: |

formatting link

Reply to
Jeff Liebermann

Where "well enough" was defined by some PHB to mean "sufficient to develop a new way to piss off our customers"? 8*)

Reply to
William P.N. Smith

Not for me-it's 69 .

Reply to
Steve Berry

Oh, I'm not doubting that at all. If someone silly was skirting the rules there are dozens of ways they can give themselves away. The simplest is the "browser-name, version, OS name and version" string that browsers send with every query. Count unique strings and you have the number of computers.

(Someone from the Chaff School of Countermeasures might be tempted to round-robin over every imaginable string and wonder if their automatic tools will flag the site as having 12,456 hosts and try to bill accordingly.)

Thanks for the links. I'd forgotten entirely about Bellovin's NAT paper and the TCP timestamps. (I do recall at the time thinking it was an awful lot of effort to hide something that was immaterial and I didn't pay much attention to all that stuff past that.)

Hitting up google to see what I missed, it looks like both can be dealt with in the kernel if the OS writers care to. The IP id leak can be solved completely and the TCP timestamp partially. I believe Openbsd randomizes the IP id, and modulates the TCP timestamp.

formatting link
MF: Stateful TCP normalization is a set of techniques to remove or resolve ambiguities in network traffic. One of the techniques most important to the average user is TCP timestamp modulation. Most operating systems with high performance networking include a timestamp in every TCP packet.

Since that timer starts ticking when the machine was booted, a server (or anyone in between) can look at a packet and know the machine's uptime. An attacker could look at a machine's responses to know it hasn't been rebooting since the last patch came out so it is probably still vulnerable. Alternately a stingy internet service provider that charges extra for home networks can look at all of the timestamps coming from a link and count the number of NATted machines by the number of unique timestamps. The PF firewall can scramble both uptime calculation and NAT detection by modulating the timestamps with a random number. There are a variety of other normalization techniques done and others still in development. #

If I were trying to hide my machines, turning off the optional tcp timestamps would be the most expedient way to keep any information from leaking at all.

-wolfgang

Reply to
Wolfgang S. Rupprecht

0791 Internet Protocol. J. Postel. September 1981. (Format: TXT=97779 bytes) (Obsoletes RFC0760) (Updated by RFC1349) (Also STD0005) (Status: STANDARD) 0793 Transmission Control Protocol. J. Postel. September 1981. (Format: TXT=172710 bytes) (Updated by RFC3168) (Also STD0007) (Status: STANDARD)

Each of those standards has a minimum 20 byte (and maximum of 60 bytes) in the headers, Looking at IP, if you want to establish a connection with some other host out there, 15 of those 20 bytes MUST be so. TCP only has 28 bits that must be exactly so. The problem is those other bits/bytes.

In spite of the standards shown above, every #### programmer that gets to play near the network stack has his own interpretation of the standards. And this is what allows fingerprinting a remote system that only sends one SYN packet. Any competent tool can do that. It's bad enough with competently written operating systems, but things really go downhill when microsoft gets involved. The tool I'm using right now has NINE GHODD4MN FINGERPRINTS FOR XP _ALONE_ (you can easily tell the service packs as one example). Lest someone think I'm bashing microsoft and there incompetent programmers, my tool is aware of no less that four fingerprints for Cisco routers, and four more for OpenBSD (and 13 for FreeBSD, 6 for NetBSD, and so on).

A few years ago, Friday, October 14 was World Standards Day -- in *some* countries. In America, it was observed on October 11th. In Finland, it was marked on October 13th. Italy planned a separate conference on standards for October 18th. -- after Shakib Otaqui

Isn't life so simple ;-)

Old guy

Reply to
Moe Trin

Yes, that's a given. That is also why I said "computers running the same OS". Someone that is going to cheat on the rules should at least try to do a good job at making all the computers look the same from the network. Then they only have to worry about synchronizing the hard things (like the tcp clock used in timestamps). Not sure why pf's NAT doesn't just adjust the timestamps to all have the same baseline.

-wolfgang

Reply to
Wolfgang S. Rupprecht

Hi Rob,

The problem with routers and service providers stems from the routers ability to check/renew its lease in timing intervals, routers have been known to deny their own service due to inefficient dhcp client.

Routers also have tendencies to overheat and often at that, the more you do and the longer its on are not helpful for its cpu, take a look at a cisco device for example - if you over utilize the cpu the potential for hanging the device is great causing a denial of service.

It helps to have more ram for queue space inside the device to handle the packet transmission, improper non matching MTU sizes - lots of small packets - mixes of jumbo packets can cause problems (someone has to break them up somewhere and sequence them)

The problems with routers lie in the device itself, firmware can fix a fair amount of problems however device construction and protocol limiting can also help even further.

If you were to setup a personal linux router i bet you the chances of powercycling the home built router are nil if you don't use the machine for personal :) - at least in my experience.

Hope this helps,

Chris

Reply to
chris

There's a very limited market demand for computers that don't let on how many they are and a much greater demand for computers that do what you tell them to. IMHO, the developers should spend more time making them work, and less time adding (mostly) useless features.

Yeah, Micro$oft is the worst offender, but no-one else is perfect...

Reply to
William P.N. Smith

All that's interesting - and no doubt correct - but ISPs _can_ limit the number of connections you can make. Typically browsers are able to make

4-10 connections concurrently. My plan with my ISP doesn't limit the number of computers I use, but _does_ limit me to 10 concurrent connections. Given that I personally could be using 1 for NNTP, 1 for POP/IMAP, 4 for a browser, and my router would be doing (at least) NTP and DNS, there isn't a lot left over for anyone else :-)
Reply to
Derek Broughton

I suppose it _could_ be. If it was handled more fairly. My ISP limits me to 160MB daily, before slowing the flow to a trickle. I'm sure many people get their 160MB every day. I'd like to get a full CD once every 6 months or so - which just isn't possible, unless I use a restartable download program, and fetch 120MB, or so, every day for 5+ days.

I think that's exactly what Jeff was talking about...

Reply to
Derek Broughton

Derek Broughton hath wroth:

Firefox: Punch into URL box: about:config Manually scroll down to (search doesn't work): network.http.max-connections-per-server Mine is at the default of 8

IE has "MaxConnectionsPerServer" buried in the registry somewhere, which is usually set to 4.

Ummm... it appears that your ISP is limiting the number of "services" (outgoing IP ports) and not the number of "connections" (unique connected IP addresses). I can't really be sure, but it looks like they just limit the number of outgoing IP ports you can open through their gateway router. 10 is very few and severely limiting.

Who's the ISP? Is it by IP or port number? How does it work? What happens when you go over? Client side filtering in the satellite router or at the ISP's router? If you hit a web page with a mess of off-site links, does it increment the count?

10 is really limiting. From my W2K box: C:\\>netstat -an | find "ESTABLISHED" | find /V "127.0.0.1" TCP 192.168.1.11:1029 72.58.89.48:36984 ESTABLISHED TCP 192.168.1.11:1074 205.188.7.138:5190 ESTABLISHED (a bunch deleted) TCP 192.168.1.11:1307 12.120.45.14:80 ESTABLISHED TCP 192.168.1.11:1309 12.120.45.14:80 ESTABLISHED

Mine shows about 20 outgoing port numbers with just 3 browser sessions, plus AIM and Skype. Do you pay money to have the ISP do this to you?

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.