ISPs kicking routers off internet?

Discussion in 'Home Networking' started by Rob, Jul 18, 2006.

  1. Rob

    Barry OGrady Guest

    I already know. Do you want to know?
    There isn't and there is no reason for them to do so.
    Are you sure you don't lose internet?
    Or a soft reboot.
    It could be the fault of the isp but not deliberate.
    Barry
    =====
    Home page
    http://members.iinet.net.au/~barry.og
     
    Barry OGrady, Jul 18, 2006
    #21
    1. Advertisements

  2. Rob

    David Wade Guest

    Since ADSl routers and Ethernet modems use basically the same chip set and
    software I guess this is "Urban Myth and Legend". If you are daft enough to
    leave RIP or one of the routing protocols enable I guess they couold mess up
    the routing table, but thats easily sorted...

    This is fairly typical of behaviour in marginal service areas...
    Look up how to check the attenuation and noise level figures in you router
    then see if they are acceptable...
     
    David Wade, Jul 18, 2006
    #22
    1. Advertisements

  3. Not that it really matters, but I don't think they can really tell how
    many computers someone has if it is running a good OS that randomizes
    initial sequence numbers, they use the same OS on all their computers
    and their NAT allocates ports from the same ephemeral port range that
    the OS uses when it opens an outgoing connection. There shouldn't be
    any traffic difference between 4 people logged into one computer and 4
    people on identical computers, nat-ed by the above computer.

    (Of course, the real solution to dealing with an ISP that limits all
    sorts of things that aren't any of their business is to just dump
    them. There are still ISP's out there that effectively only limit
    one's overall bandwidth usage and any anti-social behavior, like
    spamming).

    -wolfgang
     
    Wolfgang S. Rupprecht, Jul 18, 2006
    #23
  4. Well, there's more exposed on the WAN side than just sequence numbers.
    The TCP time stamp can be used:
    http://pjf.jogger.pl/2006/03/28/ttmap-v.-0.1-pre/
    http://www.phrack.org/show.php?p=63&a=3 (search for 0x03-2 section)
    http://www.cs.columbia.edu/~smb/papers/fnat.pdf
    I can assure you that whatever Comcast was doing, it worked well
    onough at the time with conventional consumer routers.
     
    Jeff Liebermann, Jul 18, 2006
    #24
  5. Rob

    Steve Berry Guest

    [smip]
    Not alot if you turn off the 5th beforehand ?? ;)
    Wonder how that would work if you placed another level of NAT indirection
    between the router and the internal kit ??
    I can understand the rationale based on bandwidth arguments perhaps or ISP
    tiered-service levels and it may have worked if all ISPs thought the same
    way. Thankfully they don't. To be honest, that's something I've never had to
    check up on. Maybe I'm pissing off my ISP.
    Do they know ? Do they care ? What's the meaning of life etc...??

    Rgds, S
     
    Steve Berry, Jul 18, 2006
    #25
  6. Let's just say I have a thing about unenforceable rules and contract
    provisions. Trust by verify?
    The TCP timestamp originates from the client computers are transparent
    to any number of NAT routers. However, if the ISP is using sequence
    numbers or IP socket ranges to guess the number of machines, the 2nd
    router would do a very effective job of hiding the clients. Everything
    to the main NAT router would appear to be coming from a single IP
    address (the 2nd NAT router).
    I'm a big fan of metered service. I don't like subsidizing someone
    else file sharing habit.
    Well, that's easy enough. Just call your ISP's support department and
    ask them if they're angry at you. That should break the monotony of
    their day.
    Oh yes. Many ISP's do detailed traffic analysis to detect abuse.
    Individual users are not tracked unless the ISP suspects suspicious or
    criminal activity. However, to maintain privacy, the records and
    output are usually vaporized before the friendly and helpful
    government can confiscate them.
    About abuse? Yes. About what you do on the internet, no.
    42.
     
    Jeff Liebermann, Jul 18, 2006
    #26
  7. Rob

    Duane Arnold Guest

    If they did that, then I would just find another ISP. Of course, the
    router is mine. I would have my own modem too. But some users are stuck
    with a limited number of ISP(s) and cannot do that.

    Duane :)
     
    Duane Arnold, Jul 18, 2006
    #27
  8. Rob

    Steve Berry Guest

    Think I know you well enough by now to trust you on that one. ;)
    Besides I don't like exploding computers. Call me a party pooper if you
    wish.
    Oh bugger !
    So much for the chain of 35 routers in my bedrrom theory. ;)
    The only really fair way I guess.
    Time to check the T&Cs first. Unfortunately my ISPs Support team seem to
    know less about their network than I do ( and that's saying something ).
    Dunno' what a friendly Govt is.
    Seem to remember there's some fairly recent legislative effort here in the
    UK to maintain user based ISP-Net activity logs for a period of X years
    apparently justified around the Prevention Of Terrorism Act. Not really my
    bag but a fairly obvious Avenue for them to go down.
    Always thought it was 43 - darn it - wrong again.
    Thanks for the insight Jeff.
    Cheers, S
     
    Steve Berry, Jul 19, 2006
    #28
  9. Oops. It's "trust but verify". Gotta work on the proofreading.

    "Trust me". It worked for Jimmy Carter.
    | http://news.bbc.co.uk/onthisday/hi/dates/stories/november/3/newsid_3652000/3652348.stm
    No need to call support. We have the top 10 boiler plate answers for
    wireless problems. One of them is sure to work:
    | http://wireless.wikia.com/wiki/Fast_Fixes_to_Wi-Fi_Problems#Top_Ten_Fixes_to_Wi-Fi_Problems
    The meaning of life is 42. See:
    | http://en.wikipedia.org/wiki/The_Answer_to_Life,_the_Universe,_and_Everything
     
    Jeff Liebermann, Jul 19, 2006
    #29
  10. Where "well enough" was defined by some PHB to mean "sufficient to
    develop a new way to piss off our customers"? 8*)
     
    William P.N. Smith, Jul 19, 2006
    #30
  11. Rob

    Steve Berry Guest

    Steve Berry, Jul 19, 2006
    #31
  12. Oh, I'm not doubting that at all. If someone silly was skirting the
    rules there are dozens of ways they can give themselves away. The
    simplest is the "browser-name, version, OS name and version" string
    that browsers send with every query. Count unique strings and you
    have the number of computers.

    (Someone from the Chaff School of Countermeasures might be tempted to
    round-robin over every imaginable string and wonder if their automatic
    tools will flag the site as having 12,456 hosts and try to bill
    accordingly.)
    Thanks for the links. I'd forgotten entirely about Bellovin's NAT
    paper and the TCP timestamps. (I do recall at the time thinking it
    was an awful lot of effort to hide something that was immaterial and I
    didn't pay much attention to all that stuff past that.)

    Hitting up google to see what I missed, it looks like both can be
    dealt with in the kernel if the OS writers care to. The IP id leak
    can be solved completely and the TCP timestamp partially. I believe
    Openbsd randomizes the IP id, and modulates the TCP timestamp.

    http://www.onlamp.com/pub/a/bsd/2004/04/15/pf_developers.html

    MF: Stateful TCP normalization is a set of techniques to remove or
    resolve ambiguities in network traffic. One of the techniques most
    important to the average user is TCP timestamp modulation. Most
    operating systems with high performance networking include a
    timestamp in every TCP packet.

    Since that timer starts ticking when the machine was booted, a
    server (or anyone in between) can look at a packet and know the
    machine's uptime. An attacker could look at a machine's responses
    to know it hasn't been rebooting since the last patch came out so
    it is probably still vulnerable. Alternately a stingy internet
    service provider that charges extra for home networks can look at
    all of the timestamps coming from a link and count the number of
    NATted machines by the number of unique timestamps. The PF
    firewall can scramble both uptime calculation and NAT detection by
    modulating the timestamps with a random number. There are a
    variety of other normalization techniques done and others still in
    development. #

    If I were trying to hide my machines, turning off the optional tcp
    timestamps would be the most expedient way to keep any information
    from leaking at all.

    -wolfgang
     
    Wolfgang S. Rupprecht, Jul 19, 2006
    #32
  13. Rob

    Moe Trin Guest

    0791 Internet Protocol. J. Postel. September 1981. (Format: TXT=97779
    bytes) (Obsoletes RFC0760) (Updated by RFC1349) (Also STD0005)
    (Status: STANDARD)

    0793 Transmission Control Protocol. J. Postel. September 1981.
    (Format: TXT=172710 bytes) (Updated by RFC3168) (Also STD0007)
    (Status: STANDARD)

    Each of those standards has a minimum 20 byte (and maximum of 60 bytes) in
    the headers, Looking at IP, if you want to establish a connection with some
    other host out there, 15 of those 20 bytes MUST be so. TCP only has 28 bits
    that must be exactly so. The problem is those other bits/bytes.

    In spite of the standards shown above, every #### programmer that gets to
    play near the network stack has his own interpretation of the standards. And
    this is what allows fingerprinting a remote system that only sends one SYN
    packet. Any competent tool can do that. It's bad enough with competently
    written operating systems, but things really go downhill when microsoft
    gets involved. The tool I'm using right now has NINE GHODD4MN FINGERPRINTS
    FOR XP _ALONE_ (you can easily tell the service packs as one example).
    Lest someone think I'm bashing microsoft and there incompetent programmers,
    my tool is aware of no less that four fingerprints for Cisco routers, and
    four more for OpenBSD (and 13 for FreeBSD, 6 for NetBSD, and so on).

    A few years ago, Friday, October 14 was World Standards Day -- in
    *some* countries. In America, it was observed on October 11th. In
    Finland, it was marked on October 13th. Italy planned a separate
    conference on standards for October 18th. -- after Shakib Otaqui

    Isn't life so simple ;-)

    Old guy
     
    Moe Trin, Jul 19, 2006
    #33
  14. Yes, that's a given. That is also why I said "computers running the
    same OS". Someone that is going to cheat on the rules should at least
    try to do a good job at making all the computers look the same from
    the network. Then they only have to worry about synchronizing the
    hard things (like the tcp clock used in timestamps). Not sure why
    pf's NAT doesn't just adjust the timestamps to all have the same
    baseline.

    -wolfgang
     
    Wolfgang S. Rupprecht, Jul 19, 2006
    #34
  15. Rob

    chris Guest

    Hi Rob,

    The problem with routers and service providers stems from the routers
    ability to check/renew its lease in timing intervals, routers have been
    known to deny their own service due to inefficient dhcp client.

    Routers also have tendencies to overheat and often at that, the more you
    do and the longer its on are not helpful for its cpu, take a look at a
    cisco device for example - if you over utilize the cpu the potential for
    hanging the device is great causing a denial of service.

    It helps to have more ram for queue space inside the device to handle
    the packet transmission, improper non matching MTU sizes - lots of small
    packets - mixes of jumbo packets can cause problems (someone has to
    break them up somewhere and sequence them)

    The problems with routers lie in the device itself, firmware can fix a
    fair amount of problems however device construction and protocol
    limiting can also help even further.

    If you were to setup a personal linux router i bet you the chances of
    powercycling the home built router are nil if you don't use the machine
    for personal :) - at least in my experience.

    Hope this helps,

    Chris
     
    chris, Jul 19, 2006
    #35
  16. Rob

    tinnews Guest

    Why, I use up to three different browsers at different times on the same
    computer.
     
    tinnews, Jul 19, 2006
    #36
  17. "Wolfgang S. Rupprecht"
    There's a very limited market demand for computers that don't let on
    how many they are and a much greater demand for computers that do what
    you tell them to. IMHO, the developers should spend more time making
    them work, and less time adding (mostly) useless features.

    Yeah, Micro$oft is the worst offender, but no-one else is perfect...
     
    William P.N. Smith, Jul 19, 2006
    #37
  18. All that's interesting - and no doubt correct - but ISPs _can_ limit the
    number of connections you can make. Typically browsers are able to make
    4-10 connections concurrently. My plan with my ISP doesn't limit the
    number of computers I use, but _does_ limit me to 10 concurrent
    connections. Given that I personally could be using 1 for NNTP, 1 for
    POP/IMAP, 4 for a browser, and my router would be doing (at least) NTP and
    DNS, there isn't a lot left over for anyone else :)
     
    Derek Broughton, Jul 19, 2006
    #38
  19. I suppose it _could_ be. If it was handled more fairly. My ISP limits me
    to 160MB daily, before slowing the flow to a trickle. I'm sure many people
    get their 160MB every day. I'd like to get a full CD once every 6 months
    or so - which just isn't possible, unless I use a restartable download
    program, and fetch 120MB, or so, every day for 5+ days.
    I think that's exactly what Jeff was talking about...
     
    Derek Broughton, Jul 19, 2006
    #39
  20. Firefox:
    Punch into URL box:
    about:config
    Manually scroll down to (search doesn't work):
    network.http.max-connections-per-server
    Mine is at the default of 8

    IE has "MaxConnectionsPerServer" buried in the registry somewhere,
    which is usually set to 4.
    Ummm... it appears that your ISP is limiting the number of "services"
    (outgoing IP ports) and not the number of "connections" (unique
    connected IP addresses). I can't really be sure, but it looks like
    they just limit the number of outgoing IP ports you can open through
    their gateway router. 10 is very few and severely limiting.

    Who's the ISP? Is it by IP or port number? How does it work? What
    happens when you go over? Client side filtering in the satellite
    router or at the ISP's router? If you hit a web page with a mess of
    off-site links, does it increment the count?

    10 is really limiting. From my W2K box:
    C:\>netstat -an | find "ESTABLISHED" | find /V "127.0.0.1"
    TCP 192.168.1.11:1029 72.58.89.48:36984 ESTABLISHED
    TCP 192.168.1.11:1074 205.188.7.138:5190 ESTABLISHED
    (a bunch deleted)
    TCP 192.168.1.11:1307 12.120.45.14:80 ESTABLISHED
    TCP 192.168.1.11:1309 12.120.45.14:80 ESTABLISHED

    Mine shows about 20 outgoing port numbers with just 3 browser
    sessions, plus AIM and Skype. Do you pay money to have the ISP do
    this to you?
     
    Jeff Liebermann, Jul 19, 2006
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.