[clug] How to prevent port forwarding

Martijn van Oosterhout kleptog at svana.org
Sat Apr 22 13:16:06 GMT 2006

On Sat, Apr 22, 2006 at 11:09:00PM +1000, Christopher Zhang wrote:
> Hi,
> I am interested to find out if it is possible, if so, how, that some  
> ISPs prevent 1 registered Internet user to distribute their Internet  
> connection by running their computer as a gateway for other users to  
> route through. The closest thing I can think of is TTL, since if  
> other hosts are routed through the legitimate host, then their TTL  
> will be at least be 1 less than if it were coming from the legitimate  
> host, without any artificial changes. Is this a plausible way for  
> ISPs ? Can anyone show me some iptables commands that the ISPs would  
> do? and also how can I change my TTLs and so on.

Given there is no standard TTL and it is also configurable, it's hard
to decide what a "good" TTL is. Secondly, a firewall could forward a
packet without decrementing the ttl, which will kill any such test.

There really is no way, since you can't see the client. I think ISPs
should simply accept it, four port ADSL routers are hardly uncommon.

Have a nice day,
Martijn van Oosterhout   <kleptog at svana.org>   http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20060422/b9ddf411/attachment.bin

More information about the linux mailing list