[clug] How to prevent port forwarding
Martijn van Oosterhout
kleptog at svana.org
Sat Apr 22 13:16:06 GMT 2006
On Sat, Apr 22, 2006 at 11:09:00PM +1000, Christopher Zhang wrote:
> Hi,
>
> I am interested to find out if it is possible, if so, how, that some
> ISPs prevent 1 registered Internet user to distribute their Internet
> connection by running their computer as a gateway for other users to
> route through. The closest thing I can think of is TTL, since if
> other hosts are routed through the legitimate host, then their TTL
> will be at least be 1 less than if it were coming from the legitimate
> host, without any artificial changes. Is this a plausible way for
> ISPs ? Can anyone show me some iptables commands that the ISPs would
> do? and also how can I change my TTLs and so on.
Given there is no standard TTL and it is also configurable, it's hard
to decide what a "good" TTL is. Secondly, a firewall could forward a
packet without decrementing the ttl, which will kill any such test.
There really is no way, since you can't see the client. I think ISPs
should simply accept it, four port ADSL routers are hardly uncommon.
Have a nice day,
--
Martijn van Oosterhout <kleptog at svana.org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20060422/b9ddf411/attachment.bin
More information about the linux
mailing list