On 4/23/06, isp@xxxxxxxxxxx <isp@xxxxxxxxxxx> wrote: > Hello, > > I am new here. I am working in an ISP. I like to know that how can I > prevent user to use multiple computer with single internet connection? I > have searched on the web and found nothing. > > I think it is only possible by detecting different TTL value that comes > from same IP address. And I didn't get any thing from the web. I like to > know that is it possible to do with IPTABLES? It is possible but a flawed solution for several reasons: 1) You can use an iptables patch to mangle/reset the TTL of all outgoing packets (even those of NATed machines), rendering such a check useless. 2) Your subscribers could spoof packets with varying TTL values to get other subscribers in trouble. 3) There are cases where a single computer would send outgoing packets with varying TTL values: traceroutes, sensitive/custom protocols, etc. Regarding the "problem" itself, remember that increasingly, more and more households will have wireless laptops in addition to desktop computers, separate computers for children, networked gaming consoles, etc. IMHO it would be preferable to adjust your pricing so you are profitable instead of cutting off an ever-growing demographic of multi-machine households. --Curby
