Le mercredi 03 mai 2006 à 13:53 +0800, Thomas Kuiper a écrit : > ISP's that filter are bad Agree. And thoses who are trying to prevent people from sharing their connection as well. But nevermind, such dinosaurs will extinguish by themselves. In France for instance, thoses who have been trying to enforce that have seen there clients leave for other ISP, so they had to stop and most actually droped the "sharing not allowed" clause from their contracts. Most of them even encourage that now :) > and ethernet isn't really designed to be secure for that. Link layer is not designed to be secure in any mean. > But thats wasn't question here. Whats your solution? Imho, ISP should not bother with how many hosts are behind a link. People won't subscribe 2 lines because they got 2 laptops at home :) Now, there's still something obscur to me behind OP question. What are we talking about ? People using a soho router so they can share their connection (I think it is the point, as TTL is discussed) ? People trying to get multiple IPs for multiple hosts from the same modem (case where we'll see different MAC addresses) ? First situation, no solution. But is there a point in trying to prevent this ? Connection sharing is imho something so well accepted nowadays... Traffic emitted is in complete user control so they can tweak any header field or parameter they want to fool ISP tracking. In particular, stuff like OpenBSD pf scrub[1] optionaly associated with modulate[2] (I don't see someone trying to figure out ISN generator class to spot multiple hosts though). A bit sad we do not have such things in Netfilter. BTW... Second situation, there are solutions. One deployed is PPPoE links, even for cable modems. If users have to set a PPP links, then you can restrict a given login to one tunnel at the same time, you can restrict one modem to establish one tunnel at the same time, you can attach BPF filter to you PPP link (to enforce source IP as an example), etc. [1] http://www.openbsd.org/faq/pf/scrub.html [2] http://www.openbsd.org/faq/pf/filter.html#state -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!