Le mercredi 03 mai 2006 à 15:50 +0800, Thomas Kuiper a écrit : > But they can still use NAT behind a second router right? :-) I think the > whole connection sharing issues for ISP's is that they want to sell a second > account to someone else in that house. Its bogus cause one pays (normally) > for an agreed link speed (no matter how many computers are behind the router > and it will still be the same up/downlink speed to the ISP). Traffic amount > doesn't concern either as the user should have the right to use the line as > much as the contract allows. Agreed. As for the technical stuff, see situation 1... ISP do not have a single little technical solution to achieve that properly outside finding an effective RFC 3751 implementation. Soho manufacturers already ship MAC spoofing because ISPs are restricting their access to one MAC address and there's no easy way to change it afterward. If ISPs fall into analysing traffic to spot multiple hosts, they will ship traffic normalization as well, basicly TTL mangling for instance, or more (see previously mentionnned technics). > And how many ISP's are there who promise a certain speed but never deliver it... :) Quality of service... > Still, to remain netfilter related in this topic, its a security question if > its possible to force without third party software that only one computer > uses a link, and the question remains if its possible to do it with > netfilter (I doubt). The only trick I see is filtering out non default TTL values, basicly values that differs from mostly 32, 64 or 128 (but not restricted to). -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
