How to avoid users in my LAN to share internet access by using router.

Hi all,

I have got LAN network with access to internet by linux router/NAT
(debian 2.4.20), and I found that couple of my users share their
access to another users. That users decrease performance of my network
a lot. I must check and avoid connecting more than one/two computers
behind the users routers (linux or hardware machines).

I heard of using ttl in discovering ruters in the network and reading
http headers to find out more than one internet browsers.

please give me an advise how to do that or an idea where to find out
an answer.

best regards

On Mon, 23 Feb 2004 00:55:12 -0800, goody wrote:

> Hi all,
>
> I have got LAN network with access to internet by linux router/NAT
> (debian 2.4.20), and I found that couple of my users share their
> access to another users. That users decrease performance of my network
> a lot. I must check and avoid connecting more than one/two computers
> behind the users routers (linux or hardware machines).

Can't reliably be done. This is a social problem more than a technical
one. Talk to the users in question. Tell them that you would rather they
didn't provide others with access to your resources, and if they're not
willing to deal with that then they can find another network.

Assuming you're in a position to make that decision, anyways. When you
say "my users", what's the role you have and what's your arrangement or
contract with the users?

> I heard of using ttl in discovering ruters in the network and reading
> http headers to find out more than one internet browsers.

Don't. It's unreliable at best and buggy at worst. You'll never be able
to communicate with those hosts directly (reliably, anyways); the best
you'll manage is to count them, and even that's not going to be perfect.

--
Some say the Wired doesn't have political borders like the real world,
but there are far too many nonsense-spouting anarchists or idiots who
think that pranks are a revolution.

Owen Jacobson <(E-Mail Removed)> wrote:
> On Mon, 23 Feb 2004 00:55:12 -0800, goody wrote:

>> I heard of using ttl in discovering ruters in the network and reading
>> http headers to find out more than one internet browsers.
>
> Don't. It's unreliable at best and buggy at worst. You'll never be able
> to communicate with those hosts directly (reliably, anyways); the best
> you'll manage is to count them, and even that's not going to be perfect.

An alternative way, (and probably not much better), of counting the
number of hosts behind a NAT is to graph the IP ID field. Since this
number increases for every IP packet sent. (It is used for fragmentation
and reassembly.)

Graphing these over time can show, visually, how many hosts there are
behind the NAT. You can see this by counting the number of "strokes"
that are made. You need to account for reinitialisation (reboot) and
counter reset (16-bit).

I've never used this method myself, but the paper looked interesting.

http://www.research.att.com/~smb/papers/fnat.pdf

--
Cameron Kerr
(E-Mail Removed) : http://nzgeeks.org/cameron/
Empowered by Perl!

On 2004-02-23, goody <mk-(E-Mail Removed)> wrote:
> Hi all,
>
> I have got LAN network with access to internet by linux router/NAT
> (debian 2.4.20), and I found that couple of my users share their
> access to another users. That users decrease performance of my network
> a lot. I must check and avoid connecting more than one/two computers
> behind the users routers (linux or hardware machines).
>
> I heard of using ttl in discovering ruters in the network and reading
> http headers to find out more than one internet browsers.
>
Sounds like a horrible solution, better to go with QoS[1] and re-prioritize
the traffic into a very low priority bucket; you could also use the IPTable
patch IPP2P[2] to identify P2P traffic and do the same with that.

This would enable sharing, but limit it to only fill any remaining bandwidth
you have. The alternative is to be blunt with IPP2P and drop all the P2P
traffic outright and this will not be a problem.

Regards

Alex

[1] http://www.lartc.org/
[2] http://rnvs.informatik.uni-leipzig.d.../index_en.html

Oh, it's almost impossible. The design of the TCP/IP is
that you can extend a network almost without restriction,
and we all are now enjoying this benefit. Major carriers
are leasing bandwidth to big ISPs, and ISPs are leasing
bandwidth to lower tier ISPs, and we are ultimately
connected to the Internet. You're effectively an n+1 tier
ISP, providing TCP/IP service to your users, and your users
are n+2 tier ISP, providing TCP/IP service to their users.
You all run NAT!

If you have a sure kill method to detect further sharing, I
bet most ISPs will employ the method in the first place, in
order to earn more money!

My 2 cents.

Stephen Wong @ Hong Kong.

On Mon, 23 Feb 2004, goody wrote:

> Hi all,
>
> I have got LAN network with access to internet by linux router/NAT
> (debian 2.4.20), and I found that couple of my users share their
> access to another users. That users decrease performance of my network
> a lot. I must check and avoid connecting more than one/two computers
> behind the users routers (linux or hardware machines).
>
> I heard of using ttl in discovering ruters in the network and reading
> http headers to find out more than one internet browsers.
>
> please give me an advise how to do that or an idea where to find out
> an answer.
>
> best regards
>

Yes, ip_p2p sounds great to find and manage p2p. Lins wich you send me
provide a lot of extra informations.

Martin

U¿ytkownik "Alexander Clouter" <(E-Mail Removed)> napisa³ w
wiadomo¶ci news:(E-Mail Removed)...
> On 2004-02-23, goody <mk-(E-Mail Removed)> wrote:
> > Hi all,
> >
> > I have got LAN network with access to internet by linux router/NAT
> > (debian 2.4.20), and I found that couple of my users share their
> > access to another users. That users decrease performance of my network
> > a lot. I must check and avoid connecting more than one/two computers
> > behind the users routers (linux or hardware machines).
> >
> > I heard of using ttl in discovering ruters in the network and reading
> > http headers to find out more than one internet browsers.
> >
> Sounds like a horrible solution, better to go with QoS[1] and
re-prioritize
> the traffic into a very low priority bucket; you could also use the
IPTable
> patch IPP2P[2] to identify P2P traffic and do the same with that.
>
> This would enable sharing, but limit it to only fill any remaining
bandwidth
> you have. The alternative is to be blunt with IPP2P and drop all the P2P
> traffic outright and this will not be a problem.
>
> Regards
>
> Alex
>
> [1] http://www.lartc.org/
> [2] http://rnvs.informatik.uni-leipzig.d.../index_en.html