Date: Thu, 31 Jan 2002 16:09:47 -0600 From: Eric A. Hall <ehall@ehsco.com>
(Put "SlashDot" in the title, and the thread suffers the effect...)
"Bill Woodcock" <woody@zocalo.net> wrote:
Can you think of a way of doing it reliably? Anything that provides anything more than a guess?
Several ways:
Comcast has a mail server, they could poke at the HELO banners and other identifiers.
Can be overridden by an SMTP proxy. Relay the message, drop the old "Received:" lines, and perhaps mutate the message ID.
HTTP proxies indicating that multiple browsers are in use, especially if multiple platforms (Win95, WinXP, as simple
Can also be overriden by Squid, among others.
More than ~4 simultaneous TCP connections open at once.
I'm known to download four or five large tarballs, run a couple rsync sessions, and browse the Web with multiple browser windows... all simultaneously.
None of those would be bothered by firewalls or other legitimate devices, and would probably all be within a legally-defensible purview of ~analysis.
Perhaps... but false negatives and positives alike are trivial. [ snip ]
This is hard because they are selling bandwidth ("watch video") so they can't really cap the downloads, and they are selling always-on so they can't measure by time conveniently either. So they try to get the "bandwidth hogs" through contractual means. Comcast prohibits VPNs, and prohibits ~"attaching to another network", as examples. If you use too much bandwidth, they will use these to drop your service.
There it is... how many bits is the customer actually moving? As for the person who mentioned modifying Linux IP code to alter the port range... it's a simple set of sysctl tunables in BSD (at least FreeBSD). Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.