Steven Lisson wrote:
Hi,
One way that NAT is often detectable is by looking at the TTL of packets from the one IP address, almost all packets coming from one system should have the same TTL, the nat'd machine will have a different TTL as it has to go an extra hop.
Find it unlikely they are using that to determine multiple machine and would also suggest what Gund did re changing the dial-in password.
If they are using that and using a linux machine as your gateway it is easy to overcome by using iptables to change the TTL on packets leaving the network to have the same TTL.
Regards, Steve
I would say that more than likely Gund is right.. Basically, my understanding of internet usage billing on dialup accounts is using a AAA server such as a TACACS+ or more likely a RADIUS server, and all the authentication server is interested in, is who you are, what you are allowed to do, and how long you have been authenticated. The fact that Xtra dialup accounts work on time based charging reflects the fact that they use this model. I can clearly see why Telecom charge for overlapping, one is so that a group of people don't decide to get an account and go halves with the cost (split it four ways, or whatever) and use the same dial in access collectively, and the other is so that someone doesn't try to do multi-linking (have two or more connections) in order to download/upload faster for the price of one connection - the provision for multi-linking would be there for ISDN users who wouldn't mind paying for overlapping usage. Basically, my intial reaction would be that someone has stolen (or at least inadvertantly using) you internet account and would do what Gund recommened.