Question: How can a cable provider tell if you have a rout..

Archived from groups: alt.internet.wireless (More info?)

I have a friend of mine who got a letter from Comcast telling him that a
recent survey of his account indicated he had more than one IP address
active on his connection and that if he was running a network on it they
were going to charge him more money... how can they tell if this is so
if the router supposedly insulates the network through the use of NAT.
He has a D-Link DI-614 Wi-Fi router.
--

Ben E. Brady
http://www.clariondeveloper.com/wepgen
FREE! Effectively manage your Wi-Fi network.
Change your WEP keys often!

http://www.clariondeveloper.com/webcloak
FREE! Encrypt email addresses on your web site!
Keep spam bots from sending you spam!

http://www.firewallreporting.com
Personal firewall log analysis tools for
ZoneAlarm, BlackICE, WinRoute Pro and Windows XP
Take stock of your firewall settings and take action against intruders.

http://www.videoprofessorscam.com
Don't get stung by this scam!
23 answers Last reply
More about question cable provider rout
  1. Archived from groups: alt.internet.wireless (More info?)

    Ben E. Brady <y2kbrady-no-spam@yahoo.com> wrote in
    news:MPG.1b04b02af9e51c009896bf@news.comcast.giganews.com:

    > I have a friend of mine who got a letter from Comcast telling him that
    a
    > recent survey of his account indicated he had more than one IP address
    > active on his connection and that if he was running a network on it
    they
    > were going to charge him more money... how can they tell if this is so
    > if the router supposedly insulates the network through the use of NAT.
    > He has a D-Link DI-614 Wi-Fi router.

    I know that if I don't tell the Linksys router to *clone* the NIC MAC of
    the computer that was originally connected to the ISP's network, then any
    additional machines connected to the router the ISP will detect.

    When I clone the NIC's MAC into the router using the routers MAC Cloning
    feature, then the ISP cannot detect any additional machines with their
    NIC MAC's using the single IP issued by the ISP for my account that was
    provisioned for the original machine's NIC MAC.

    I think I also read something one time way back when about the ISP(s)
    wanting to install software on one's machine to *Better Serve you*, which
    I would think could track what's happening as well.

    Duane :)
  2. Archived from groups: alt.internet.wireless (More info?)

    In article <MPG.1b04b02af9e51c009896bf@news.comcast.giganews.com>,
    y2kbrady-no-spam@yahoo.com says...
    > I have a friend of mine who got a letter from Comcast telling him that a
    > recent survey of his account indicated he had more than one IP address
    > active on his connection and that if he was running a network on it they
    > were going to charge him more money... how can they tell if this is so
    > if the router supposedly insulates the network through the use of NAT.
    > He has a D-Link DI-614 Wi-Fi router.
    >
    Thanks to all who posted the information.
    My friend doesn't seem to be doing a whole lot in terms of his bandwidth
    so I have to assume they are interrogating the OUI of the router (DLink)
    and making the assumption that he's running a router. Comcast has a
    'home networking' option for which they charge an additional $7.00 a
    month.


    --

    Ben E. Brady
    http://www.clariondeveloper.com/wepgen
    FREE! Effectively manage your Wi-Fi network.
    Change your WEP keys often!

    http://www.clariondeveloper.com/webcloak
    FREE! Encrypt email addresses on your web site!
    Keep spam bots from sending you spam!

    http://www.firewallreporting.com
    Personal firewall log analysis tools for
    ZoneAlarm, BlackICE, WinRoute Pro and Windows XP
    Take stock of your firewall settings and take action against intruders.

    http://www.videoprofessorscam.com
    Don't get stung by this scam!
  3. Archived from groups: alt.internet.wireless (More info?)

    In message <MPG.1b04b02af9e51c009896bf@news.comcast.giganews.com>, Ben
    E. Brady <y2kbrady-no-spam@yahoo.com> writes
    >I have a friend of mine who got a letter from Comcast telling him that
    >a recent survey of his account indicated he had more than one IP
    >address active on his connection and that if he was running a network
    >on it they were going to charge him more money... how can they tell if
    >this is so if the router supposedly insulates the network through the
    >use of NAT. He has a D-Link DI-614 Wi-Fi router.

    Statistical analysis of the sequence numbers on IP packets can reveal
    how many clients are hiding behind some NAT implementations, I don't
    doubt there are other ways to guess as well. It is possible and not
    particularly hard to do though I'm surprised anyone is actually
    bothering, here in Britain I'm allowed 3 'devices' (not including
    routers) simultaneously using my connection. I can use as many as I like
    as long as its not simultaneous.

    Changing router probably won't help unless he can find one running BSD.

    Another possibility is that his WIFI has been compromised and someone is
    stealing enough bandwidth to alert Comcast and trigger a deeper
    investigation.
    --
    Paul Shirley: email unwelcome, reply by news
  4. Archived from groups: alt.internet.wireless (More info?)

    If your friend is using a router with NAT, then he is using only one global
    IP address. Although he is using multiple private, local IP addresses on
    the LAN, it is the nature of Port Address Translation (the flavor of NAT
    actually used by Residential Gateway routers) to translate all the local
    addresses to a single global address assigned to the router by the ISP's
    DHCP server.

    Most broadband ISPs don't care if you use a router, and they shouldn't. You
    are consuming only one IP address from their pool of addresses. The only
    possible objection to your running a network is the increased traffic. I
    have two issues with that: first, a single computer constantly downloading
    MP3s or whatever could easily cause as much traffic as a network of lower
    usage computers; second, if their real problem is with the level of traffic,
    then contractually regulate that directly.

    I have the same problem with ISPs that prohibit customers from running
    Internet-exposed servers. Don't tell me what content (as long as it's
    legal) that I can transfer. If their real problem is with the level of
    upload traffic, then contractually regulate that directly.

    Ron Bandes, CCNP, CTT+, etc.

    "Ben E. Brady" <y2kbrady-no-spam@yahoo.com> wrote in message
    news:MPG.1b04b02af9e51c009896bf@news.comcast.giganews.com...
    > I have a friend of mine who got a letter from Comcast telling him that a
    > recent survey of his account indicated he had more than one IP address
    > active on his connection and that if he was running a network on it they
    > were going to charge him more money... how can they tell if this is so
    > if the router supposedly insulates the network through the use of NAT.
    > He has a D-Link DI-614 Wi-Fi router.
    > --
    >
    > Ben E. Brady
  5. Archived from groups: alt.internet.wireless (More info?)

    Ben E. Brady <y2kbrady-no-spam@yahoo.com> wrote:

    > I have a friend of mine who got a letter from Comcast telling him that a
    > recent survey of his account indicated he had more than one IP address
    > active on his connection and that if he was running a network on it they
    > were going to charge him more money... how can they tell if this is so
    > if the router supposedly insulates the network through the use of NAT.
    > He has a D-Link DI-614 Wi-Fi router.

    In my opinion they cannot establish for certain that oen has more than 1
    PC hanging behind a router. Unless either you have installed software
    from the provider or have not setup the router correctly.

    So they are probably guessing because of the volume.


    --
    Groeten,

    Antonio (Voor email, verwijder X)
  6. Archived from groups: alt.internet.wireless (More info?)

    In message <jNLmc.156739$Gd3.41823521@news4.srv.hcvlny.cv.net>, Ron
    Bandes <RunderscoreBandes@yah00.com> writes
    >Then they would know reliably if you were using a router.

    Unless their TOC explicitly forbids routers it doesn't really matter if
    they detect one, its not evidence of multiple access, just a supporting
    clue. I'd guess something else actually got their attention, most likely
    a WiFi hijack and increased bandwidth use.
    --
    Paul Shirley: email unwelcome, reply by news
  7. Archived from groups: alt.internet.wireless (More info?)

    As Paul Shirley mentioned, a statistical analysis could reveal a connection
    pattern that indicates multiple hosts behind the NAT firewall. If any
    broadcast IP traffic leaks out from individual hosts behind the firewall, it
    could contain direct clues about the existence of multiple hosts. For
    example, if DHCP discover packets make it through, they contain sender MAC
    addresses that can be counted.

    Ron Bandes suggests that they are or should be more concerned with overall
    bandwidth consumption. I think that's actually the case. Time Warner, for
    example, provides cable modems with integrated wifi router. SBC provides
    wifi/ADSL integrated modems. They use wifi availability as a sales point,
    and therefore are acknowledging that they expect multiple clients behind the
    router.

    I don't use Comcast, so I don't know for sure, but I would be very surprised
    if it was merely the existence of multiple hosts that concerns them. They
    may think this person is reselling their service (acting as a neighborhood
    ISP), which almost certainly violates the home-user service agreement. And,
    if you routinely use large amounts of bandwidth, you get a nastygram.

    "Ben E. Brady" <y2kbrady-no-spam@yahoo.com> wrote in message
    news:MPG.1b04b02af9e51c009896bf@news.comcast.giganews.com...
    > I have a friend of mine who got a letter from Comcast telling him that a
    > recent survey of his account indicated he had more than one IP address
    > active on his connection and that if he was running a network on it they
    > were going to charge him more money... how can they tell if this is so
    > if the router supposedly insulates the network through the use of NAT.
    > He has a D-Link DI-614 Wi-Fi router.
    > --
    >
    > Ben E. Brady
    > http://www.clariondeveloper.com/wepgen
    > FREE! Effectively manage your Wi-Fi network.
    > Change your WEP keys often!
    >
    > http://www.clariondeveloper.com/webcloak
    > FREE! Encrypt email addresses on your web site!
    > Keep spam bots from sending you spam!
    >
    > http://www.firewallreporting.com
    > Personal firewall log analysis tools for
    > ZoneAlarm, BlackICE, WinRoute Pro and Windows XP
    > Take stock of your firewall settings and take action against intruders.
    >
    > http://www.videoprofessorscam.com
    > Don't get stung by this scam!
    >
    >
    >
  8. Archived from groups: alt.internet.wireless (More info?)

    Taking a moment's reflection, Ron Bandes mused:
    |
    | if their real
    | problem is with the level of traffic, then contractually regulate that
    | directly.

    You've raised the sticking point with me as well. Seems they advertise
    these great transfer rates, and then get a little dodgy if you actually use
    them to their full potential. For what I pay per month, I am granted 256
    upstream and 3000 downstream data rates. I get extremely close to those
    numbers in actual performance. However, if I were to have those rates
    peaked all the time, how long would it take for my ISP to start crying foul?
    My position: They advertised it, I bought it ... it's my prerogative to now
    use it.
  9. Archived from groups: alt.internet.wireless (More info?)

    mhicaoidh wrote:
    > Taking a moment's reflection, Ron Bandes mused:
    > |
    > | if their real
    > | problem is with the level of traffic, then contractually regulate that
    > | directly.
    >
    > You've raised the sticking point with me as well. Seems they advertise
    > these great transfer rates, and then get a little dodgy if you actually use
    > them to their full potential. For what I pay per month, I am granted 256
    > upstream and 3000 downstream data rates. I get extremely close to those
    > numbers in actual performance. However, if I were to have those rates
    > peaked all the time, how long would it take for my ISP to start crying foul?
    > My position: They advertised it, I bought it ... it's my prerogative to now
    > use it.
    >

    If you have DSL, a point-to-point link between you and the phone co.,
    then I don't care how much you use. But, if you share a cable with
    me and you hog the shared cable bandwidth, then I care. If you are
    piggy enough, somebody may care enough to rip the cable off of your
    house and stick it up your nose.
    --
    Cheers, Bob
  10. Archived from groups: alt.internet.wireless (More info?)

    I agree and the courts should enforce you being able to use it to whatever
    means you suit. By the ISPs being able to get out of thier words and say
    you have to not transfer as much hampers the market from coming up with
    competitive rates for heavy users. The courts forcing them to stick to
    their words would make it so soon they would have to say what they really
    mean and thus each would have to also be competitive for heavy users.


    "mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
    news:R_Nmc.38647$_41.3529359@attbi_s02...
    > Taking a moment's reflection, Ron Bandes mused:
    > |
    > | if their real
    > | problem is with the level of traffic, then contractually regulate that
    > | directly.
    >
    > You've raised the sticking point with me as well. Seems they
    advertise
    > these great transfer rates, and then get a little dodgy if you actually
    use
    > them to their full potential. For what I pay per month, I am granted 256
    > upstream and 3000 downstream data rates. I get extremely close to those
    > numbers in actual performance. However, if I were to have those rates
    > peaked all the time, how long would it take for my ISP to start crying
    foul?
    > My position: They advertised it, I bought it ... it's my prerogative to
    now
    > use it.
    >
    >
  11. Archived from groups: alt.internet.wireless (More info?)

    Ben E. Brady <y2kbrady-no-spam@yahoo.com> wrote:
    > I have a friend of mine who got a letter from Comcast telling him that a
    > recent survey of his account indicated he had more than one IP address
    > active on his connection and that if he was running a network on it they
    > were going to charge him more money... how can they tell if this is so
    > if the router supposedly insulates the network through the use of NAT.
    > He has a D-Link DI-614 Wi-Fi router.

    My carrier (MCHSI) doesn't care if I have a router, but I can only have one
    MAC address active at a time. When I called and asked about the router,
    they told me how to register it via web page, or they would do it for me.
    I just cloned the MAC of the PC that was already registered with them.

    Perhaps Comcast accepted the MAC of the router as a new MAC address,
    and now they see two, even though the old one is no longer in use.
    That would go along with the "more than one IP address" statement.
    If you are only using one router, with NAT turned on, you are only using
    one IP address.

    From each of the PCs on the network, try http://whatismyip.net
    They should all report the same IP address. This is the address of your
    NAT router. If you report more than one address, then the Comcast
    complaint is correct.

    Has your friend contacted Comcast and asked them not to issue more than one
    IP address? Has he asked about connecting a router?


    From a Windows Command prompt
    ipconfig /all | find "Phys"
    Physical Address. . . . . . . . . : 00-08-74-00-D8-00
    Physical Address. . . . . . . . . : 00-60-08-00-1E-00
    will show you the MAC addresses of your NICs.
    I have two in my PC.
    arp -a
    reveals only the MAC address of my router - 00-00-0c-00-ac-00
    This will show the other MACs on your local network, if you have communicated
    with them recently. Your router should always show up, and might be the
    only address that shows up.

    http://standards.ieee.org/regauth/oui/index.shtml
    is where you can identify the MAC addresses.
    Paste the first three couplets into the OUI search.
    In my case, that's 00-08-74, Dell, 00-60-08, 3Com, and 00-00-0c, Cisco.
  12. Archived from groups: alt.internet.wireless (More info?)

    Taking a moment's reflection, Bob Willard mused:
    |
    | If you have DSL, a point-to-point link between you and the phone co.,
    | then I don't care how much you use. But, if you share a cable with
    | me and you hog the shared cable bandwidth, then I care. If you are
    | piggy enough, somebody may care enough to rip the cable off of your
    | house and stick it up your nose.

    That's my point exactly. If they advertise that users will get a
    certain throughput, then they should bloody well make sure that the users
    *can* get that throughput ... regardless of what I or you do with our
    connections next door. Shared use aside, the infrastructure should be there
    to allow everyone on a shared node to receive the bandwidth their service
    was sold on.
  13. Archived from groups: alt.internet.wireless (More info?)

    In message <7VNmc.24937$9_1.6025@newssvr22.news.prodigy.com>, gary
    <pleasenospam@sbcglobal.net> writes
    >As Paul Shirley mentioned, a statistical analysis could reveal a
    >connection pattern that indicates multiple hosts behind the NAT
    >firewall. If any broadcast IP traffic leaks out from individual hosts
    >behind the firewall, it could contain direct clues about the existence
    >of multiple hosts. For example, if DHCP discover packets make it
    >through, they contain sender MAC addresses that can be counted.

    Here's how to do it using TTL values <http://www.sflow.org/detectNAT/>
    and using the IPid field
    <http://www.research.att.com/~smb/papers/fnat.pdf>

    Neither really counts as leaked traffic though a router should be
    rewriting the IPid.

    --
    Paul Shirley: email unwelcome, reply by news
  14. Archived from groups: alt.internet.wireless (More info?)

    In article <zOqNLSC8v+mAFwNk@chocolat.ntlworld.com>,
    paul.shirley@totally.invalid says...
    > In message <7VNmc.24937$9_1.6025@newssvr22.news.prodigy.com>, gary
    > <pleasenospam@sbcglobal.net> writes
    > >As Paul Shirley mentioned, a statistical analysis could reveal a
    > >connection pattern that indicates multiple hosts behind the NAT
    > >firewall. If any broadcast IP traffic leaks out from individual hosts
    > >behind the firewall, it could contain direct clues about the existence
    > >of multiple hosts. For example, if DHCP discover packets make it
    > >through, they contain sender MAC addresses that can be counted.
    >
    > Here's how to do it using TTL values <http://www.sflow.org/detectNAT/>
    > and using the IPid field
    > <http://www.research.att.com/~smb/papers/fnat.pdf>
    >
    > Neither really counts as leaked traffic though a router should be
    > rewriting the IPid.
    >
    I've been sitting here thinking about the situation with Harry (my
    friend) and it would seem that Comcast is simply out to screw the
    customer. Most of the other cable and DSL providers automatically assume
    that you will want to use a network.

    If someone were stupid enought to simply connect a hub to the cable
    modem and connect multiple computers to it, that would certainly be
    grounds for charging the extra $$$ but using a router should not
    penalize the customer. After all, there could be many, many instances
    where the user of a router is warrented even though there is only one
    computer connected to it. Say, increased security because a person
    doesn't trust software firewall running under Windows because they are
    vulnerable to attacks from behind the firewall due to exploits inherent
    in the OS itself. Just because one has a router hooked up does not mean
    they are using more resources or have more than one computer hooked up
    to it.

    --

    Ben E. Brady
    http://www.clariondeveloper.com/wepgen
    FREE! Effectively manage your Wi-Fi network.
    Change your WEP keys often!

    http://www.clariondeveloper.com/webcloak
    FREE! Encrypt email addresses on your web site!
    Keep spam bots from sending you spam!

    http://www.firewallreporting.com
    Personal firewall log analysis tools for
    ZoneAlarm, BlackICE, WinRoute Pro and Windows XP
    Take stock of your firewall settings and take action against intruders.

    http://www.videoprofessorscam.com
    Don't get stung by this scam!
  15. Archived from groups: alt.internet.wireless (More info?)

    Taking a moment's reflection, Ben E. Brady mused:
    |
    | I've been sitting here thinking about the situation with Harry (my
    | friend) and it would seem that Comcast is simply out to screw the
    | customer. Most of the other cable and DSL providers automatically assume
    | that you will want to use a network.

    If I was your friend, and I did only have one computer hooked up to the
    router, I would write a nasty letter back to Comcast using the points you
    mentioned in the portion I snipped from the above quote. Almost all other
    Cable/DSL providers take the view that the broadband service is provided to
    the house, not the individual user ... much like cable television. If you
    have a 2 cable ready TVs, all you need is a coax splitter to run to each.
    The cable company doesn't care.
  16. Archived from groups: alt.internet.wireless (More info?)

    "Paul Shirley" <paul.shirley@totally.invalid> wrote in message
    news:al33RVDKX1mAFw6C@chocolat.ntlworld.com...
    > In message <MPG.1b04b02af9e51c009896bf@news.comcast.giganews.com>, Ben
    > E. Brady <y2kbrady-no-spam@yahoo.com> writes
    > >I have a friend of mine who got a letter from Comcast telling him that
    > >a recent survey of his account indicated he had more than one IP
    > >address active on his connection and that if he was running a network
    > >on it they were going to charge him more money...

    Multiple IP addresses sounds like he doesnt have a router - just multiple
    devices - which should be simple for Comcast to find by looking in the DHCP
    / ARP records to see how many entries "point" at his connection.

    how can they tell if
    > >this is so if the router supposedly insulates the network through the
    > >use of NAT. He has a D-Link DI-614 Wi-Fi router.
    >
    > Statistical analysis of the sequence numbers on IP packets can reveal
    > how many clients are hiding behind some NAT implementations, I don't
    > doubt there are other ways to guess as well.

    Paul

    not sure i agree with the idea that you can tell.

    the analysis can at most tell how many IP stacks are hiding behind the
    router - several virtual machines on a single PC running something like
    VMware should look very similar.

    Also the stats analysis makes lots of assumptions about correlation between
    IP header fields - those things are buried down in the IP implementation,
    and most of them can vary in lots of different ways if whoever writes the
    stack changes the implementation.

    Finally - a really good router or firewall implementation tries to obscure
    everything - so it should try to hide such detail and / or randomise the
    results.....

    It is possible and not
    > particularly hard to do though I'm surprised anyone is actually
    > bothering, here in Britain I'm allowed 3 'devices' (not including
    > routers) simultaneously using my connection. I can use as many as I like
    > as long as its not simultaneous.

    same here - but i have to only use a single IP address.
    >
    > Changing router probably won't help unless he can find one running BSD.
    >
    > Another possibility is that his WIFI has been compromised and someone is
    > stealing enough bandwidth to alert Comcast and trigger a deeper
    > investigation.
    > --
    > Paul Shirley: email unwelcome, reply by news
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  17. Archived from groups: alt.internet.wireless (More info?)

    "Bob Willard" <BobwBSGS@TrashThis.comcast.net> wrote in message
    news:qkPmc.36958$Ia6.6418493@attbi_s03...
    > mhicaoidh wrote:
    > > Taking a moment's reflection, Ron Bandes mused:
    > > |
    > > | if their real
    > > | problem is with the level of traffic, then contractually regulate that
    > > | directly.
    > >
    > > You've raised the sticking point with me as well. Seems they
    advertise
    > > these great transfer rates, and then get a little dodgy if you actually
    use
    > > them to their full potential. For what I pay per month, I am granted
    256
    > > upstream and 3000 downstream data rates. I get extremely close to those
    > > numbers in actual performance. However, if I were to have those rates
    > > peaked all the time, how long would it take for my ISP to start crying
    foul?
    > > My position: They advertised it, I bought it ... it's my prerogative to
    now
    > > use it.

    the devil is often in the detail - you should have a bunch of different
    numbers that define the connection.

    my ISP publishes the worst case contention ratio (20:1 - NTL in the UK).

    So i pay for 600k (and i usually get that or close to it), but they only
    guarantee an average rate of 30 Kbps. if thats all they were giving in
    practice, they wouldnt have any customers....

    Finally, the ISP pays interconnect cost for the traffic interconnect to
    others ISPs (either in terms of transit costs, or equipment, fibre and other
    plumbing)- so if you get 3 Mbps, and use it 24/7 it is going to push their
    cost base up. I think this is what is really driving the ISPs to put limits
    on overall use - again NTL say they will talk to people regularly using over
    1 Gbyte per day.
    > >
    >
    > If you have DSL, a point-to-point link between you and the phone co.,
    > then I don't care how much you use.

    its not about bandwidth on that last link to your house, its about the
    overall interconnect from you out to the world. You cant build shared
    networks without contention somewhere.

    But, if you share a cable with
    > me and you hog the shared cable bandwidth, then I care. If you are
    > piggy enough, somebody may care enough to rip the cable off of your
    > house and stick it up your nose.

    here the cable companies limit the per user bandwidth to minimise cable
    "hogging" by heavy users (and to let them sell tiers of different access
    speeds).

    DSL may by "dedicated" to the DSLAM, but still be contended between the
    DSLAM and the main IP network.
    > --
    > Cheers, Bob
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  18. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 07 May 2004 13:02:07 GMT, in alt.internet.wireless , "Ron Bandes"
    <RunderscoreBandes @yah00.com> wrote:
    >I don't believe that if you don't clone the MAC address that the ISP can
    >actually "detect" your additional computers.


    They can - there's some research been done into this using packet sequence
    numbers. Its pretty tricky however, and does require some hefty analysis.
    Not likely an ISP would use it unless they *really* wanted your a*s on a
    plate.

    --
    Mark McIntyre
    CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
    CLC readme: <http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html>


    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
  19. Archived from groups: alt.internet.wireless (More info?)

    Mark McIntyre <markmcintyre@spamcop.net> wrote in
    news:tf3o90lnl49knes67phvgrhd8oseqvcugp@4ax.com:

    > On Fri, 07 May 2004 13:02:07 GMT, in alt.internet.wireless , "Ron
    > Bandes" <RunderscoreBandes @yah00.com> wrote:
    >>I don't believe that if you don't clone the MAC address that the ISP
    >>can actually "detect" your additional computers.
    >
    >
    >
    > They can - there's some research been done into this using packet
    > sequence numbers. Its pretty tricky however, and does require some
    > hefty analysis. Not likely an ISP would use it unless they *really*
    > wanted your a*s on a plate.
    >

    I don't know the particulars. But I hear that this can be done with a
    proxy server of some sort.

    I know for a fact, that if I didn't clone the NIC MAC into the router's
    WAN MAC feature, then the ISP knew about additional machines trying to
    access the network that didn't have the NIC MAC's for each additional
    machine registered. They don't do that anymore as I found out today and
    only look at the first device MAC behind the modem and that must be
    provisioned -- NIC, router or FW appliance MAC.

    Duane :)
  20. Archived from groups: alt.internet.wireless (More info?)

    In article
    <MPG.1b04b02af9e51c009896bf@news.comcast.giganews.com>
    , y2kbrady-no-spam@yahoo.com says...
    > I have a friend of mine who got a letter from Comcast telling him that a
    > recent survey of his account indicated he had more than one IP address
    > active on his connection and that if he was running a network on it they
    > were going to charge him more money... how can they tell if this is so
    > if the router supposedly insulates the network through the use of NAT.
    > He has a D-Link DI-614 Wi-Fi router.
    >


    Turn on block wan request so they can not see you.

    Register your router mac address instead of your
    computer mac address. They can then only see one
    side, the side of your router and it will block your
    lan side.
  21. Archived from groups: alt.internet.wireless (More info?)

    In message <qUTmc.817$Iz4.643@newsfe1-win>, shope
    <stephen_hope@xntlxworld.com> writes
    >Multiple IP addresses sounds like he doesnt have a router - just
    >multiple devices - which should be simple for Comcast to find by
    >looking in the DHCP / ARP records to see how many entries "point" at
    >his connection.

    From the original post
    >He has a D-Link DI-614 Wi-Fi router.

    Its still possible he connected the modem to a LAN port instead of the
    WAN port where its seeing all the internal IP addresses, including the
    routers own IP! If by some miracle that actually worked and if Comcast
    issued multiple IPs then they have a reasonable complaint. Seems a bit
    of a stretch though.
    --
    Paul Shirley: email unwelcome, reply by news
  22. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 7 May 2004 13:42:18 -0700, in alt.internet.wireless , Ben E. Brady
    <y2kbrady-no-spam@yahoo.com> wrote:

    >I've been sitting here thinking about the situation with Harry (my
    >friend) and it would seem that Comcast is simply out to screw the
    >customer.

    agreed.

    >penalize the customer. After all, there could be many, many instances
    >where the user of a router is warrented even though there is only one
    >computer connected to it. Say, increased security because a person
    >doesn't trust software firewall

    Thats your best bet - tell them you're running a hardware firewall.
    Meantime explore alternative providers, and if they get awkward you should
    threaten them with pulling your acct. Which do they prefer - some of your
    money or none of it.?


    --
    Mark McIntyre
    CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
    CLC readme: <http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html>


    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
  23. Archived from groups: alt.internet.wireless (More info?)

    If you have the motorola cable modem the try this address

    http://192.168.100.1/address.html

    There you can see the ip addresses that the modem knows about. If it
    knows of more than two, ( itself and the mac of your router) then
    somethings not hooked up right.
Ask a new question

Read More

Wireless Networking