Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15


62 posts

Master Geek
+1 received by user: 2


  Reply # 522424 17-Sep-2011 18:41
Send private message

DonGould: But what's really going on here is that people are putting extra goods in your cart while you are walking around the store that they think you might like.  The Weetbix rep drops some of his new cereal in, the Coke guy drops a few bottles of a new flavor in, etc.

You get to the till but because the till isn't reading/presenting the goods correctly, you're just not noticing until you get the updated account at the end of the month or when ever.

In good faith you've made a number of really obvious requests.

* Can you please stop these people from dropping in my trolly by not letting them in the super market?

"No, it's your job to block goods into the trolly as you shop"

* Can you please give me an accurate bill at the checkout?

"No"
 

Its the dropping stuff in my trolley and forcing me to buy it that seems blatantly unreasonable.

I think that the billing system is a red herring. It would help me detect the unwanted goods earlier, that's all. But either I have to pay for them or I don't. It seems that I do have to pay at the moment.

I don't hear anyone saying that TC will take the unwanted traffic off my bill if I can identify it. Nor do I hear anyone telling me how to identify the unwanted stuff easily.

BTW, my daughter is most unlikely to feel guilty about eating ice cream.

176 posts

Master Geek
+1 received by user: 11


  Reply # 522426 17-Sep-2011 18:53
Send private message

BiDi:
jnawk:Your cable modem acts as a dumb bridge device. If it receives a packet on one interface (cable), it spits it out the other (ethernet). It is the device at the other end of that ethernet connection that discards the packet. If that is your PC, and you are running windas, and you have the little network icon thingy, you'll notice the traffic.


First, the cable modem feeds our router. So, is it our router that drops the packet? If not, how does the router know which PC to send the packet on to? (Perhaps I should add that IP addresses are dynamically allocated by the router)

Second, I suppose that if I did connect a PC directly to the modem, then the metering software I have installed on all our machines now would 'see' all traffic. Although it still isn't clear to me what that would look like.

I don't understand:

jnawk:If that is your PC, and you are running windas, and you have the little network icon thingy, you'll notice the traffic.


How is my little network thingy going to alert me? It just sits there. If I'm on the computer, chances are I'm interacting with the network anyway, so what is going to alert me to unwanted incoming packets of considerable size (or number)?alongside?other traffic??


?


If you have your router configured with port forwarding rules / pinholes, and a packet arrives matching a rule, then the router knows where to send the packet. Outbound traffic creates an entry in a state table which the router uses to correlate what incoming packets are related to an existing outbound connection and from that to know what PC to route the packet to.
If, after all that, no rules exist, and no state table entries exist, then the packet is dropped (and depending on configuration, an ICMP port-unreachable message is optionally sent to the source).

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software


62 posts

Master Geek
+1 received by user: 2


  Reply # 522434 17-Sep-2011 19:11
Send private message

jnawk:  Outbound traffic creates an entry in a state table which the router uses to correlate what incoming packets are related to an existing outbound connection and from that to know what PC to route the packet to.


OK, so that manages an exchange of information, like me posting on GZ right now.

However, it was my action that initiated the exchange (and so I presume configured the state table).

Surely a random unsolicited packet does not correlate with an existing outbound connection? To do that sounds complicated, requiring some sort of dynamic info (rather than just my modem IP number, for eg)

jnawk: If, after all that, no rules exist, and no state table entries exist, then the packet is dropped (and depending on configuration, an ICMP port-unreachable message is optionally sent to the source).


So, in supermarket speak:

(incoming packet): "Did you order a palette of pork sausages?"

(router software): "No, so I'm just going to dump them in the trash" 

(incoming packet): "Whatever dude, you're paying"

Meanwhile, even though I might be browsing in the meat section, where I did pick up a packet of wiener schnitzel, would not be aware that there is a half ton of sausages out the back that are going to be billed to me.
 

176 posts

Master Geek
+1 received by user: 11


  Reply # 522438 17-Sep-2011 19:20
Send private message

In a nutshell, yes.

Of course, you can configure your router to forward packets of a particular nature to a particular machine - for instance, you might run a web server.

3888 posts

Uber Geek
+1 received by user: 163


  Reply # 522494 17-Sep-2011 22:41
Send private message

BiDi:  Its the dropping stuff in my trolley and forcing me to buy it that seems blatantly unreasonable.


This is where the comparison starts to fall off the rails again. 

In this case the supermarket is arguing that what they're really charging you for is the use of the trolly and that you are responsible for keeping the unwanted stuff out of your trolly per the instructions they've verbally communicated and sent you via mail. 

Your inability to follow their instructions is not their fault, it's yours.  However while you are using the trolly they can't rent it to someone else so you need to get better focused on keeping as much of the rubbish out of your trolly.

They will further argue that they're renting you the trolly at such a rate to take into consideration the knowledge that some of the items are unwanted, but the over all cost of goods is lower than you would pay if you did your shopping at my Dairy.  So at the end of the day you are better off.


BiDi:
I think that the billing system is a red herring. It would help me detect the unwanted goods earlier, that's all. But either I have to pay for them or I don't. It seems that I do have to pay at the moment.


Yes, your objection is that they are not giving you any (automated or otherwise) vehicle to prevent the actions of the reps.

To translate back to HFC - your objection is that you have no control over firewall rules in the BRAS.

Ideally what you'd like is a system that lets you put rules into the firewall to block traffic with a range of parameters.

For example, you might like a system that blocks all traffic from Australia because you have no contacts in that country and no web sites you want to visit.

You might also want to include some automation.  Looking back at jnawk's comment.

jnawk: If, after all that, no rules exist, and no state table entries exist, then the packet is dropped (and depending on configuration, an ICMP port-unreachable message is optionally sent to the source).


Rather than sending a message to the source (which is a really bad idea because it can be abused for a DDOS attack), you cause your router to automatically insert a temporary firewall rule for 24 hours to block all traffic.

Like the DenyHosts tool that jnawk also talked about, you might want to share that information with the rest of us on the network and like 'friending' you on  GeekZone, I would follow your firewall rules and block traffic you block.

You have to be careful to balance this stuff or you block out the whole net quickly.  But you can automate the web stuff to just put up a warning message that the site is being blocked by the firewall and give you the option to over ride the blocks.  Of course this can have a negative impact on help desk as well if it doesn't work well or until customers become educated.



BiDi:
I don't hear anyone saying that TC will take the unwanted traffic off my bill if I can identify it. Nor do I hear anyone telling me how to identify the unwanted stuff easily.


Correct.

TC know that leaving is hard.  They know they're not loosing many (if any) customers over these sorts of issues.  People like you and me just come on web sites like GZ and moan about it but we don't actually leave, we just pay our bills, get annoyed, get over it and more on.

No one is telling you an easy way to identify the traffic because there isn't an easy cheap solution at present.  Every solution comes with some cost.

SNORT is a very effective tool to help manage the problem.  But it only blocks on your firewall and not the providers which means you still get hit with the traffic, but blocking it sooner might help a bit.

The problem with SNORT is that it doesn't run on a cheap $20 router as far as I'm aware.

It would be more helpful if the router functions were moved back into the core away from your home, and this might start to happen with some providers as IPv4 space becomes more expensive but presents a bunch of other issues that aren't currently supported in current CPE.

So we then need new CPE, which if we're doing that we may as well move to IPv6.  However if you follow the Nog lists you'd know that's going to come with a host of new problems that not everyone in the NOG community seems to understand how to deal with yet.

BiDi:
BTW, my daughter is most unlikely to feel guilty about eating ice cream.


Yes... perhaps I should have made a comment about your not being able to give her the normal weekly top up for her mobile phone.... something else I doubt she'll feel guilty about either, but might provoke some emotional response that may correlate in an inverse proportion the the glee of eating ice cream?






Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz




62 posts

Master Geek
+1 received by user: 2


  Reply # 522566 18-Sep-2011 09:51
Send private message

jnawk: Of course, you can configure your router to forward packets of a particular nature to a particular machine - for instance, you might run a web server.


Ah, thank you. I believe the penny may finally have dropped.

I have been looking at this from my point of view: a household with a few computers that require internet access. We initiate all exchanges of data (I think). We feel indignant that we should have to pay for spam that we didn't ask for.

In the supermarket analogy, we are consumers with trolleys, we never have any intention of putting things in other peoples trolleys. Even if they asked us to, we would not hear them.

However, our connection to the network allows us to be producers too (albeit with a speed limit), so it must allow unsolicited packets to be sent to us. Our ISP should allow this to happen. 

In the supermarket, our ISP does not try to second guess whether we are behaving as consumers, reps, or both. It allows us to do as we like.







 

BDFL - Memuneh
60006 posts

Uber Geek
+1 received by user: 11106

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 522568 18-Sep-2011 09:57
Send private message

BiDi: However, our connection to the network allows us to be producers too (albeit with a speed limit), so it must allow unsolicited packets to be sent to us. Our ISP should allow this to happen. 


I'd be really disappointed if the ISP didn't allow incoming connections to my IP. Of course there are many different cases: you could be running a web server, a content server (Windows Home Server, Pogoplug), P2P, email server, etc) or anything really. In many cases opening an outbound connection will invite inbound connections (P2P, TOR exit points, etc).

There were cases here on Geekzone of people complaining of high traffic utilisation, to then admit he had installed a software that act as a proxy service for some censored countries as part of a network (pretty much like TOR) and then he had "forgotten" about it until he saw the bill...


 




60 posts

Master Geek


  Reply # 522582 18-Sep-2011 10:47
Send private message

I don't think the ISP is going to change the way they record usage anytime soon, if the unwanted data/incoming spam you didn't request is becoming a burden i think the easiest path would be to request an ip address change rather than waste hours on the phone with tech support.

501 posts

Ultimate Geek
+1 received by user: 80

Subscriber

  Reply # 522589 18-Sep-2011 11:02
Send private message

earler in the week i posted i was going to be away and was going to turn off my CABLE MODEM to confirm claims of traffic while off... and the up date, NO DATA Noted or Billed during the course of having the modem of.

Hope this help those with issues

From a Cable Modem User In Christchurch





176 posts

Master Geek
+1 received by user: 11


  Reply # 522601 18-Sep-2011 11:28
Send private message

phantomdb: earler in the week i posted i was going to be away and was going to turn off my CABLE MODEM to confirm claims of traffic while off... and the up date, NO DATA Noted or Billed during the course of having the modem of.

Hope this help those with issues

From a Cable Modem User In Christchurch


Shoulda given us your IP address - we could all have started a (normal) ping. That way we would know there was actually some traffic going there..



62 posts

Master Geek
+1 received by user: 2


  Reply # 522665 18-Sep-2011 15:23
Send private message

I promised some hard data. Here it is.

I have logged the traffic on our 4 home computers using various versions of Netlimiter. I was not able to log usage on an iPod touch, but that traffic is quite small. 

The main finding is that there is NOT a significant difference between TC's metering and our data over the 7-day period. The TC download account is 7.9% above my estimate and the total traffic is 7.4% above what we measured. 

However, the information provided to me by TC bears no resemblance to what actually happened on an hour-by-hour, or even day-by-day basis. Here are the download results plotted for 3 consecutive days (in MB). The vertical axis  denotes the hour interval. The modem was always off after midnight until about 7am, so where TC has registered traffic I have included that, but I skipped the other wee small hours, so there are a few holes.



The next day:

 
and the next:

 

Now, really, would anyone believe a meter like that? It is purely for show. No information whatsoever. 

So, I no longer suspect that there is excessive unwanted traffic on our account. I do feel pissed that TC pretended their meter worked. It gave us reason to think that something sinister was going on and that has taken up a lot of our time. However, I cannot find evidence over a longer period of time that there are serious inaccuracies.

I suppose that a better test would be to monitor for a month and then look at my bill. However, Netlimiter was used in evaluation mode and will expire soon. I don't feel like buying it. Moreover, on XP, it does not export the data nicely. If anyone knows of a free metering application, with a friendly interface and the ability to export data to a spreadsheet, then I might reconsider.


 



62 posts

Master Geek
+1 received by user: 2


  Reply # 522666 18-Sep-2011 15:29
Send private message

phantomdb: earler in the week i posted i was going to be away and was going to turn off my CABLE MODEM to confirm claims of traffic while off... and the up date, NO DATA Noted or Billed during the course of having the modem of.

Hope this help those with issues

From a Cable Modem User In Christchurch

I suspect that you saw no data during that time because TC sporadically updates their meter. If there was really nothing, day after day, it will show that.

I guess that this is reassuring.

However, it does not alter my conclusion that the information TC displays as a function of time is nonsense. 

176 posts

Master Geek
+1 received by user: 11


  Reply # 522676 18-Sep-2011 16:09
Send private message

BiDi:
phantomdb: earler in the week i posted i was going to be away and was going to turn off my CABLE MODEM to confirm claims of traffic while off... and the up date, NO DATA Noted or Billed during the course of having the modem of.

Hope this help those with issues

From a Cable Modem User In Christchurch

I suspect that you saw no data during that time because TC sporadically updates their meter. If there was really nothing, day after day, it will show that.

I guess that this is reassuring.

However, it does not alter my conclusion that the information TC displays as a function of time is nonsense.?



So, all in all, a happy ending for OP, however, there is still unresolved the question of do you pay for traffic that did actually occur when the modem is off.. (ie, the incoming DoS, etc)



637 posts

Ultimate Geek
+1 received by user: 2

Trusted

  Reply # 522690 18-Sep-2011 16:54
Send private message

Wow. This thread has certainly gone off the rails some since I last looked at it.

I'm not even going to try deal with the analogies since that is a recipie for disaster.

I'll make the following points:

1. ISP billing is a nightmare and one of the more expensive parts of the business I've read articles about TelecomNZ spending $65million on an upgrade for their rating/mediation engines.

2. Generally speaking, ISP billing is going to under bill rather than over bill. This is due to the lossy nature of many protocols being used for billing, and the unreliability of picking counters up.

3. All billing should be driven by an active session. If you're billed for traffic while your router is unplugged (even if - in this case - your cable modem is still on), there is definitely a problem with session state in your ISP. If your router is online then you're fair game for billing.

4. When you're online - even if it is just your router - you're connected to the Internet. One of the benefits of the Internet is that it is an end-to-end bidirectional system, and you can receive traffic from anyone, even if you didn't ask for it. This is a good thing, not bad thing, but it does mean you can and will be billed for traffic you didn't want. This is not your ISP's problem.

5. Netflow shouldn't be used for billing. It's a sampled system that's unreliable and will only get worse as traffic rates increase.

6. You DO NOT want government intervention and regulation in telco billing unless you are prepared for much higher bills, and for it to take 10+ years to be implemented with little or no product development in the interim.

Wishing for regulation in this area is a bad, bad idea. The law of unexpected outcomes will fully apply.

7. Pushing for removal (or substantial increase) of billing data caps would really help resolve this sort of problem. If your data cap is 1TB - largely to prevent totally abusive use at a residential price point - then do you care if the meter is out slightly? Bonus for this is that it reduces operational cost for the ISPs significantly too!

176 posts

Master Geek
+1 received by user: 11


  Reply # 522762 18-Sep-2011 21:15
Send private message

PenultimateHop:
2. Generally speaking, ISP billing is going to under bill rather than over bill. This is due to the lossy nature of many protocols being used for billing, and the unreliability of picking counters up.


This attitude is not really acceptable - if the ISP undercharges, you are still paying for whatever traffic you've purchased. When the ISP overcharges, the people who get all up in arms are the people who have been carefully managing their traffic usage based on the tools the ISP provides. When overcharging occurs, it usually results in the user having extra to pay, usually for a reasonably significant amount of extra traffic (1-2GB at a pop).


PenultimateHop:
3. All billing should be driven by an active session. If you're billed for traffic while your router is unplugged (even if - in this case - your cable modem is still on), there is definitely a problem with session state in your ISP. If your router is online then you're fair game for billing.


+1, however, this has not actually been proven to be the case.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Shipments tumble as NZ phone upgrades slow
Posted 2-Mar-2018 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.