Vulnerability Development mailing list archives
Re: "download" caps
From: Jp Wise <jpwise () softhome net>
Date: Thu, 28 Nov 2002 00:22:28 +1300
Likewise as Peter said, traffic here in New Zealand (and I believe most of Australia also) has already moved most of the plans to a byte charged system. The user purchases an account with xyz MB/month, over & above that they pay so many cents per MB. Some having a different charging rate for national vs. international traffic. The national traffic being cheaper. Both the Cable & ADSL providers in NZ work around that philosphy. I've personally encountered exactly what you described. I ended up loosing 500mb on a 10gig/month plan at one stage, when someone decided to perform a mini DDOS. 500mb in 2 mins, on a 128kbit/s link. Most of the data never reached me, but as far as the ISP was concerned it was destined for me, so I get the bill for it. I should probably consider myself lucky they didn't leave it going for a couple of hours. But it's a case in point example of how easily it could affect someone. Not quite a vuln-dev type thing, but a seemingly steady trend in the ISP market. Jp. Peter Gutmann wrote:
J Edgar Hoover <zorch () totally righteous net> writes:I'm wondering if you could effectively DoS a capped account for a month by sending a lot of unrequested data.This has happened quite a lot here, with full-rate accounts where you get charged for traffic over a certain level, and rate-limited accounts with no charges. The traffic is billed based on what heads your way at the DSLAM, so you end up being billed for syn floods, traffic aimed at whoever last had your IP, etc etc etc. There are no figures on this, but from anecdotal evidence a large number of users are abandoning full-rate for rate-limited DSL which doesn't have this problem (I switched after DSLAM records showed I'd done 130MB of traffic in two days while my external router recorded < 30MB). It's a pain for everyone, users go from 8MB/s to 128Kb/s, and the provider loses a lot of revenue when people switch to the DOS-proof non-capped (and much cheaper because of the slow speed) accounts. One possible solution is to run at full rate until you've used your monthly quota, then switch to rate-limited, but apparently the DSLAM technology being used makes this impossible. Peter.
Current thread:
- "download" caps J Edgar Hoover (Nov 24)
- Re: "download" caps Luis Bruno (Nov 25)
- <Possible follow-ups>
- Re: "download" caps Peter Gutmann (Nov 25)
- Re: "download" caps Jp Wise (Nov 27)