Hardware Broadband Client Monitoring - An Overview

by psyk0mantis  (digital_shad0w@hotmail.com)

Picture this...

You are an average consumer.  Not too tech-savvy, just a regular old John (or Jane) Doe.  You have been living on dial-up for all your life, suffering at the insanely slow download speeds.  Then you catch wind of the fabled "broadband" phenomenon.  Downloading at 50 kbsp a second?  Could it be?  You instantly call up your telco and they activate DSL service to your line.

You are a handyman; you choose to install it yourself.  It's simple, right?  Couple of DSL filters for my regular phones, no biggie, right?  Well, the box comes and you're as happy as a kid on Christmas Day!  It's all set up now, and you're downloading at crazy speeds!

Amidst all of the happiness, a sinister plan has set in.

The perpetrator?  Your DSL provider.  Remember that box that you plugged the phone line and your computer into?  It's not just a "converter."  It's sniffing all traffic.  Every single packet is examined in its hardware, before it even gets to your computer.  The supposed purpose?  Buried in your service agreement, you find that it is in place to "make sure you have only one computer hooked ae to the line."  Sure.

Now, back to reality.

I have caught wind of rumors that DSL providers are thinking about rolling out such devices.  I'm going to present a possible solution, as well as possible hazards.  Keep in mind this is all in theory, but it seems to me that you could defeat the user number detection by using software routing and one-dedicated routing machine.

The connection would go from telco to your house, your wall socket to your DSL gateway, your gateway into one computer, acting as a router.  You now have a couple of options.  You could either have a NIC for each computer in your LAN (for smaller networks, no doubt), or you could have one NIC going to a hub's uplink port.  Remember, we shouldn't have to worry about user detection anymore since no hubs are seen by the gateway, but I would at least subnet to be on the safe side.  We don't know how smart these things are.

I believe this could work, since all the routing is done in a separate net that the packet sniffer doesn't "see."  It is only directly connected to one device and it looks like all packets are originating from the said device.

One thing that I know some of you are thinking: Why not just run from the gateway to a hardware router?  Well, I'm not sure how in-depth these devices will go.  If it does a full-out scan on a network device, it is possible to derive the OS running on the machine.  If it scans your Cisco router, it will report itself running version X of the Cisco IOS.  It then knows it's connected to another router, and could tell your telco as much.  Call me paranoid, but I am very careful about doing things my ISP could terminate my account for.

Given the chance, I would run a little experiment as well.

If you could make another computer initialize the PPPoE connection, you could put that machine between the DSL gateway (that does the sniffing) and the outside world.  Then you could log every connection the gateway tries to make and what was transmitted.  If it just sends a packet that says "Yes Mr. Telco, only one computer here!" then I'm sure there would be a way to emulate this in software, and you could completely eliminate the gateway.

Of course, this is probably not allowed in the *gasp!* TOS, but frankly, who gives a shit?  I don't want your hardware sniffing my Internet traffic, so screw you.

Could you imagine the possibilities of fraud with such a system?  What if I figured out how to send false gateway transmissions?  Remember that 13-year-old whose skateboard you drove over yesterday?  Today he's decided to emulate your gateway and tells your ISP that you're hosting a corporate LAN of 150 computers.  What if they start deciding what are "good" and "bad" websites/servers?  What if you go to 2600.com, stream an episode of Off The Hook, and/or check the speaker list of H2K2 and the following day the FBI breaks your door down and demands to know what you were doing at these websites?  the capacity is there, folks, and Big Brother is just itching to make an example of somebody.  Let's not give them the chance.

Well, that's my take on the system, and possible ways to defeat it.  If you couldn't tell, I don't take kindly to having my Internet traffic monitored, and neither should you.

Send any thoughts to digital_shad0w@hotmail.com, send flames to /dev/null.