Re: Routing and Remote Access NAT - I need to modify TTL

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:uHmGkMX4JHA.1712@xxxxxxxxxxxxxxxxxxxxxxx
"George Valkov" <a@xxxxx> wrote in message
news:e6hBeqV4JHA.5728@xxxxxxxxxxxxxxxxxxxxxxx

Not just packets with NAT header. They modify all packets that pass
through
the gateway to my computer. Also because of the ARP poisoning they do, If
we
don't use static ARP, they also intercept the traffic between my computer
and my room-mate's. So if I ping his PC and receive TTL=0, this indicates
that he forgot to run the static-arp.cmd script and the gateway is
tampering
with the packets. We pay for two computers - each has own real IP and we
have a local switch in the room. 20% extra money for the second PC is okay
and we don't have to worry about anything.

I started this topic just for knowledge - to learn if it's possible to
route
the packets under Windows 2003 without discarding those with TTL=0.
Currently I don't need to use NAT. Any computer that may connect to my VPN
from the Internet already has access to Internet. ;-)

Thank You for Your time, Ace! If I find anything interesting on the topic,
I
shall post it here.


George Valkov

Hi George,

| Not that I know of directly using RRAS can you do this, but you've found
| 3rd party software that will. This is an interesting and unique issue that
I
| haven't seen before. Interesting because of the way your ISP hordes
| their connections and pretty much act like the cable TV companies with
| their old 'charge per machine' mentality as if they were TV sets. I guess
| they must be the only game in town, so they can do it! Boy, they must
| have a monopoly in Bulgaria!

| Good luck, George!

| Cheers!

| Ace



About 3 years ago the students were building their own free LANs
interconnecting computers on one or more blocks (hostel). Everyone who
joined, brought his/her own cabling and paid once just to cover the money
for a port of a switch. The bad thing was that organisation was poor, cables
were passing through windows and terraces and there were long cables from
one block to another. Some terraces did look like huge spider webs :-) WWW
;-)
A few ISPs were connected to the same LANs. Back then, the Internet was
slow, there were outages, viruses... It's was a wild and free network.

Then came megalan, as far as I heard they made some deal with the university
and became monopolist among the students town. Broke all the free networks.
Now there are no worms and the only one APR poisoning the network is the ISP
it self - they said to filter File and Printer Sharing and prevent worms
from spreading.

In fact the main reason for the ARP poisoning is to monitor all of the
traffic and determine if some of the clients wants to share the connection
or perform something that the ISP doesn't like. If a packet from
MAC-ADDRESS_A but IP_B arrives at the gateway, they consider that A is
trying to steal the IP of B, so they block access to the MAC-ADDRESS_A. I
wonder if they know that since custom MAC addresses can be assigned any bad
guy can cause denial of service on other clients by using their MAC with a
different IP, causing the security system to block MAC-ADDRESS_A. A client
can also set two computers to make a lot of traffic to each other, and
because of the ARP poisoning, that appears to be an innocent way to flood
the gateway. But they don't seem to understand how dangerous their security
measurements can be.

Good night, Ace!


George Valkov


.

Relevant Pages