How do you steal bandwidth?

This question may seem a little odd, but I hope to gather some opinion on a networking issue. The question; is it possible to steal bandwidth and more specifically how would this be done? To discover the possibilities and the probable ways of perpetrating bandwidth theft may actually help my internet service provider (ISP) with an issue I have with them.

Basically the setup is a company has three 'modules' utilising bandwidth which is designated at a cost during peak business hours and there is free off peak-usage. It is the free off-peak usage which appears to be subject to bandwidth theft.

The company is on a set fee scheme of 1,750MB broadband usage during peak hours, with free usage after normal hours. Usage above the 1,750MB during peak hours is chargeable at US$95 per GB.

In Zimbabwe, the ISPs sometimes use what are termed internet access providers (IAP) who provide the 'communications' conduit between customer and ISP. In this case we are talking or provision of a WiMax radio signal to two modes and, until recently a copper ADSL link through the national telecommunications agency. Each is subcontracted by the ISP. There is no apparent password control of the conduit.

The client company has suffered a deterioration in its links via the IAPs... the one WiMax link does not receive or transmit signal due to IAP congestion, the other is weak and cannot transmit/receive at rates much better than a bad telephone dial-up connection. The copper link, basically a more sensitive telephone line carrier, broke down, apparently stolen.

With this huge deterioration of communications ability being reduced to almost nothing, bar the poor performance of one WiMax link, the company started suffering from what would appear abnormally high, in fact impossible, usage figures.

In January the company exceeded its 1,750MB of usage, despite poor communications, and managed to clock up a massive 31GB of usage outside peak hours. Clearly, someone else is using the company's free usage facility. The prejudice is to the ISP, not the company.

Would it be possible to 'steal' bandwidth by emulating the client company's IP Addresses (and other setting), as a guess, even though the offender subscribes to a different ISP with a different ASP carrier. Is this possible? How is it done? If that were possible then everyone's bandwidth could be stolen because IP addresses are public.

It seems the only way to do this is to set up a Linux server being configured with the victim company's allocated IP address. This way the ISP actually believes that the incoming usage should be clocked up to the company, rather than the thief. Possible or mythical...? Is this why the WiMax link appears so clogged up?


African Sun Banner
With a passion as warm as the rising African Sun
Andrew Blogs at South of the Africa Equator
Twitter: @zimbandrew - find me, follow me
LinkedIn: Andrew Field - link up there too
Harare, Zimbabwe

Andrew Field

andrewfield1-300430

How do you steal bandwidth?

Greetings Russell... thanks for your comments, which I found useful. I am beginning to believe that perhaps the Wimax side of things is a little too insecure and I will be addressing this with the service provider. Andrew

0 comments

Russell Henley

russellhenley

How do you steal bandwidth?

From a technical perspective (albeit without too much technical jargon I hope!), you need to hack into the network either before your point of presence (i.e. the router or equivalent that you are using to connect into the WiMax service), or someone has 'cloned' the physical point of presence. This is quite simple to do on a WiMAX network (Depending on the underlying protocols) and a small amount of technical knowledge could do this (WiMAX is basically just a bigger brother to normal wifi - knowledge of your MAC address and relevant passwords would be enough to clone the details - plenty of devices and software let you specify your own MAC access)). The simplest way to resolve this is to get new details from the WiMAX provider to ensure future protection, and ensure these are kept suitably secret. Your endpoint device (router) will usually have some form of traffic analysis (even the most cheap routers do) so you should be able to see who is using bandwidth if it's your side of the router. If it's the other side it will be very hard to detect! It's very easy on a network to attach a device that can allow external access. If it's physical ADSL for the last segment then you can't hack this that easily (as it should be tied into the physical connection, or should be, at the exchange). Hope this helps, Russell. Russell HenleyManaging DirectorHenley Software LimitedT: 01628 550030 | M: 07770 380004email | web | personal profile | company profile | twitter | blog

0 comments

Jeff Mowatt

jeffmowatt-232748

How do you steal bandwidth?

The provider could also be lying Andew, it happens in countries where corruption is endemic. Telephone bills with calls to people you never called. In the end, it's only software that determines what gets billed and there is none without bugs. Digital coaches are all at the dentist. They're having their teeth pulled to make room for the seats.

0 comments

Andrew Field

andrewfield1-300430

How do you steal bandwidth?

Thanks for your comments Derek. Definitely not the router arrangement... that was my first port of call, but thanks for the heads up on that. I am beginning to think that the ISP has its wires crossed somewhere along the line. We in the tropics are reasonable consumers of bandwidth, but nowhere near the volumes that you would consume in Europe or North America. My ISP tell me they are the leaders in the field and the best :-) Where are all the Linux hacking boffins in Ecademy... I thought with all the digital coaches around I would get a few more responses to this.

0 comments

Derek Sorensen

dereksorensen-69312

How do you steal bandwidth?

Hi Andrew, Do you have a wireless network? A possible cause is that someone has found a way in, perhaps through an open router, or even a router configured to use WEP rather than WPA. I'm not a networking expert, but I have read that WEP can be cracked in under 30 minutes by a brute force attack (don't have a reference to hand, I can do a bit of Google-ing if you want more info). Although if your connection is physically constrained that you can't possibly have used that much bandwidth, then that's not the issue. I'd still be inclined to check though. And if someone has found a way in, you might also want to check any file shares on your network, make sure nothing is visible that shouldn't be, and particularly none of the shares are writable without authentication. By the way, I have no idea what the norm is for bandwidth caps in Zimbabwe, but over here 50 - 100Gb is fairly standard for broadband monthly "fair use" caps. Unless you are talking about daily caps, in which case I might consider emigrating to Zimbabwe :) You might want to look around to see what other ISPs are offering. Derek

0 comments