At 13:02 25/11/03, ChrissyR wrote:

> > >
> > > My understanding was that the traffic is not charged to the IP but to
> > > the physical line and that line happens to have a static IP. There is
> > > only
> > > a subtle difference but it means that it does not matter who the Internet
> > > user is, or if they have ever connected to the internet using that ADSL
> > > line or not. It only matters what IP is assigned to that physical line
> > > and
> > > who rents that physical line.
> > >
> > > In theory I think that it is possible to get gigs of data on a line
> before
> > > any one connects to it. If the IP gets a DoS attack just after the line
> > > is installed then the line renter would pay for that data.
> >
> > This is not the case as the route updates would tear down the ip route for
> > that node as the user dropped offline and the static ip would return to
> > the vast world of null until such time as the user logged in again.
> >
> > the static IP is not tied to the physical line it is tied to the
> > username/password that is stored in the ISP database and passed back via
> > radius attributes when a user comes online by utalising a
> > Framed-IP-Address attribute.
> >
> > as opposed to a dynamic IP where no IP is passed back via radius and so
> > the user gets one allocated from a pool that is associated with that NAS.
> > (the ISP may also be doing a pseduo dynamic IP but thats another story
> > again and works in a similar way to static IP's from Telecoms perspective
> > - just happens all customers have one)
> >
> > This allows one with a static IP to roam to the other end of the country
> > and login with their username/password and have the static IP follow them.
> >
> > The most that would happen is that the ISP has a static route in place
> > pointint to their Telecom CAR for your IP and when you drop offline the
> > packets his the CAR and then drop into the big /dev/null void.
> >
> > Dynamic routing is fun !.
>
>
>This is all good.
>
>It does not explain the comment someone made that they disconnected in
>the middle of a DoS attack and saw their usage increase.

It did if their billing records were processed _after_ they logged off and
covered a period of time previously not metered up to the point they
actually disconnected. Hypothetically speaking (by way of example), an ISP
might have an hourly billing cycle that runs on the hour every hour
processing the last 60mins of RADIUS records or Netflow records or
whatever. At 1pm a billing run is carried out for the previous hour and
they then log off at say 1:23pm. The 2pm billing run catches up with 1pm to
1:23pm billing. They would have been logged off but their usage would
increase after that as soon as the billing run was completed. Make sense?

What did their ISP say when they approached them about this?

-- 
Ted Grenfell, Network Performance Manager, Xtra IT, Telecom NZ Limited
Mob: +64 274 435 455; DDI: +64 9359 5854; Fax: +64 9309 2921
ICQ: 191891; MSN Messenger: ted.grenfell@team.xtra.co.nz
Level 2 The Plaza, 2 Hereford St, Private Bag 92028, Auckland CBD
This email is for the person(s) identified above, and is confidential to
the sender and the person(s).  No one else is authorised to use or
disseminate this email or its contents. The email or its contents do not
necessarily represent the views of Xtra Limited or Telecom.
Please note that this communication does not designate an information
system for the purposes of the Electronic Transactions Act 2002.
-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message