[AusNOG] large data bills on telstra.extranet

Brad Gould bradley at internode.com.au
Fri Dec 6 14:47:39 EST 2013 

On 6/12/2013 1:44 PM, Tom.Minchin at csiro.au wrote:
> 2b) if your unit isn't vulnerable but you are lucky enough to be allocated an IP address previously recorded as being vulnerable, you still could cop a lot of traffic from "hackers" still trying to access the previous device. There is no point trying to firewall your device as your traffic is metered and billed what is sent to your device, regardless of whether it is received.

With my service provider hat on, its rather an arbitrary decision on our 
part to decide that traffic has been "delivered" or even if its wanted 
or requested.

Then there is the hilarity of where is the metering point in the 
network?  Usually there is some form of session controller - does the 
circuit shaper come into affect (or even exist) before or after the 
metering process inside the chassis?  Can you do anything about that?  
Is it a big enough problem (across the business) to remedy?

For a 3/4G service, where the session throughput isnt defined by policy, 
rather by cell/backhaul performance, the session controller might assign 
a 100Mbps limit - or some random limit that means "dont let all the 
30Gbps DDoS through into the edge network".  Its there for network 
protection, not customer protection.  100Mbps sustained is going to slam 
your 3G plan pretty quickly.

You are correct though, in that the internet often wants to say "hi" in 
various ways, and that is a cost thats passed onto the customer.

Brad


> In good news, Telstra are now firewalling unwanted DNS traffic to telstra.extranet so this should not cause problems as of yesterday. For either vulnerable or non vulnerable units.
>
> Tom
>
>
> ________________________________________
> From: Minchin, Tom (CSIRO IM&T, Yarralumla)
> Sent: Monday, 25 November 2013 3:19 PM
> To: ausnog at lists.ausnog.net
> Subject: large data bills on telstra.extranet
>
> Hi,
>
> I’m looking to talk to anyone who has been receiving large data bills using the APN Telstra.extranet on Telstra’s mobile network.  We’ve got a lot of sensor equipment which uses it and over the last 3 months have been receiving large bills due to what appears to be DoS attacks on the public IP space that Telstra uses.
>
> I suspect we’ll have to move up the level of maturity of technical design to not use public IP (instead have a closed APN).
>
> Some background info I dug up: http://forums.whirlpool.net.au/archive/2175897 and Maxon had a link warning customers too (but their site appears to be down today).
>
> Tom
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
Brad Gould, Network Engineer
iiNet / Internode
P: +61 8 8228 2999
bradley at internode.com.au

More information about the AusNOG mailing list