On Fri, 3 Oct 2003, Nick May wrote:
> Presumably one would have to hack into the internal network to get
> access to the (private?) i.p addresses that are being assigned to
> customers. (Or are they not private - can I ping them from the net?)
It depends. Some operators (including mine) use Network
Address Translation (NAT) to provide ip addresses from
private network to the clients. This would also efectively
stop the "gprs billing hack".
Some operators provide the ip addressses from public
ip space which is is efectively the same as connecting
any normal computer to the internet. In this case (if there
is not any firewall between) you can send packets to
the handset. Still, this does not mean that you could
somehow steal money from the packet charges.
The overbilling scam they described is basically just
pinging a host (handset) in Internet.
In the old days when ISP:s charged by the traffic you
could do the same "attack" to some poor company by
floodpinging their webserver. Was that called "hacking
into ISP billing system"? I dont think so :)
--
Mika Tuupola http://www.appelsiini.net/~tuupola/
Received on Fri Oct 3 14:24:26 2003