Removing Spiderwebs – Detecting Illegal Connection Sharing

People who share Internet connections in discord with agreements made between them and their Internet service provider can cause severe headaches for both the provider and the network administrator. There are, however, several ways to detect such practice. These methods are neither very complicated nor time consuming.



What you will learn…

• how to hide illegal Internet connection sharing,


• how to detect unauthorised Internet bandwidth sharing.

What you should know… 

• how to use the Linux operating system,


• the ISO/OSI network model,


• you should have at least basic knowledge about TCP/IP networks.

An administrator can easily deal with the problem of heavy workload on the Internet connection by dividing the available bandwidth among all legal users. In such cases we don’t have to worry about the fact that someone made a part of their bandwidth available to a neighbour (see Frame Connection Sharing) – it will have no infl uence on the quality of service offered by the Internet service provider. However, the problem of the mediator earning money and not sharing costs with the service provider still remains. Therefore, a question arises: how can an administrator discover that a third party is using the network? There are a few techniques, which are more or less effective. However, it all really depends upon the knowledge of the person who has built the illegal spiderweb and on the techniques used by mentioned person for hiding their activities from the outside world. The fi rst, and probably most reasonable way for protecting oneself from illegal connection sharing is to divide the transmission bandwidth. This technique guarantees that the bandwidth of our network will not turn out to be too narrow due to a large number of unauthorised users and it is up to the customer what they will do with the purchased bandwidth. If, however, limiting the bandwidth or the amount of data to be transferred, is not enough and we really don’t want our connection to be shared by anyone, we can analyse the traffi c within our network and try to fi nd abusive situations. If the agreement signed by the user states that they are not allowed to share their connection, then, if the user does not comply with this agreement, the provider is allowed to disconnect them from the network. But only if the provider is successful in fi nding the illegal connection sharing node. As often happens in practice, such actions can frequently turn into playing cops and robbers where the latter generally have the upper hand when it comes to being inventive.