(keitai-l) Re: GPRS billing hack

From: Mika Tuupola <tuupola_at_appelsiini.net>
Date: 10/03/03
Message-ID: <Pine.GSO.4.10.10310031417550.5279-100000@aurinko>
On Fri, 3 Oct 2003, Nick May wrote:

> Presumably one would have to hack into the internal network to get 
> access to the (private?) i.p addresses that are being assigned to 
> customers. (Or are they not private - can I ping them from the net?)

	It depends. Some operators (including mine) use Network
	Address Translation (NAT) to provide ip addresses from
	private network to the clients. This would also efectively
	stop the "gprs billing hack". 

	Some operators provide the ip addressses from public
	ip space which is is efectively the same as connecting
	any normal computer to the internet. In this case (if there
	is not any firewall between) you can send packets to
 	the handset. Still, this does not mean that you could
	somehow steal money from the packet charges.

	The overbilling scam they described is basically just
	pinging a host (handset) in Internet.
	
	In the old days when ISP:s charged by the traffic you 
	could do the same "attack" to some poor company by
	floodpinging their webserver. Was that called "hacking
	into ISP billing system"? I dont think so :)

-- 
Mika Tuupola                      http://www.appelsiini.net/~tuupola/
Received on Fri Oct 3 14:24:26 2003