If its just a plain dialup (no AOL, CompuServ crap), they are likely using RADIUS for their authentication.
Here's how it works:
User dials a phone number for their ISP. The call is routed to a NAS, or network access server. The NAS is just a bank of modems with a router built in. It handles the call, hands you an IP, etc. As soon as you connect, your machine sends a username and password. That username/password pair is sent along to the RADIUS server. The RADIUS server then says to allow the user, or deny the user. The RADIUS server can also do accounting, keeping track of how much data was transferred, how long the user was on, the caller ID of the caller, IP address, etc.
It depends on the RADIUS server being used, but most can tell if a particular ID is in use and can deny further logons.
Even if their RADIUS server can't deny multiple logins (which is probably unlikely), they will most likely be collecting accounting data for each session. If they closely audit those records, they will detect multiple sessions for the same account and shut it down if in violation of their TOS.
I used to admin the RADIUS server for a moderate sized ISP in Oklahoma that served 15 or so cities. When I came on board, our configuration didn't allow for us to limit concurrent sessions in some of the smaller cities, but we could see the multiple connections in logs. We had an timed job that went around every 10 minutes looking for "sharers". The script would then kick ALL users using that ID. Tech support would get an email notice and would call the registered account holder and tell them that we have detected that someone may have compromised their password (yeah, right). They'd change it, and usually the problem would go away because they'd tell their buddy that we caught on.
Your friend would probably be suprised at the information ISPs can collect. I kept detailed records for dialup sessions that contained the date/time, IP, caller ID, time online. Almost all ISPs have caching web proxy servers, and those caching proxies can log where client IPs go on the web. Just cross reference the log on the proxy with the RADIUS log, then go look at accounting, and you know Joe Blow likes gay porn. Scary, huh? Our proxies were configured to not log because of these privacy concerns, but do you know if your ISP does the same?
Lastly, if your buddy just wants cheap access, go use 550access.com. $5.50/month, 150 hours. No frills.
Last edited by Boner; 10-06-2003 at 09:20 PM..
|