Hi all

We have a hotspot set up with the trial user option. This allows potential customers 15 minutes unlimited access to the internet to test the system. The 15 minute period is reset every 29 hours to stop regular visitors coming by at the same time every day, and gaining access for free every day.

Well - that was the theory.

99% of the customers are doing exactly that, connecting, clicking on trial user, trying it. Then they either pay for service or come back a few days later and use it again (we don't mind that - as long as we get a high enough sign-up rate)

One person is changing their MAC address every 15 minutes. The MAC addresses started off being randomly chosen as if "by hand". I.e. a human was clearly choosing new values each time. E.g. 00:01:02:03:04:05 was one they chose.

Now this person has automated some of this process and each of the MAC address fields are either being incremented by one, or generated randomly.

Each time I look in the DHCP Leases table, I see that the computer name is always the same. "MacBook-Pro".

Anyone have any thoughts on how to put a stop to this user? At the minimum, I was thinking of being subtle to start with, perhaps adding some extra line in the login.html page that identifies them and puts on a message asking him to sign up and pay like everyone else!

Really I want to just allow him to use the Trial user system normally like everyone else, but as it is all linked to the assumption that a MAC Address is "unique" - I guess I'm completely stuffed?

Unless there is some script or firewall rule that can take his computer name and then drop him every time he tries to connect? (But then of course any genuine customer who also owns a computer called "MacBook-Pro" will also be dropped:( )

You can see I have been thinking about the problems of this for some time!

So far - we only have the one person doing this - but if they tell all their mates on how easy it is to bypass this system, we'll have to just stop the trial system - which at the moment we're loathed to do as that is what we have advertised we have setup in all the local press articles and advertising.

Ron.

Hi all

We have a hotspot set up with the trial user option. This allows potential customers 15 minutes unlimited access to the internet to test the system. The 15 minute period is reset every 29 hours to stop regular visitors coming by at the same time every day, and gaining access for free every day.

Well - that was the theory.

99% of the customers are doing exactly that, connecting, clicking on trial user, trying it. Then they either pay for service or come back a few days later and use it again (we don't mind that - as long as we get a high enough sign-up rate)

One person is changing their MAC address every 15 minutes. The MAC addresses started off being randomly chosen as if "by hand". I.e. a human was clearly choosing new values each time. E.g. 00:01:02:03:04:05 was one they chose.

Now this person has automated some of this process and each of the MAC address fields are either being incremented by one, or generated randomly.

Each time I look in the DHCP Leases table, I see that the computer name is always the same. "MacBook-Pro".

Anyone have any thoughts on how to put a stop to this user? At the minimum, I was thinking of being subtle to start with, perhaps adding some extra line in the login.html page that identifies them and puts on a message asking him to sign up and pay like everyone else!

Really I want to just allow him to use the Trial user system normally like everyone else, but as it is all linked to the assumption that a MAC Address is "unique" - I guess I'm completely stuffed?

Unless there is some script or firewall rule that can take his computer name and then drop him every time he tries to connect? (But then of course any genuine customer who also owns a computer called "MacBook-Pro" will also be dropped:( )

You can see I have been thinking about the problems of this for some time!

So far - we only have the one person doing this - but if they tell all their mates on how easy it is to bypass this system, we'll have to just stop the trial system - which at the moment we're loathed to do as that is what we have advertised we have setup in all the local press articles and advertising.

Ron.

You'll have to make it more attractive NOt to be a trial user.. Limit the bandwith for trial users or limit their net possibilities and put advertisements on..

/Henrik

I had considered bandwidth limiting, but that was quickly ruled out as trial users would then think the internet access speed was poor, so would blame the hotspot service as being poor. The internet service on this island is bad enough as it is without making it even worse!

But - the adverts idea might be a worthwhile idea. I shall try it on our development system as have not played with that option at all yet.

Still interested in more "elegant" solutions if anyone can come up with one?

Ron.

How large a hotspot area are you talking about? Is it feasible to walk around and find whoever is using a Macbook and give them a warning? Technically you could call it theft of services, depending on your local laws though this may or may not be something you wish to pursue.

If you're using open authentication then the MAC is the only way to track the user and you really have no other options.

We have the tools to find them if we need to , rest assured. It is something we could do once we work out if their useage patterns are regular. But you have to understand that this particular hotspot is not just down the road from us. It takes all day to travel there - involving trains and flights.

For now this person is abusing the free trial for about 2 hours at a time, every few days. So they are not causing us too much of a headache, but I am definately more concerned about the future if this gets out of hand and it becomes common knowledge about how easy this is to do. This is a small island, and the "geek grapevine" works fast!

on the trial user, pass them though filters that kill everything. Allow only port 80, UPD53 and thats it. They won't be able to vpn in, they won't be able to work from there, check their e-mail unless they are using a unencrypted system such as gmail etc.

This is what I do and it makes the paid users come out of the wood work!

One evening about a month ago, I was nearby and observed that they were active again, so I DF'ed them. Took all of about 30 minutes in the end. Unable to disclose any further details as this may go to court, but we're happy with the end result, i.e. our 'intervention' has stopped it.

But your comments gmsmstr on locking the trial users to the minimum required, such as plain http traffic is an interesting one we may consider.

We do that quite a bit. What other reasons is there to purchase, if you can get on for 30 min and check your email, etc. lock it down, and its done.