[ILUG] Problems with Three Mobile-Broadband Router

[Kenn Humborg]

> Traffic is download mostly - which at least is a bit reassuring.

This reminds me of an issue we saw with O2 in a telematics
application.

Originally, we were using the "open.internet" GPRS APN.  However,
the telco bills were showing 30-40% more traffic than we were
measuring in our software.  Switching to the "internet" APN sorted
this out.

It turns out that the "open.internet" APN allows all inbound traffic
to your dynamically-assigned public IP address, whereas "internet" 
only allows inbound IP traffic associated with existing TCP 
connections (and presumably UDP too for DNS stuff).

The upshot of this is that, if you use "open.internet", you end up
paying for portscans and other malware-generated traffic to your
GPRS connection (which is particularly nasty when roaming).

This was about 3 years ago, and we estimated the malware traffic
volume to be about 1MB/month.  This is a far cry from your traffic
discrepancy, but perhaps you've been unlucky and are the 
erroneous target of some DDOS or similar?

Do Three provide any alternative APNs, perhaps implementing 
different firewall policies like O2?

I'm sure this is a dirty little secret among the GSM providers.
You get to pay for receiving crap that you can't block or 
opt out of.  It's similar in principle to spam faxes (where
you pay in paper/toner costs), or spam SMS in the US (where you
pay to receive), but I haven't seen anyone kick up a fuss
about it yet.

To measure the level of "background traffic" on your GPRS
connection, plug your dongle into a PC (Windows or Linux),
and use tcpdump or wireshark to watch an otherwise idle 
connection.

Later,
Kenn