Telecom recommends users of its JetStream DSL always-on high speed internet connection deploy a firewall to protect themselves while surfing, but it will still charge users who are the victims of a denial of service (DOS) attack because of the way it bills its customers.
"You can have as much firewall as you like at your end, if the packet gets delivered past Telecom's demarcation point, that's accountable to you," says consultant John Russell.
"For example, if you've got a firewall that blocks port 80 and somebody sends ... packets towards port 80, even if your firewall drops them on the floor it doesn't matter, it's already gone through."
Port 80 is the default setting for a server to "listen" for incoming connections.
Telecom spokesman Andrew Bristol says Telecom recommends users either get a firewall or switch off their DSL modems when not in use.
"Although JetStream contains a secure mechanism (NAT), customers may want to consider additional security measures, such as virus protection software and firewalls," says the Telecom JetStream site. A NAT is a network address translation system.
"A firewall that hides all users behind one public IP address. This provides some protection against external hackers," says the site.
Russell says switching the modem off is the only way to avoid getting billed for downloads you don't want.
"It's a problem with having an always-on network that's also billable for traffic. It's easily compromised." However Telecom promotes JetStream as an always-on connection.