Slashdot Mirror

← Back to Stories (view on slashdot.org)

More On Detecting NAT Gateways

Posted by timothy on from the check-your-terms-of-service dept.

tcom91 writes "The Slashdot article Remotely Counting Machines Behind A NAT Box described a technique for counting NAT hosts. A recently published paper Detecting NAT Devices using sFlow describes an efficient way of detecting NAT gateways using sFlow, a traffic monitoring technology built into many switches and routers. This technology could be used to enforce single host access policies and eliminate unauthorized wireless access points."

4 of 438 comments (clear)

  1. Bzzzt! Sorry; Close, but no cigar! by pjkundert · · Score: 4, Informative
    The technique describes depends on two very simple mechanisms; A) assuming that a NAT router will decrement each packet's Time-To-Live (TTL), thus exposing its presence, and B) searching for independent, incrementing sequences if IP packet ID's, to estimate the number of hosts behind the NAT router.

    The time before there are "fixed" versions of both NAT (which don't decrement TTL), and of IP packet ID's (changing all ID's into a single monotonically increasing order, or randomizing them) will be measured in hours.

    Hopefully the authors of this paper aren't doing research for a living...

    --
    -- -pjk Perry Kundert perry@kundert.ca http://kundert.2y.net
  2. Yawnn.. iptables? by MacroHard · · Score: 5, Informative

    iptables -t mangle -A OUTPUT -i eth0 --ttl-set 64

  3. Yes, and.... by djupedal · · Score: 4, Informative

    I have three computers and a PS2 behind an Airport Base Station on a VDSL connection.

    When my ISP shuts down all the chatter I see, around the clock, from Code Red hits (default.ida requests, etc.), like 12~14 per second, I'll be happy to discuss my 'expanded' bandwidth usage and how it impacts their resources.

    Code Red has little direct impact on my boxes, since I'm MS free, but with the general effect being a load on the network right up against my VDSL modem, this is still a very real issue. If the ISP's want to reduce loads, they can look to stop some of the noise from other sources as well. What other sources? Let me think...ummm...spam mail? Port scan probes....

  4. Re:Ummm no ... by Rude+Turnip · · Score: 4, Informative

    There are no additional costs.

    Bandwidth: You can only suck so much down on a broadband connection at a time. One guy downloading MP3's all day is using more bandwidth than two people in a household with simple needs who want to network their two computers.

    Customer Support: If the service contract says one IP, one system, they're not going to help you solve problems with your network. Comcast refuses to troubleshoot anything for me until I plug my system directly into the cable modem, for example.

    Security: The user bears this cost, not the ISP.

    Repairs: If you pay for "consumer level" service, they're only going to give you "consumer level" service, regardless of how many people use the connection.

    --
    Bill Clinton: Pimp we can believe in. - The Shirt!!!