Slashdot Mirror


More On Detecting NAT Gateways

tcom91 writes "The Slashdot article Remotely Counting Machines Behind A NAT Box described a technique for counting NAT hosts. A recently published paper Detecting NAT Devices using sFlow describes an efficient way of detecting NAT gateways using sFlow, a traffic monitoring technology built into many switches and routers. This technology could be used to enforce single host access policies and eliminate unauthorized wireless access points."

10 of 438 comments (clear)

  1. still same bandwidth by boolean0 · · Score: 4, Interesting

    people are still using the same amount of bandwidth payed for, no matter how many machines are using it. when will these companies realize that many people have multiple computers in their home?

    1. Re:still same bandwidth by SWroclawski · · Score: 4, Interesting

      Well every industry goes through this it seems (at least in the US).

      The phone company used to care how many phones you had. Then the cable company charged per teleivion, and some ISPs care how many computers you have.

      The key difference I see is the two previous mentioned industries had those issues resolved by regulation. Regulating consumer grade ISPs might not be a bad thing and finally set limits on things like number of computers or port restriction. And if not- at least we'll know what "comsumer grade" service is and all switch to "Small Office" connections, which already seem to be the way to go for people who actually want to use thier internet connection at home.

      - Serge Wroclawski

    2. Re:still same bandwidth by SWroclawski · · Score: 4, Interesting

      Indeed, NAT is (in this context) just a modern day television splitter.

      While the ISPs may go after a few people- I have serious doubts that the practice will become widespread. Just as the TV splitter was commodity, so are cheap NATs. Heck, some expensive cable modems you can buy in the store come with NAT!

      The products are already sold as "Cable Modem Routers".

      It is, of course, possible that the ISPs and media publishers would go after home user, but it's likely they'd do it over bandwidth consumption or trading copyrighted material rather than just NATing. Going after them just for NATing wouldn't benefit them. The ISP looses a customer and gets a bad reputation, the home electronics company gets mad at the ISP and the customer looses.

      At least with file traders, the ISP is loosing a "bandwidth hog". It may be a weak excuse, but it's something.

  2. What will the future hold? by Blaine+Hilton · · Score: 4, Interesting
    The whole idea of the Internet is a network of networks. Things like this along with certain large ISPs blocking any email from whole blocks of networks without reason leads me to wonder how open the Internet really is, and how closed it could become. ISPs should be selling network connectivity, without restricting what use that connectivity has. I have the same feeling with business phone lines. Businesses are charged more just for being a business, they may use the phone more, but not necessarily.

    Go calculate something

  3. Its a war, you break standards. by BrookHarty · · Score: 4, Interesting

    Nice, besides an ad for Sflow, just shows some more holes we need to patch, and more standards to break.

    OS fingerprinting was nice, but now some boxes are replying as a tandy coco, its a very amusing battle. Now TTL is being used to determine multiple Nat'ed IPs. I'm sure someone will write a nice nat module for linux/etc to bypass this also. Seems like the endless cycle of control freaks loosing control.

    BTW, not sure which ISPs care about NAT, but there are very very large NAT friendly ISP's out there. (Speakeasy for one)

  4. Thanks, sFlow! by frohike · · Score: 4, Interesting

    I just wanted to extend a big thanks to sFlow for posting this paper (and the AT&T people for posting theirs). Despite the fact that DARPA screwed Theo & Co, they are probably already adding a "modulate TTL" setting to pf as we speak.

    And of course if you're ultra-paranoid, then just use something like socks or squid to proxy most or all of your TCP connections, and it's 100% indistinguishable from your firewall making the connections out. Because your firewall is making the connections out.

    When will they learn?

    Kinda irritates me that stuff like this may make my nice all-in-a-box Netgear NAT useless some day, but it's nice to know that people like OpenBSD are there to back us up.

    And like someone else said, what exactly does the cable company expect me to do? Expose all of my internal network to the internet? Cha right! They wouldn't even give me more than 3 IPs anyway!

  5. Re:Ummm no ... by n3k5 · · Score: 4, Interesting
    There are no additional costs. [...] You can only suck so much down on a broadband connection at a time.
    You're assuming here that every customer is maxing out his/her bandwith all the time, as if every customer had a P2P client running all the time and enough active downloads that more data is available than he/she can suck down. However, this is not the reality, hence this is not how ISPs calculate their fees. If they did calculate their fees that way, their service would be much more expensive. Just compare with enterprise-level ISPs that sell 24/7 _guaranteed_ bandwidth. So, ISPs are saving costs because their users don't use all that bandwidth -- and this is even true if they charge for the MegaByte instead of a flatt fee! More users means making more use of the available bandwith, means more costs.
    If the service contract says one IP, one system, they're not going to help you solve problems with your network.
    A reasonable contract says one system at a time, they'll let you upgrade your PC, they'll let you run different operating systems, they'll most likely let you plug in your laptop you took home from work. Now if you have trouble setting up the connection on any system, they should help you even if they helped you before with another system.
    --
    but what do i know, i'm just a model.
  6. What about Virtual Machines? by BadBlood · · Score: 4, Interesting

    As someone on slashdot wrote before me, what about 1 singular PC connected to the internet running a couple of sessions of vmware?

    Perhaps it would appear to the outside world that there are more than 1 pc connected, but to prove it, they'd have to have physical access to your home.

    Pretty sure they won't get past me...

    --


    Praying for the end of your wide-awake nightmare.
  7. Easy Windows Fix by Winter · · Score: 4, Interesting

    Since the method relies on knowing the default TTL, (128 for windows), just set the default TTL to something higher...

    In W2K:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Servic es\Tcpip\Parameters\DefaultTTL (DWORD)

    Just set to 129 if you have a NAT between your PC and the modem.

    This way all the packets seem to come directly from a Windows box, and you don't have the (potential) sideeffects of getting the NAT to change the TTL.

    --
    main(i){putchar(177663314>>6*(i-1)&63|!!(i<5)<<6)&&main(++i);}
  8. Re:Yawnn.. iptables? by graf0z · · Score: 4, Interesting
    This will break some things, i.e. traceroutes from NATed boxes to the outsinde world. Better: change default initial TTL on the packet originating box. I read a reply with the according MSwin-registry-entry, this is for linux:
    /sbin/sysctl -w net.ipv4.ip_default_ttl=129

    /graf0z.