A packet has an IP ID regardless of whether its fragmented or not. So, if you're behind a NAT, it's only necessary for an outsider to "listen" for packets coming from your NAT into the ISPs domain. From that point it be comes possible to look at the distribution of the IP IDs and determine the number of machines.
This sort of assume all the machines behind your NAT are all sending at around the same amount of time. Sending a couple of packets of second, it's pretty easy to do go through the entire 16 bit space in about 15 minutes. (If your OS is doing the counter method.)
Let's look at how various operating systems handle the IP ID counter:
1. Linux 2.4.x -- Zeroes out the IP ID field with the DF bit is set. Otherwise it does a pseudo random number on a per session basis. There are patches to make it more similar to *BSD functionality, but either method defeats the idle scan and most likely this NAT scan. 2. OpenBSD uses a 16 bit linear congruential pseudorandom generator. 3. FreeBSD, later versions use exactly what OpenBSD uses. 4. Most other Unix machines uses a simple counter, as do most versions of Windows. (I have only looked at older versions of NT with regards to this.)
It would be rather trivial to change an IP masquerading box to alter the IP ID field for the seriously paranoid.
Heh, you may think these are easy, but they are not. The easy part is writing the program. The judges at these contests are very evil about testing.
Additionally, you have one computer to work on for a 3 member team. (At least the regionals were like this.) Perl is generally not one of the languages they use, but the language they use is dependent upon the region. Pascal, C/C++, and Java are generally the popular languages in these contests.
Ruby is being used as an optional extension language for Vim 6.
Much of the documentation of Ruby is just now being translated to English.
Python lacks true closures, whereas Ruby does not.
Love it or hate it, Ruby has operator overloading. In the case for "scripting" languages, this seems useful.
Ruby is faster than Python.
Ruby is not statically typed.
For university networks, the biggest problem are obviously pesky email viruses. The best solution I've seen is to have the university mail servers filter out all executable or.vbs email attachments.
Nortan antivirus is a perk, but I don't think it should be required on everyone's system. (For obvious reasons.)
When I use X, my xterms will display the name of my xterm, concatenated with my present working directory. When I execute a command, this command
will now be in my xterm title, concatenated with the present working directory.
I do not know of an equivalent to preexec() in bash.
o/~ Who controls the linux media Who keeps BSD down We do! We do. Who keeps sensibility off the maps Who keeps the Mach under wraps We do! We do. Who holds back the Metallica's Lars Who makes Jon Katz a star? We do! We do. Who robs geeks of their sight? Who rigs every Linux-media event? WE DO! WE DOOO. o/~
Slashdot Mirror
No.
A packet has an IP ID regardless of whether its fragmented or not. So, if you're behind a NAT, it's only necessary for an outsider to "listen" for packets coming from your NAT into the ISPs domain. From that point it be comes possible to look at the distribution of the IP IDs and determine the number of machines.
This sort of assume all the machines behind your NAT are all sending at around the same amount of time. Sending a couple of packets of second, it's pretty easy to do go through the entire 16 bit space in about 15 minutes. (If your OS is doing the counter method.)
The code necessary to have a masquerading box do this is pretty minimal. (I've implemented something similar, but it's a work project, so no patches.)
The modulate state for pf affects TCP ISNs, not IP IDs.
Let's look at how various operating systems handle the IP ID counter:
1. Linux 2.4.x -- Zeroes out the IP ID field with the DF bit is set. Otherwise it does a pseudo random number on a per session basis. There are patches to make it more similar to *BSD functionality, but either method defeats the idle scan and most likely this NAT scan.
2. OpenBSD uses a 16 bit linear congruential pseudorandom generator.
3. FreeBSD, later versions use exactly what OpenBSD uses.
4. Most other Unix machines uses a simple counter, as do most versions of Windows. (I have only looked at older versions of NT with regards to this.)
It would be rather trivial to change an IP masquerading box to alter the IP ID field for the seriously paranoid.
Here's 1 rule in C, but it's pretty easy to modify it.
? q[y-81]^q[y-79]:0)-1?32:42:10);y>2560?:main(y+ 1);}
int q[2561];main(y){putchar(y%80?(q[y]=y==40?1:y>80
Heh, you may think these are easy, but they are not. The easy part is writing the program. The judges at these contests are very evil about testing.
Additionally, you have one computer to work on for a 3 member team. (At least the regionals were like this.) Perl is generally not one of the languages they use, but the language they use is dependent upon the region. Pascal, C/C++, and Java are generally the popular languages in these contests.
Ruby is being used as an optional extension language for Vim 6. Much of the documentation of Ruby is just now being translated to English. Python lacks true closures, whereas Ruby does not. Love it or hate it, Ruby has operator overloading. In the case for "scripting" languages, this seems useful. Ruby is faster than Python. Ruby is not statically typed.
For university networks, the biggest problem are obviously pesky email viruses. The best solution I've seen is to have the university mail servers filter out all executable or .vbs email attachments.
Nortan antivirus is a perk, but I don't think it should be required on everyone's system. (For obvious reasons.)
ct=$(xprop -id $WINDOWID | grep WM_NAME | cut -d=-f2 | tr -d \")
;;
esacprecmd() { print -Pn "\e]0;$ct - %~\a"}
prexec() { print -Pn "\e]0;$* - %~\a" }
When I use X, my xterms will display the name of my xterm, concatenated with my present working directory. When I execute a command, this command will now be in my xterm title, concatenated with the present working directory.
I do not know of an equivalent to preexec() in bash.
From the Simpson's Stonecutter episode,
As sung by Rob Malda, CmdrTaco, and Hemos:
o/~ Who controls the linux media
Who keeps BSD down
We do! We do.
Who keeps sensibility off the maps
Who keeps the Mach under wraps
We do! We do.
Who holds back the Metallica's Lars
Who makes Jon Katz a star?
We do! We do.
Who robs geeks of their sight?
Who rigs every Linux-media event?
WE DO! WE DOOO.
o/~