North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SlashDot: "Comcast Gunning for NAT Users"
how to identify non-host based devices: 1) check out mac-address ranges 2) count flows/ip to determine if this pattern appears to be legit. (this in theory could also be done to prevent file sharing systems that keep a large number of peer-to-peer connections) 3) port/ip based filtering I suspect that for the people who went out and bought the linksys/other routers that want to link up their two home computers you will see a few that just say "hey, it's just another $5/mo and i don't have to worry about this device i got at frys/best buy/compusa/whatnot that i don't really understand". there's [almost alyways] a way to beat any system. I think they are just trying to reduce the support costs of people with these devices at a time when they are getting bad PR (at least here in MI) about the switchover from @home-> comcast. the uninitiated will blame comcast when it's their router/nat/whatnot unit. - jared On Thu, Jan 31, 2002 at 04:44:59PM -0500, David Charlap wrote: > > Keith Woodworth wrote: > > > > From a technical standpoint how does one detect NAT users over the > > network? > > You can't deterministically do so, but there are some telltale signs. > NAT implementations (at least the ones I've seen) tend to choose very > large port numbers (above 30,000) for the ports that they generate. > > Of course, this can happen without NAT. And it is possible to write NAT > stacks that choose low-numbered ports (it's trivially easy to make this > change in the Linux IPMASQ code, for instance.) > > Anybody who tries to detect NAT through these kinds of heuristic methods > will end up with a lot of false positives and false negatives. And if > it becomes a problem, the NAT implementors will simply alter their code > to make it impossible to distinguish from a single host's traffic. > > -- David -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
|