North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SlashDot: "Comcast Gunning for NAT Users"

  • From: kevin graham
  • Date: Thu Jan 31 19:19:46 2002

> 	1) check out mac-address ranges
> 	2) count flows/ip to determine if this
> pattern appears to be legit.  (this in theory could also be done
> to prevent file sharing systems that keep a large number of
> peer-to-peer connections)
> 	3) port/ip based filtering

 4) TCP fingerprinting of flows.
    Not sure about all NAT implementations, but most seem to rewrite on
the fly, not proxy (as would be sensible). Likewise, by watching sequence
numbers, sack behavior, etc one could certainly recognize different
strains of tcp stacks behind an address, and with practice determine
multiple instances of the same strain.

ObNoise. How would one construe whether its proper for multiple logical
partitions of a machine to fetch comcast nntp pr0n?