North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: SlashDot: "Comcast Gunning for NAT Users"
> 1) check out mac-address ranges > 2) count flows/ip to determine if this > pattern appears to be legit. (this in theory could also be done > to prevent file sharing systems that keep a large number of > peer-to-peer connections) > 3) port/ip based filtering 4) TCP fingerprinting of flows. Not sure about all NAT implementations, but most seem to rewrite on the fly, not proxy (as would be sensible). Likewise, by watching sequence numbers, sack behavior, etc one could certainly recognize different strains of tcp stacks behind an address, and with practice determine multiple instances of the same strain. ..kg.. ObNoise. How would one construe whether its proper for multiple logical partitions of a machine to fetch comcast nntp pr0n?