North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SlashDot: "Comcast Gunning for NAT Users"

  • From: Chris Adams
  • Date: Fri Feb 01 01:59:55 2002

On Thursday, January 31, 2002, at 02:09 , Eric A. Hall wrote:
"Bill Woodcock" <[email protected]> wrote:

Besides the technical difficulties of detecting a household that is
running a NAT...
Can you think of a way of doing it reliably?  Anything that provides
anything more than a guess?
  HTTP proxies indicating that multiple browsers are in use, especially
  if multiple platforms (Win95, WinXP, as simple test)
This is one of the better ones (assuming you only check platform & not browser - it's not uncommon to have more than one of IE/Netscape/Opera running). Even better might be sniffing windowsupdate requests as proxies and some browsers can easily spoof user-agents but there's no reason other than NAT or proxying to explain automatically downloading both the NT and XP patch lists.

  More than ~4 simultaneous TCP connections open at once.
Really, really bad idea. Opening a page with images causes multiple HTTP requests in most browsers, particularly if someone's used one of the web accelerators - if you have a few windows open, this could easily cause >30 simultaneous connections (particularly with slow servers). Many programs poll for updates, chat software involves permanent connections (my opening Trillian opens 4 connections), most cable modem users keep their email clients running and it's pretty common to be streaming music or playing online games.

I think that blocking based on known MAC address ranges or traits (e.g. HTTP banners) of NAT devices would be the only acceptable route. That'd probably get the majority of the NAT users but would avoid those who are capable of stealthing a system (this would become particularly interesting with some of the kernel patches floating around which mimic another TCP/IP stack) and these users are the most likely to be soaking bandwidth.

Even this would have problems - there'd probably be a class action if they required users not to use firewalls and I doubt they'd want to deal with the support headache in convincing users to give up their wireless access points.

The real lesson is that filtering on equipment is a bad way to control bandwidth usage. Of course, these are the same people who will complain about something listening on port 80 which transfers 5KB/month but won't say a thing if you spend 18 hours a day deathmatching and downloading crap.