SlashDot: "Comcast Gunning for NAT Users"

• Next message (by thread): SlashDot: "Comcast Gunning for NAT Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 	1) check out mac-address ranges
> 	2) count flows/ip to determine if this
> pattern appears to be legit.  (this in theory could also be done
> to prevent file sharing systems that keep a large number of
> peer-to-peer connections)
> 	3) port/ip based filtering

 4) TCP fingerprinting of flows.
    Not sure about all NAT implementations, but most seem to rewrite on
the fly, not proxy (as would be sensible). Likewise, by watching sequence
numbers, sack behavior, etc one could certainly recognize different
strains of tcp stacks behind an address, and with practice determine
multiple instances of the same strain.

..kg..

ObNoise. How would one construe whether its proper for multiple logical
partitions of a machine to fetch comcast nntp pr0n?

• Next message (by thread): SlashDot: "Comcast Gunning for NAT Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]