SlashDot: "Comcast Gunning for NAT Users"

• Previous message (by thread): SlashDot: "Comcast Gunning for NAT Users"
• Next message (by thread): SlashDot: "Comcast Gunning for NAT Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday, January 31, 2002, at 02:09 , Eric A. Hall wrote:
> "Bill Woodcock" <woody at zocalo.net> wrote:
>
>>> Besides the technical difficulties of detecting a household that is
>>> running a NAT...
>>
>> Can you think of a way of doing it reliably?  Anything that provides
>> anything more than a guess?
>
>   HTTP proxies indicating that multiple browsers are in use, especially
>   if multiple platforms (Win95, WinXP, as simple test)

This is one of the better ones (assuming you only check platform & not 
browser - it's not uncommon to have more than one of IE/Netscape/Opera 
running). Even better might be sniffing windowsupdate requests as 
proxies and some browsers can easily spoof user-agents but there's no 
reason other than NAT or proxying to explain automatically downloading 
both the NT and XP patch lists.

>   More than ~4 simultaneous TCP connections open at once.

Really, really bad idea. Opening a page with images causes multiple HTTP 
requests in most browsers, particularly if someone's used one of the web 
accelerators - if you have a few windows open, this could easily cause 
 >30 simultaneous connections (particularly with slow servers). Many 
programs poll for updates, chat software involves permanent connections 
(my opening Trillian opens 4 connections), most cable modem users keep 
their email clients running and it's pretty common to be streaming music 
or playing online games.

I think that blocking based on known MAC address ranges or traits (e.g. 
HTTP banners) of NAT devices would be the only acceptable route. That'd 
probably get the majority of the NAT users but would avoid those who are 
capable of stealthing a system (this would become particularly 
interesting with some of the kernel patches floating around which mimic 
another TCP/IP stack) and these users are the most likely to be soaking 
bandwidth.

Even this would have problems - there'd probably be a class action if 
they required users not to use firewalls and I doubt they'd want to deal 
with the support headache in convincing users to give up their wireless 
access points.

The real lesson is that filtering on equipment is a bad way to control 
bandwidth usage. Of course, these are the same people who will complain 
about something listening on port 80 which transfers 5KB/month but won't 
say a thing if you spend 18 hours a day deathmatching and downloading 
crap.

Chris

• Previous message (by thread): SlashDot: "Comcast Gunning for NAT Users"
• Next message (by thread): SlashDot: "Comcast Gunning for NAT Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]