SlashDot: "Comcast Gunning for NAT Users"
jared at puck.Nether.net
Thu Jan 31 22:02:40 UTC 2002
how to identify non-host based devices:
1) check out mac-address ranges
2) count flows/ip to determine if this
pattern appears to be legit. (this in theory could also be done
to prevent file sharing systems that keep a large number of
3) port/ip based filtering
I suspect that for the people who went out and
bought the linksys/other routers that want to link up their
two home computers you will see a few that just say "hey, it's just
another $5/mo and i don't have to worry about this device i got
at frys/best buy/compusa/whatnot that i don't really understand".
there's [almost alyways] a way to beat any system. I think
they are just trying to reduce the support costs of people with
these devices at a time when they are getting bad PR (at least here in
MI) about the switchover from @home-> comcast.
the uninitiated will blame comcast when it's their
On Thu, Jan 31, 2002 at 04:44:59PM -0500, David Charlap wrote:
> Keith Woodworth wrote:
> > From a technical standpoint how does one detect NAT users over the
> > network?
> You can't deterministically do so, but there are some telltale signs.
> NAT implementations (at least the ones I've seen) tend to choose very
> large port numbers (above 30,000) for the ports that they generate.
> Of course, this can happen without NAT. And it is possible to write NAT
> stacks that choose low-numbered ports (it's trivially easy to make this
> change in the Linux IPMASQ code, for instance.)
> Anybody who tries to detect NAT through these kinds of heuristic methods
> will end up with a lot of false positives and false negatives. And if
> it becomes a problem, the NAT implementors will simply alter their code
> to make it impossible to distinguish from a single host's traffic.
> -- David
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG