SlashDot: "Comcast Gunning for NAT Users"
David.Charlap at marconi.com
Thu Jan 31 21:44:59 UTC 2002
Keith Woodworth wrote:
> From a technical standpoint how does one detect NAT users over the
You can't deterministically do so, but there are some telltale signs.
NAT implementations (at least the ones I've seen) tend to choose very
large port numbers (above 30,000) for the ports that they generate.
Of course, this can happen without NAT. And it is possible to write NAT
stacks that choose low-numbered ports (it's trivially easy to make this
change in the Linux IPMASQ code, for instance.)
Anybody who tries to detect NAT through these kinds of heuristic methods
will end up with a lot of false positives and false negatives. And if
it becomes a problem, the NAT implementors will simply alter their code
to make it impossible to distinguish from a single host's traffic.
More information about the NANOG