SlashDot: "Comcast Gunning for NAT Users"
Keith Woodworth
kwoody at citytel.net
Thu Jan 31 22:02:38 UTC 2002
On Thu, 31 Jan 2002, David Charlap wrote:
|+
|+Keith Woodworth wrote:
|+>
|+> From a technical standpoint how does one detect NAT users over the
|+> network?
|+
|+You can't deterministically do so, but there are some telltale signs.
|+NAT implementations (at least the ones I've seen) tend to choose very
|+large port numbers (above 30,000) for the ports that they generate.
That was my understanding.
|+Anybody who tries to detect NAT through these kinds of heuristic methods
|+will end up with a lot of false positives and false negatives. And if
|+it becomes a problem, the NAT implementors will simply alter their code
|+to make it impossible to distinguish from a single host's traffic.
Thats sort of what I thought. Ive looked at some tcpdumps that are coming
from a FreeBSD machine doing NAT a while ago to see what was in the
packets exactly and I could not see how you could tell that box was doing
NAT really. But I'm not completely proficient in deciphering packets so I
may have missed something along the way.
Keith
More information about the NANOG
mailing list