SlashDot: "Comcast Gunning for NAT Users"

Jared Mauch jared at
Thu Jan 31 22:02:40 UTC 2002

	how to identify non-host based devices:

	1) check out mac-address ranges
	2) count flows/ip to determine if this
pattern appears to be legit.  (this in theory could also be done
to prevent file sharing systems that keep a large number of
peer-to-peer connections)
	3) port/ip based filtering

	I suspect that for the people who went out and
bought the linksys/other routers that want to link up their
two home computers you will see a few that just say "hey, it's just
another $5/mo and i don't have to worry about this device i got
at frys/best buy/compusa/whatnot that i don't really understand".

	there's [almost alyways] a way to beat any system.  I think
they are just trying to reduce the support costs of people with
these devices at a time when they are getting bad PR (at least here in
MI) about the switchover from @home-> comcast.

	the uninitiated will blame comcast when it's their
router/nat/whatnot unit.

	- jared
On Thu, Jan 31, 2002 at 04:44:59PM -0500, David Charlap wrote:
> Keith Woodworth wrote:
> > 
> > From a technical standpoint how does one detect NAT users over the
> > network?
> You can't deterministically do so, but there are some telltale signs. 
> NAT implementations (at least the ones I've seen) tend to choose very
> large port numbers (above 30,000) for the ports that they generate.
> Of course, this can happen without NAT.  And it is possible to write NAT
> stacks that choose low-numbered ports (it's trivially easy to make this
> change in the Linux IPMASQ code, for instance.)
> Anybody who tries to detect NAT through these kinds of heuristic methods
> will end up with a lot of false positives and false negatives.  And if
> it becomes a problem, the NAT implementors will simply alter their code
> to make it impossible to distinguish from a single host's traffic.
> -- David

Jared Mauch  | pgp key available via finger from jared at
clue++;      |  My statements are only mine.

More information about the NANOG mailing list