NATting a whole country?
Gadi Evron
ge at linuxbox.org
Wed Jan 3 23:42:35 UTC 2007
On Wed, 3 Jan 2007, Steven M. Bellovin wrote:
>
> According to
> http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html
> all of Qatar appears on the net as a single IP address. I don't know
> if it's NAT or a proxy that you need to use to get out to the world,
> but whatever the exact cause, it had a predictable consequence -- the
> entire country was barred from editing Wikipedia, due to abuse by
> (presumably) a few people.
Half related, the amazing Steven Murdoch did some traffic analysis on a
similar issue, trying to detect machines behind the annonyzing Tor network.
"By requesting timestamps from a computer, a remote adversary can find out
the precise speed of its system clock. As each clock crystal is slightly
different, and varies with temperature, this can act as a fingerprint of
the computer and its location."
ftp://ftp.fortunaty.net/video/23c3/wmv/timeskew2-t2s1.wmv
http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html
Anyone remember CAIDA's study on the crystals for detecting machines
through NATs?
http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaffy05-devicefingerprinting.pdf
Another good lecture on traffic analysis at CCC, which was an
introduction by George Danezis:
http://events.ccc.de/congress/2006/Fahrplan/attachments/1185-DanezisTAIntro.pdf
Gadi.
More information about the NANOG
mailing list