NATting a whole country?

Gadi Evron ge at
Wed Jan 3 23:42:35 UTC 2007

On Wed, 3 Jan 2007, Steven M. Bellovin wrote:
> According to
> all of Qatar appears on the net as a single IP address.  I don't know
> if it's NAT or a proxy that you need to use to get out to the world,
> but whatever the exact cause, it had a predictable consequence -- the
> entire country was barred from editing Wikipedia, due to abuse by
> (presumably) a few people.

Half related, the amazing Steven Murdoch did some traffic analysis on a
similar issue, trying to detect machines behind the annonyzing Tor network.

"By requesting timestamps from a computer, a remote adversary can find out
the precise speed of its system clock. As each clock crystal is slightly
different, and varies with temperature, this can act as a fingerprint of
the computer and its location."

Anyone remember CAIDA's study on the crystals for detecting machines
through NATs?

Another good lecture on traffic analysis at CCC, which was an
introduction by George Danezis:


More information about the NANOG mailing list