Home » Mailing list archives » openbsd-misc » 2008 » June » 17

Re: detection of machines behind PF firewall

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Fernando Gont <fernando@...>
To: alexander lind <malte@...>
Cc: misc <misc@...>
Subject: Re: detection of machines behind PF firewall
Date: Tuesday, June 17, 2008 - 2:27 am

At 05:05 p.m. 13/06/2008, you wrote:


>Is there currently any known method for detecting information about a


That depends on the TCP/IP implementation of the hosts behind de NAT.

For example, if the IP ID generator is linear, it can be exploited to

infer that two IP addresses actually correspond to the same host.

Other TCP/IP parameters might be of similar help. However, if those

parameters are randomized in each of the systems behind the NAT, your

task would be harder.


See, e.g.,

Bellovin, S. M. 2002. A Technique for Counting NATted Hosts. IMW'02,

Nov. 6-8, 2002, Marseille, France.


Kind regards,


--

Fernando Gont

e-mail: fernando@gont.com.ar || fgont@acm.org

PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
detection of machines behind PF firewall, alexander lind, (Fri Jun 13, 4:05 pm)
Re: detection of machines behind PF firewall, Fernando Gont, (Tue Jun 17, 2:27 am)
Re: detection of machines behind PF firewall, Aaron Stellman, (Fri Jun 13, 4:22 pm)
Re: detection of machines behind PF firewall, alexander lind, (Sun Jun 15, 6:52 am)
Re: detection of machines behind PF firewall, David Schulz, (Sun Jun 15, 12:23 pm)
Re: detection of machines behind PF firewall, Lars Noodén, (Sun Jun 15, 1:12 pm)