IPv6
Bill Bogstad
bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Thu Mar 31 23:27:19 EDT 2011
On Thu, Mar 31, 2011 at 10:56 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On Mar 31, 2011, at 10:20 PM, Rich Braun wrote:
>>
>> IPv4 NAT makes such verification more or less impossible at the upstream ISP
>> side. That's one thing I like about the status quo.
>
> This is a myth. It's quite possible and sometimes trivially easy for an ISP to determine if a customer has multiple devices behind NAT and to count how many are being used. A simple method is to look at the time stamps on every packet. Every OS has a known time stamp increment method. If you watch how the time stamps change then you can identify the operating system. If you see more than one OS then chances are that the customer has more than one running system behind NAT. Related, no two system clocks are precisely in sync, not even with NTP. If you see time stamps shift forward and backward in time then you have identified multiple nodes behind the NAT bridge. There are other ways; these just happen to be two of the easiest ones.
Did you mean TCP sequence numbers? Otherwise, I'm not sure
what you mean and would be interested in learning more.
Thanks,
Bill Bogstad
More information about the Discuss
mailing list