Steven M. Bellovin
ABSTRACT
There have been many attempts to measure how many hosts are on the Internet. Many of those end-points, however, are NAT boxes (Network Address Translators), and actually represent several different computers. We describe a technique for detecting NATs and counting the number of active hosts behind them. The technique is based on the observation that on many operating systems, the IP header's ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined. Our implementation, tested on aggregated local trace data, demonstrates the feasibility (and limitations) of the scheme.
- P. Srisuresh and K. Egevang, "Traditional IP network address translator (traditional NAT)," RFC 3022, Internet Engineering Task Force, Jan. 2001.]] Google Scholar
Digital Library
- T. Hain, "Architectural implications of NAT," RFC 2993, Internet Engineering Task Force, Nov. 2000.]] Google ScholarDigital Library
- J. Postel, "Internet protocol," RFC 791, Internet Engineering Task Force, Sept. 1981.]]Google Scholar
- Ratul Mahajan, Neil T. Spring, and David Wetherall, "Measuring ISP topologies with Rocketfuel," in Proceedings of SIGCOMM 2002, 2002, to appear.]] Google ScholarDigital Library
- J.C. Mogul and S. E. Deering, "Path MTU discovery," RFC 1191, Internet Engineering Task Force, Nov. 1990.]] Google ScholarDigital Library
- M. Holdrege and P. Srisuresh, "Protocol complications with the IP network address translator," RFC 3027, Internet Engineering Task Force, Jan. 2001.]] Google ScholarDigital Library
- D. Senie, "Network address translator (nat)-friendly application design guidelines," RFC 3235, Internet Engineering Task Force, Jan. 2002.]] Google ScholarDigital Library
- Jim Reeds, "Cracking" a random number generator," Cryptologia, vol. 1, no. 1, January 1977.]]Google Scholar
- Jacques Stern, "Secret linear congruential generators are not cryptographically secure," in Proceedings of the IEEE Symposium on Foundations of Computer Science, 1987.]]Google Scholar
- S. Kent and R. Atkinson, "Security architecture for the internet protocol," RFC 2401, Internet Engineering Task Force, Nov. 1998.]] Google ScholarDigital Library
- H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: a transport protocol for real-time applications," RFC 1889, Internet Engineering Task Force, Jan. 1996.]]Google Scholar
- Honeynet Project, "Know your enemy: Passive fingerprinting," March 2002, http://project.honeynet.org/ papers/finger.]]Google Scholar
Index Terms
- A technique for counting natted hosts
Recommendations
Fast selective ACK scheme for throughput enhancement of multi-homed SCTP hosts
This Letter proposes a fast selective ACK scheme for Stream Control Transmission Protocol (SCTP) to enhance transmission throughput in multi-homing scenarios. In the proposed scheme, a multi-homed receiver sends SACK chunks to the sender over the ...
Robust application-level multicast tree construction for wireless/mobile hosts
WWIC'06: Proceedings of the 4th international conference on Wired/Wireless Internet CommunicationsIP multicast is an effective technology to distribute identical data simultaneously to multiple users. However, for technical and administrative reasons, IP multicast has not been globally deployed on the Internet. Another approach to multicast is ...
IP multicast for mobile hosts
We present alternative designs for efficiently supporting multicast for mobile hosts on the Internet. Methods for separately supporting multicasting and mobility along with their possible interactions are briefly described, and then various solutions to ...
Comments