Re: Rolling my own in http://www.dslreports.com/forum/r6656836 en Tue, 01 Dec 2009 13:44:38 EDT Tue, 01 Dec 2009 13:44:38 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6658327 AthlGrond : Thanks, I reread it and much clearer now. You are correct.]]> http://www.dslreports.com/forum/remark,6658327 Thu, 24 Apr 2003 17:01:38 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6657985 amenite :
said by AthlGrond See Profile:
said by amenite See Profile:
The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device.
Are the IPid's not assigned by the NAT device? Seems like they would have to be. (so the NAT device could send the packets to the correct IP in the LAN)

According to the article, the "IP id" field is generated by the host, and is only used to reassemble fragmented packets. It must be unique among all packets of one protocol that have the same source and destination address (to allow for correct reassembly in case of fragmentation). I am assuming that the NAT device only alters the source IP, or leaves enough of the IP id string intact to allow the technique to work.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay. -Thunderclese]]> http://www.dslreports.com/forum/remark,6657985 Thu, 24 Apr 2003 16:25:29 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6657527 AthlGrond :
said by amenite See Profile:
The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device.
Are the IPid's not assigned by the NAT device? Seems like they would have to be. (so the NAT device could send the packets to the correct IP in the LAN)]]> http://www.dslreports.com/forum/remark,6657527 Thu, 24 Apr 2003 15:38:48 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656897 amenite :
said by pvale See Profile:
What if you are running 2 NAT devices in series? I'm running a Freesco PC-made-into-router, feeding a Netgear RT314, and my machines are connected behind the Netgear box. I haven't read the mentioned paper, but the only ID that would show on the WAN side of the Freesco would be the Netgear's. Since Freesco is built on a small Linux distribution, I'm sure I can change what it does/reports.

The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device. It only has to do with the IP address in that you would be monitoring/analyzing the all packet headers originating from a particular IP address.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay. -Thunderclese]]> http://www.dslreports.com/forum/remark,6656897 Thu, 24 Apr 2003 14:20:58 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656836 amenite :
said by succintly put:
...
You can get a lot more advice and help in the 'All Things Unix' forum. I -may- get a friend to write and post a 'how-to' in ATU when I'm done. 'nuff said.

That would be excellent, the topic is a little obscure to many of us.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay. -Thunderclese]]> http://www.dslreports.com/forum/remark,6656836 Thu, 24 Apr 2003 14:13:39 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656749 anon : Iptables supports 'packet mangling' as just one of it's many functions. Packet mangling changes the packet headers.

You can get a lot more advice and help in the 'All Things Unix' forum. I -may- get a friend to write and post a 'how-to' in ATU when I'm done. 'nuff said.]]> http://www.dslreports.com/forum/remark,6656749 Thu, 24 Apr 2003 14:04:08 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656733 vic102482 : Linux routing definatly would come in handly with a situation like this. Also someone will market a router and switch that is "privacy enabled" so that they wont be able to see it anyways.

Comcast will make their enimes rich if they persue this avenue.

Remeber, Hack the Crack, Crack the Hack never ending cycle.

vic102482 See Profile made that up!! remember that lol.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!!]]> http://www.dslreports.com/forum/remark,6656733 Thu, 24 Apr 2003 14:02:14 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656645 pvale : What if you are running 2 NAT devices in series? I'm running a Freesco PC-made-into-router, feeding a Netgear RT314, and my machines are connected behind the Netgear box. I haven't read the mentioned paper, but the only ID that would show on the WAN side of the Freesco would be the Netgear's. Since Freesco is built on a small Linux distribution, I'm sure I can change what it does/reports.
--
Using ET photons (Solar Power) to search for ET.]]> http://www.dslreports.com/forum/remark,6656645 Thu, 24 Apr 2003 13:51:24 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656603 amenite :
said by Kylemaul See Profile:
Errrrrrr....could you dumb your post down a little for us poor novices? How do you determine if your NAT router has the capability to disable decrementing a counter? And what is decrementing and what is 'the counter'?

Don't know what routers might allow you to change the ip header info, but once you read the article the idea is pretty straight forward, the IP header info contains an ID string, which is [often/usu.?] assigned in incremental order, like a counter. Knowing the OS, how it handles the numbering, and analyzing the IP id can give you some idea of the hosts behind the NAT device.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay. -Thunderclese]]> http://www.dslreports.com/forum/remark,6656603 Thu, 24 Apr 2003 13:44:59 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656579 DonLibes : I think the reference to decrementing the counter was a reference to TTL. But that's not how Bellovin's technique worked.]]> http://www.dslreports.com/forum/remark,6656579 Thu, 24 Apr 2003 13:42:24 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656469 Kylemaul : Errrrrrr....could you dumb your post down a little for us poor novices? How do you determine if your NAT router has the capability to disable decrementing a counter? And what is decrementing and what is 'the counter'?
--
'The tighter the RIAA squeezes their fingers, the more stars and systems will slip through their fingers.']]> http://www.dslreports.com/forum/remark,6656469 Thu, 24 Apr 2003 13:30:31 EDT Re: Rolling my own http://www.dslreports.com/forum/remark,6656366 hescominsoon : so far this is easy to defeat..do not let NAT decrement the counter..and use a firewall(either in the NAT box itself or the clients) that block OS fingerprinting..problem solved.
--
God Bless »www.faithwalk.org]]> http://www.dslreports.com/forum/remark,6656366 Thu, 24 Apr 2003 13:19:13 EDT Rolling my own http://www.dslreports.com/forum/remark,6656302 anon : This is why I am now 'rolling my own' GNU/Linux iptables based router. It will look like a single computer no matter how they try to analyze the packets. Even down to the single MAC address.

Good thing I live in NJ where we don't (to my best knowledge) have any S-DMCA proposals yet.

And if/when we do, as others have said, they'll have to pry my NAT router out of my cold dead hands.]]> http://www.dslreports.com/forum/remark,6656302 Thu, 24 Apr 2003 13:13:22 EDT