republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Hiding Behind Your NAT » Rolling my own
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
another angle »
« bunch of crap  
hescominsoon

join:2003-02-18
Brunswick, MD

Re: Rolling my own

so far this is easy to defeat..do not let NAT decrement the counter..and use a firewall(either in the NAT box itself or the clients) that block OS fingerprinting..problem solved.
--
God Blesshttp://www.faithwalk.org
permalink · 2003-04-24 13:19:13 · Reply to this

Kylemaul
Lovin' My Firefox 1.5.x
Premium
join:2001-03-30
North Port, FL
clubs:
·Verizon FIOS

Re: Rolling my own

Errrrrrr....could you dumb your post down a little for us poor novices? How do you determine if your NAT router has the capability to disable decrementing a counter? And what is decrementing and what is 'the counter'?
--
'The tighter the RIAA squeezes their fingers, the more stars and systems will slip through their fingers.'
permalink · 2003-04-24 13:30:31 · Reply to this
DonLibes
Premium,ExMod 2001
join:2003-01-19

Re: Rolling my own

I think the reference to decrementing the counter was a reference to TTL. But that's not how Bellovin's technique worked.
permalink · 2003-04-24 13:42:24 · Reply to this

amenite
The Soylent - It's People
Premium
join:2002-11-21
Ridgewood, NJ
clubs:
·Verizon Online DSL
said by Kylemaul See Profile:
Errrrrrr....could you dumb your post down a little for us poor novices? How do you determine if your NAT router has the capability to disable decrementing a counter? And what is decrementing and what is 'the counter'?
Don't know what routers might allow you to change the ip header info, but once you read the article the idea is pretty straight forward, the IP header info contains an ID string, which is [often/usu.?] assigned in incremental order, like a counter. Knowing the OS, how it handles the numbering, and analyzing the IP id can give you some idea of the hosts behind the NAT device.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay.-Thunderclese
permalink · 2003-04-24 13:44:59 · Print · Reply to this

succintly put

@207.99.x.x

Re: Rolling my own

Iptables supports 'packet mangling' as just one of it's many functions. Packet mangling changes the packet headers.

You can get a lot more advice and help in the 'All Things Unix' forum. I -may- get a friend to write and post a 'how-to' in ATU when I'm done. 'nuff said.
permalink · 2003-04-24 14:04:08 · Reply to this

amenite
The Soylent - It's People
Premium
join:2002-11-21
Ridgewood, NJ
clubs:
·Verizon Online DSL

Re: Rolling my own

said by succintly put:
...
You can get a lot more advice and help in the 'All Things Unix' forum. I -may- get a friend to write and post a 'how-to' in ATU when I'm done. 'nuff said.
That would be excellent, the topic is a little obscure to many of us.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay.-Thunderclese
permalink · 2003-04-24 14:13:39 · Reply to this

pvale
Lurk, Lurk, Lurk,They Call Me The Lurker

join:2000-03-29
Washington, MO
clubs:
·Charter Pipeline

 What if you are running 2 NAT devices in series? I'm running a Freesco PC-made-into-router, feeding a Netgear RT314, and my machines are connected behind the Netgear box. I haven't read the mentioned paper, but the only ID that would show on the WAN side of the Freesco would be the Netgear's. Since Freesco is built on a small Linux distribution, I'm sure I can change what it does/reports.
--
Using ET photons (Solar Power) to search for ET.
permalink · 2003-04-24 13:51:24 · Reply to this

amenite
The Soylent - It's People
Premium
join:2002-11-21
Ridgewood, NJ
clubs:
·Verizon Online DSL

Re: Rolling my own

said by pvale See Profile:
What if you are running 2 NAT devices in series? I'm running a Freesco PC-made-into-router, feeding a Netgear RT314, and my machines are connected behind the Netgear box. I haven't read the mentioned paper, but the only ID that would show on the WAN side of the Freesco would be the Netgear's. Since Freesco is built on a small Linux distribution, I'm sure I can change what it does/reports.
The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device. It only has to do with the IP address in that you would be monitoring/analyzing the all packet headers originating from a particular IP address.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay.-Thunderclese
permalink · 2003-04-24 14:20:58 · Print · Reply to this

AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO
·Comcast

Re: Rolling my own

said by amenite See Profile:
The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device.
Are the IPid's not assigned by the NAT device? Seems like they would have to be. (so the NAT device could send the packets to the correct IP in the LAN)
permalink · 2003-04-24 15:38:48 · Reply to this

amenite
The Soylent - It's People
Premium
join:2002-11-21
Ridgewood, NJ
clubs:
·Verizon Online DSL

Re: Rolling my own

said by AthlGrond See Profile:
said by amenite See Profile:
The ID in question is the IP id string assigned to each packet by the OS, not the IP address of the NAT device.
Are the IPid's not assigned by the NAT device? Seems like they would have to be. (so the NAT device could send the packets to the correct IP in the LAN)
According to the article, the "IP id" field is generated by the host, and is only used to reassemble fragmented packets. It must be unique among all packets of one protocol that have the same source and destination address (to allow for correct reassembly in case of fragmentation). I am assuming that the NAT device only alters the source IP, or leaves enough of the IP id string intact to allow the technique to work.
--
Time is an abstract concept invented by carbon based life forms to monitor their constant decay.-Thunderclese
permalink · 2003-04-24 16:25:29 · Print · Reply to this

AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO

Re: Rolling my own

Thanks, I reread it and much clearer now. You are correct.
permalink · 2003-04-24 17:01:38 · Reply to this
Forums » Hiding Behind Your NATanother angle »
« bunch of crap  

Wednesday, 09-Dec 13:39:31 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [197] Sprint Sued For Distracted Driving Death
· [81] 3G Network Test Says AT&T Is Tops
· [79] AT&T Launching New 24 Mbps U-Verse Tier
· [72] Mediacom Unveils 105 Mbps Pricing
· [65] Sprint Poised For A Turnaround?
· [58] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [50] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
· [39] Verizon LTE: 5-12 Mbps Downstream
Most people now reading
· Comcast refused to install 400' feet. [Comcast HSI]
· Is sleeping similar to being dead? [General Questions]
· Cross Server Dungeon Experience [World of Warcraft]
· Smoke detectors gone wild [Home Repair & Improvement]
· The aftermath [World of Warcraft]
· New PvE Content [World of Warcraft]
· Buzzing whatchamacallit in ceiling...?? Help identify. [Home Repair & Improvement]
· ICC strats [World of Warcraft]
· What Server are you on? [World of Warcraft]
· persistent connection to qw-in-f113.1e100.net on boot [Security]