[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sflow NAT detection.



Ed White suggested an option for static TTL
(http://hacking.openbsd.it/#RFC#10) which would stop this part of the
detection from working. You can allready choose low ports for your
nat-translation and ip id can be randomized with scrub random-id. This,
however, will (in a clean windows net) get you attention with the detection
described.
The technique is imho only effective in a cooperate environment to detect
possible security leaks, not for dail-in/dsl providers. As they can't assume
that you are useing windows etc.
Max
----- Original Message -----
From: "Kristoffer Björk" <[email protected]>
To: <[email protected]>
Sent: Thursday, April 24, 2003 11:03 AM
Subject: Sflow NAT detection.
Hi, i just did see a notice on slashdot about NAT detection using sflow.
The article can be found here:
http://www.sflow.org/detectNAT/
Could pf defeat this in anyway?
just interestend...
//Kristoffer Björk