Article

A technique for counting natted hosts

Author:

Steven M. BellovinAuthors Info & Claims

IMW '02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment

Pages 267 - 272

https://doi.org/10.1145/637201.637243

Published: 06 November 2002 Publication History

Get Access

Abstract

There have been many attempts to measure how many hosts are on the Internet. Many of those end-points, however, are NAT boxes (Network Address Translators), and actually represent several different computers. We describe a technique for detecting NATs and counting the number of active hosts behind them. The technique is based on the observation that on many operating systems, the IP header's ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined. Our implementation, tested on aggregated local trace data, demonstrates the feasibility (and limitations) of the scheme.

References

[1]

P. Srisuresh and K. Egevang, "Traditional IP network address translator (traditional NAT)," RFC 3022, Internet Engineering Task Force, Jan. 2001.]]

Digital Library

Google Scholar

[2]

T. Hain, "Architectural implications of NAT," RFC 2993, Internet Engineering Task Force, Nov. 2000.]]

Digital Library

Google Scholar

[3]

J. Postel, "Internet protocol," RFC 791, Internet Engineering Task Force, Sept. 1981.]]

Google Scholar

[4]

Ratul Mahajan, Neil T. Spring, and David Wetherall, "Measuring ISP topologies with Rocketfuel," in Proceedings of SIGCOMM 2002, 2002, to appear.]]

Digital Library

Google Scholar

[5]

J.C. Mogul and S. E. Deering, "Path MTU discovery," RFC 1191, Internet Engineering Task Force, Nov. 1990.]]

Digital Library

Google Scholar

[6]

M. Holdrege and P. Srisuresh, "Protocol complications with the IP network address translator," RFC 3027, Internet Engineering Task Force, Jan. 2001.]]

Digital Library

Google Scholar

[7]

D. Senie, "Network address translator (nat)-friendly application design guidelines," RFC 3235, Internet Engineering Task Force, Jan. 2002.]]

Digital Library

Google Scholar

[8]

Jim Reeds, "Cracking" a random number generator," Cryptologia, vol. 1, no. 1, January 1977.]]

Google Scholar

[9]

Jacques Stern, "Secret linear congruential generators are not cryptographically secure," in Proceedings of the IEEE Symposium on Foundations of Computer Science, 1987.]]

Google Scholar

[10]

S. Kent and R. Atkinson, "Security architecture for the internet protocol," RFC 2401, Internet Engineering Task Force, Nov. 1998.]]

Digital Library

Google Scholar

[11]

H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: a transport protocol for real-time applications," RFC 1889, Internet Engineering Task Force, Jan. 1996.]]

Google Scholar

[12]

Honeynet Project, "Know your enemy: Passive fingerprinting," March 2002, http://project.honeynet.org/ papers/finger.]]

Google Scholar

Cited By

View all

Kaniewski SBechtel LMenth MHeer T(2024)Monitoring IP- ID Behavior for Spoofed IPv4 Traffic Detection2024 IEEE 29th International Conference on Emerging Technologies and Factory Automation (ETFA)10.1109/ETFA61755.2024.10710708(1-8)Online publication date: 10-Sep-2024
https://doi.org/10.1109/ETFA61755.2024.10710708
Albakour TGasser OBeverly RSmaragdakis GMontpetit MLeivadeas AUhlig SJaved M(2023)Illuminating Router Vendor Diversity Within Providers and Along Network PathsProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624813(89-103)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624813
Adler ABass LElovici YPuzis R(2023)How Polynomial Regression Improves DeNATingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.326639020:4(5000-5011)Online publication date: Dec-2023
https://doi.org/10.1109/TNSM.2023.3266390
Show More Cited By

Index Terms

A technique for counting natted hosts
1. Networks

Recommendations

Fast selective ACK scheme for throughput enhancement of multi-homed SCTP hosts

This Letter proposes a fast selective ACK scheme for Stream Control Transmission Protocol (SCTP) to enhance transmission throughput in multi-homing scenarios. In the proposed scheme, a multi-homed receiver sends SACK chunks to the sender over the ...
Robust application-level multicast tree construction for wireless/mobile hosts
WWIC'06: Proceedings of the 4th international conference on Wired/Wireless Internet Communications

IP multicast is an effective technology to distribute identical data simultaneously to multiple users. However, for technical and administrative reasons, IP multicast has not been globally deployed on the Internet. Another approach to multicast is ...
IP multicast for mobile hosts

We present alternative designs for efficiently supporting multicast for mobile hosts on the Internet. Methods for separately supporting multicasting and mobility along with their possible interactions are briefly described, and then various solutions to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

IMW '02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment

November 2002

334 pages

ISBN:158113603X

DOI:10.1145/637201

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

IMW02

Sponsor:

SIGCOMM

IMW02: Internet Measurement Workshop

November 6 - 8, 2002

Marseille, France

Acceptance Rates

Overall Acceptance Rate 29 of 80 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

148
Total Citations
View Citations
623
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)3

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kaniewski SBechtel LMenth MHeer T(2024)Monitoring IP- ID Behavior for Spoofed IPv4 Traffic Detection2024 IEEE 29th International Conference on Emerging Technologies and Factory Automation (ETFA)10.1109/ETFA61755.2024.10710708(1-8)Online publication date: 10-Sep-2024
https://doi.org/10.1109/ETFA61755.2024.10710708
Albakour TGasser OBeverly RSmaragdakis GMontpetit MLeivadeas AUhlig SJaved M(2023)Illuminating Router Vendor Diversity Within Providers and Along Network PathsProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624813(89-103)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624813
Adler ABass LElovici YPuzis R(2023)How Polynomial Regression Improves DeNATingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.326639020:4(5000-5011)Online publication date: Dec-2023
https://doi.org/10.1109/TNSM.2023.3266390
Holland JSchmitt PFeamster NMittal PKim YKim JVigna GShi E(2021)New Directions in Automated Traffic AnalysisProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484758(3366-3383)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484758
Mateless RZlatokrilov HOrevi LSegal MMoskovitch R(2021)IPvest: Clustering the IP Traffic of Network Entities Hidden Behind a Single IP Address Using Machine LearningIEEE Transactions on Network and Service Management10.1109/TNSM.2021.306248818:3(3647-3661)Online publication date: Sep-2021
https://doi.org/10.1109/TNSM.2021.3062488
Klein A(2021)Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00054(1179-1196)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00054
Gosain DJaiswal AAcharya HChakravarty S(2021)Telemetron: Measuring Network Capacity Between Off-Path Remote Hosts2021 IEEE 46th Conference on Local Computer Networks (LCN)10.1109/LCN52139.2021.9524946(351-354)Online publication date: 4-Oct-2021
https://doi.org/10.1109/LCN52139.2021.9524946
Nassar RElhajj IKayssi ASalam S(2021)Identifying NAT Devices to Detect Shadow IT: A Machine Learning Approach2021 IEEE/ACS 18th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA53542.2021.9686910(1-7)Online publication date: Nov-2021
https://doi.org/10.1109/AICCSA53542.2021.9686910
Li VAkiwate GLevchenko KVoelker GSavage S(2021)Clairvoyance: Inferring Blocklist Use on the InternetPassive and Active Measurement10.1007/978-3-030-72582-2_4(57-75)Online publication date: 30-Mar-2021
https://doi.org/10.1007/978-3-030-72582-2_4
Lee SKim SLee JRoh B(2020)Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response PatternsSymmetry10.3390/sym1209144412:9(1444)Online publication date: 2-Sep-2020
https://doi.org/10.3390/sym12091444
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Fast selective ACK scheme for throughput enhancement of multi-homed SCTP hosts

Robust application-level multicast tree construction for wireless/mobile hosts

IP multicast for mobile hosts