Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Detect or Block double NAT

Detect or Block double NAT 10 years 3 months ago #14975

  • SmartDude
  • SmartDude's Avatar
  • Offline
  • Distinguished Member
  • Posts: 88
  • Karma: 0
Dear all,
How do i block / detect Double internet sharing (NAT) eg.
I shared the internet to 192.168.0.14
then again 192.168.0.14 shared internet to 192.168.1.14

So how do we detect/block this 2 time internet sharing (NAT)
I heard there is a paper about detecting double NAT but can't find it. I hope u guys will help me . Thank in advance
Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude
The administrator has disabled public write access.

Re: Detect or Block double NAT 10 years 3 months ago #15045

  • SmartDude
  • SmartDude's Avatar
  • Offline
  • Distinguished Member
  • Posts: 88
  • Karma: 0
Nobody replied to my query :(
is the question unclear guys ?
Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude
The administrator has disabled public write access.

Re: Detect or Block double NAT 10 years 3 months ago #15053

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
Honestly, there is really no way to detect this. That is whole point of NAT. It makes multiple hosts look like one.

You might be able to make a logical guess by looking at traffic patterns and the amount of bandwidth used by a the host in question, but there is no easy way to disect the packet and say definitively that a host is doing NAT for one or more machines.
Try looking for a router. Use the IEEE OUI lookup tool to convert the MAC to a manufacturer. If you find a Cisco-Linksys device where there should be a workstation, then you can start your investigation there.
The administrator has disabled public write access.

Re: Detect or Block double NAT 10 years 3 months ago #15112

  • SmartDude
  • SmartDude's Avatar
  • Offline
  • Distinguished Member
  • Posts: 88
  • Karma: 0
Thanks for the reply, but i heard from somebody that from headers there is way to detect the Double NAT, and even there is white paper on internet. But i m unable to find that paper on internet ? Can somebody help me to get that paper.
Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude
The administrator has disabled public write access.

Re: Detect or Block double NAT 10 years 3 months ago #15113

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Posts: 613
  • Karma: 0
As far as I know it is just like d_jabsd said, there is no certain and definite way you can tell if NAT takes place (once or more than once). There are indications that can be extracted from header information and traffic paterns which can lead to a reasonable guess most of the times, however it will always be a guess -any header information that would indicate NAT, like TTL or ID values of IP, can easily be overwritten.

I believe this paper you refer to will be describing such a guessing method.

Given the fact that most papers are published in PDF, you can try your luck using the filetype:pdf filter of google to narrow down your search.
The administrator has disabled public write access.

Re: Detect or Block double NAT 10 years 3 weeks ago #16625

  • SmartDude
  • SmartDude's Avatar
  • Offline
  • Distinguished Member
  • Posts: 88
  • Karma: 0
As far as I know it is just like d_jabsd said, there is no certain and definite way you can tell if NAT takes place (once or more than once). There are indications that can be extracted from header information and traffic paterns which can lead to a reasonable guess most of the times, however it will always be a guess -any header information that would indicate NAT, like TTL or ID values of IP, can easily be overwritten.

I believe this paper you refer to will be describing such a guessing method.

Given the fact that most papers are published in PDF, you can try your luck using the filetype:pdf filter of google to narrow down your search.


Can you tell me how do i get header information for this double NAT ?
Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup