Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Detect or Block double NAT

Detect or Block double NAT 12 years 2 weeks ago #14975

  • SmartDude
  • SmartDude's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 88
  • Thank you received: 0
Dear all,
How do i block / detect Double internet sharing (NAT) eg.
I shared the internet to 192.168.0.14
then again 192.168.0.14 shared internet to 192.168.1.14

So how do we detect/block this 2 time internet sharing (NAT)
I heard there is a paper about detecting double NAT but can't find it. I hope u guys will help me . Thank in advance

Please Log in to join the conversation.

Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude

Re: Detect or Block double NAT 12 years 1 week ago #15045

  • SmartDude
  • SmartDude's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 88
  • Thank you received: 0
Nobody replied to my query :(
is the question unclear guys ?

Please Log in to join the conversation.

Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude

Re: Detect or Block double NAT 12 years 1 week ago #15053

Honestly, there is really no way to detect this. That is whole point of NAT. It makes multiple hosts look like one.

You might be able to make a logical guess by looking at traffic patterns and the amount of bandwidth used by a the host in question, but there is no easy way to disect the packet and say definitively that a host is doing NAT for one or more machines.
Try looking for a router. Use the IEEE OUI lookup tool to convert the MAC to a manufacturer. If you find a Cisco-Linksys device where there should be a workstation, then you can start your investigation there.

Please Log in to join the conversation.

Re: Detect or Block double NAT 12 years 1 week ago #15112

  • SmartDude
  • SmartDude's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 88
  • Thank you received: 0
Thanks for the reply, but i heard from somebody that from headers there is way to detect the Double NAT, and even there is white paper on internet. But i m unable to find that paper on internet ? Can somebody help me to get that paper.

Please Log in to join the conversation.

Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude

Re: Detect or Block double NAT 12 years 1 week ago #15113

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 613
  • Thank you received: 0
As far as I know it is just like d_jabsd said, there is no certain and definite way you can tell if NAT takes place (once or more than once). There are indications that can be extracted from header information and traffic paterns which can lead to a reasonable guess most of the times, however it will always be a guess -any header information that would indicate NAT, like TTL or ID values of IP, can easily be overwritten.

I believe this paper you refer to will be describing such a guessing method.

Given the fact that most papers are published in PDF, you can try your luck using the filetype:pdf filter of google to narrow down your search.

Please Log in to join the conversation.

Re: Detect or Block double NAT 11 years 9 months ago #16625

  • SmartDude
  • SmartDude's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 88
  • Thank you received: 0

As far as I know it is just like d_jabsd said, there is no certain and definite way you can tell if NAT takes place (once or more than once). There are indications that can be extracted from header information and traffic paterns which can lead to a reasonable guess most of the times, however it will always be a guess -any header information that would indicate NAT, like TTL or ID values of IP, can easily be overwritten.

I believe this paper you refer to will be describing such a guessing method.

Given the fact that most papers are published in PDF, you can try your luck using the filetype:pdf filter of google to narrow down your search.



Can you tell me how do i get header information for this double NAT ?

Please Log in to join the conversation.

Share the Knowledge, make a master being a Master...
Best Regards,
SmartDude
  • Page:
  • 1
  • 2
Time to create page: 0.155 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup