您现在的位置: 天下网吧 >> 网吧焦点 >> 网吧技术 >> 网管 >> 正文

网络中检测共享(NAT)的原理分析

[作者:中国IT实验室收集整… 来源:佚名 时间:2012-11-16我来说两句

    网络尖兵原来采用的检测技术主要是:

    1、检查从下级IP出来的IP包的IP-ID是否是连续的,如果不是连续的,则判定下级使用了nat.

    2、检查从下级IP出来的IP包的ttl值是否是32、64、128这几个值,如果不是,刚判定下级使用了nat.

    3、检查从下级IP出来的http请求包中是否包含有proxy的字段,如果有,则下级用了http代理。

    由于检测和防检查技术的对抗升级,现在可能增加了检测的内容:

    一、通过行为统计:

    1. 在三秒内同一IP對兩個以上的網站進行Request,將此IP視為透過NAT進行傳輸。"

    2. 在兩秒內,若同一IP對同一個網站,進行兩次以上的Request,將此IP視為透過NAT進行傳輸。

    二、深度检测数据包内容:

    1.检测并发连接数量

    2.检测下级IP出来的QQ号码数量,如果同时有5个QQ号,则判定为共享。

    3.更多的检测方法

    Detecting NAT Routers Thursday, April 24 2003 @ 08:35 AM CDT Contributed by: opticfiber A great paper written by Peter Phaal explains the simple method used in his companIEs product, Sflow, to detect multiple host behind a NAT firewall. The secret, it would seem is simply monitoring of the TTL of out going packets and comparing them to a host know not to be using a NAT firewall.

    Another method only touched upon by Phaal is passive OS finger printing, although this method is less reliable, an statistical analasys could determine if multiple operating systems were using the same network network device. If this were the case it would be reasonable to assume that that host was in fact a NAT device.

    AT&T Labs has published a paper explaining how to count the number of devices behind a NAT device. The method AT&T uses, relIEs on the fact that most operating systems (excluding Linux and Free BSD) use IP header ID's as simple counters. By observing out of sequence header ID's, an analasys can calculate how many actual hosts are behind a NAT device./

    Each of these methods can be easily defeated through better sterilization by the router itself. In the first example, if the TTL for each TCP packet was re-written by the router for each packet to the value of 128, the first method would no longer function. For the second method, sterilizing IP header information and stripping unneeded TCP flags would successfully undermine this SCheme. For the last Method, counting hosts behind a router. Striping the fragmentation flag for syn packets, and setting the IP ID to '0', (like Linux and Free BSD both do) would make it impossible to count hosts behind a NAT router. P

    转自:http://www.routerclub.com/vIEwnews_230.html

本文来源:佚名 作者:中国IT实验室收集整…
相关文章
没有相关文章
我来说两句(请遵守法律法规)
 网吧精品   网络布线   热门专题   推荐配置   网络安全   路由专题   网吧游戏更新   网吧QQ关   网吧注册表   网吧新手   网吧优化   网吧无盘优化   网吧系统优化   迅闪2008   网吧三层更新   无盘服务器   MaxDos   Win2008   网吧虚拟磁盘   星际争霸II   锐起无盘   网维大师   网吧游戏菜单   网吧活动   迅闪2009   网吧母盘   万象   网吧真实生活   迅闪2010   信佑2010   Windows8   信佑   迅闪   易游   顺网无盘   连锁网吧   黑网吧   网吧新闻   网吧闲聊   网吧游戏   互联网类软件   增值联盟   网吧广告联盟   有道搜索联盟   淘123联盟   网吧广告   深度无盘   信佑无盘   网众无盘   MZD无盘   网吧软件故障解决   网吧硬件故障大全   海蜘蛛   ROS   磁盘缓存   网吧GHOST   快吧无盘   快吧教程   网吧防盗   2011网吧政策   绿色网吧   网吧禁烟   万象2004   雪花病毒   网吧电影   网吧达人   QQ网吧   SuperCache|SuperSpeed   CCDISK   网吧远程控制   网吧配置   万象密码   迅闪无盘   网吧系统下载   网吧管理系统   网吧键盘   网吧鼠标   WIN8专题   网吧最新新闻   网吧路由   锐起无盘补丁   WayOs   网吧显示器   液晶   万能包   网吧消防   显卡   SSD   网卡   网吧源码   主板   云海   I8无盘   网卡汇聚   网吧DDOS

更多专题

声明
本文来源地址:http://cisco.chinaitlab.com/List_137.html
声明:本站所发表的文章、评论及图片仅代表作者本人观点,与本站立场无关。若文章侵犯了您的相关权益,请及时与我们联系,我们会及时处理,感谢您对本站的支持!联系邮箱:support@txwb.com.
天下网吧·网吧天下
  • 本周热门
  • 本月热门
  • 阅读排行