A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Review: A survey of network flow applications
Journal of Network and Computer Applications
Passive remote source NAT detection using behavior statistics derived from netflow
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
Hi-index | 0.00 |
Revealing the misuse of network resources is one of the important fields in the network security, especially for the network administrators. One of them is the use of unauthorized NAT (Network Address Translation) devices (e.g. small office routers or wireless access points) inside the network which introduces serious security issues. There are several techniques proposed on how to detect NAT devices in the computer networks, but all these methods suffer from high false positive rate. Also there is no study how to perform NAT detection using NetFlow data, often used for monitoring and forensics analysis in large networks. The contribution of our work consists of the following: i) we have transformed existing NAT detection techniques to work with NetFlow data, ii) we propose three new NAT detection approaches, iii) we have designed a prototype of NAT detection system, which aggregates the results from various NAT detection techniques in order to minimize false positive and false negative rates.