NAT usage in residential broadband networks

Authors:
Gregor Maier;Fabian Schneider;Anja Feldmann
Affiliations:
International Computer Science Institute, Berkeley, CA and TU Berlin/Deutsche Telekom Laboratories, Berlin, Germany;UPMC Sorbonne Universités and CNRS, LIP6, Paris, France and TU Berlin/Deutsche Telekom Laboratories, Berlin, Germany;TU Berlin/Deutsche Telekom Laboratories, Berlin, Germany
Venue:
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Year:
2011

Citing 7
Cited 8

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
A technique for counting natted hosts

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How dynamic are IP addresses?

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
De-anonymizing the internet using unreliable IDs

Proceedings of the ACM SIGCOMM 2009 conference on Data communication
On dominant characteristics of residential broadband internet traffic

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A first look at mobile hand-held device traffic

PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Peering through the shroud: the effect of edge opacity on ip-based client identification

NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation

An assessment of overt malicious activity manifest in residential networks

DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Towards understanding modern web traffic

Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Identity management based on adaptive puzzles to protect P2P systems from Sybil attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking
Putting home users in charge of their network

Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Investigating the IPv6 teredo tunnelling capability and performance of internet clients

ACM SIGCOMM Computer Communication Review
Fragmentation Considered Vulnerable

ACM Transactions on Information and System Security (TISSEC)
The anatomy of LDNS clusters: findings and implications for web content delivery

Proceedings of the 22nd international conference on World Wide Web
Estimating the number of hosts corresponding to an intrusion alert while preserving privacy

Journal of Computer and System Sciences

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many Internet customers use network address translation (NAT) when connecting to the Internet. To understand the extend of NAT usage and its implications, we explore NAT usage in residential broadband networks based on observations from more than 20,000 DSL lines. We present a unique approach for detecting the presence of NAT and for estimating the number of hosts connected behind a NAT gateway using IP TTLs and HTTP user-agent strings. Furthermore, we study when each of the multiple hosts behind a single NAT gateway is active. This enables us to detect simultaneous use. In addition, we evaluate the accuracy of NAT analysis techniques when fewer information is available. We find that more than 90% of DSL lines use NAT gateways to connect to the Internet and that 10% of DSL lines have multiple hosts that are active at the same time. Overall, up to 52% of lines have multiple hosts. Our findings point out that using IPs as host identifiers may introduce substantial errors and therefore should be used with caution.