Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
De-anonymizing the internet using unreliable IDs
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
On dominant characteristics of residential broadband internet traffic
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A first look at mobile hand-held device traffic
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Peering through the shroud: the effect of edge opacity on ip-based client identification
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
An assessment of overt malicious activity manifest in residential networks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Towards understanding modern web traffic
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Identity management based on adaptive puzzles to protect P2P systems from Sybil attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Putting home users in charge of their network
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Investigating the IPv6 teredo tunnelling capability and performance of internet clients
ACM SIGCOMM Computer Communication Review
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
The anatomy of LDNS clusters: findings and implications for web content delivery
Proceedings of the 22nd international conference on World Wide Web
Estimating the number of hosts corresponding to an intrusion alert while preserving privacy
Journal of Computer and System Sciences
Hi-index | 0.00 |
Many Internet customers use network address translation (NAT) when connecting to the Internet. To understand the extend of NAT usage and its implications, we explore NAT usage in residential broadband networks based on observations from more than 20,000 DSL lines. We present a unique approach for detecting the presence of NAT and for estimating the number of hosts connected behind a NAT gateway using IP TTLs and HTTP user-agent strings. Furthermore, we study when each of the multiple hosts behind a single NAT gateway is active. This enables us to detect simultaneous use. In addition, we evaluate the accuracy of NAT analysis techniques when fewer information is available. We find that more than 90% of DSL lines use NAT gateways to connect to the Internet and that 10% of DSL lines have multiple hosts that are active at the same time. Overall, up to 52% of lines have multiple hosts. Our findings point out that using IPs as host identifiers may introduce substantial errors and therefore should be used with caution.