Measuring ISP topologies with rocketfuel
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Spectroscopy of DNS update traffic
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Distinguishing between single and multi-source attacks using signal processing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
Root cause analysis for long-lived TCP connections
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
Deterministic packet marking for time-varying congestion price estimation
IEEE/ACM Transactions on Networking (TON)
Avoiding traceroute anomalies with Paris traceroute
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
On the impact of dynamic addressing on malware propagation
Proceedings of the 4th ACM workshop on Recurring malcode
ACM Transactions on Information and System Security (TISSEC)
Detection, understanding, and prevention of traceroute measurement artifacts
Computer Networks: The International Journal of Computer and Telecommunications Networking
The heisenbot uncertainty problem: challenges in separating bots from chaff
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Correcting congestion-based error in network telescope's observations of worm dynamics
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Fixing ally's growing pains with velocity modeling
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Automating analysis of large-scale botnet probing events
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
One-click hosting services: a file-sharing hideout
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Netflow based system for NAT detection
Proceedings of the 5th international student workshop on Emerging networking experiments and technologies
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Peeking through the cloud: DNS-based estimation and its applications
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Quilt: a patchwork of multicast regions
Proceedings of the Fourth ACM International Conference on Distributed Event-Based Systems
Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing
ACM Transactions on Internet Technology (TOIT)
StrobeLight: lightweight availability mapping and anomaly detection
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
An analysis of rogue AV campaigns
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Idle port scanning and non-interference analysis of network protocol stacks using model checking
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Peering through the shroud: the effect of edge opacity on ip-based client identification
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
NAT usage in residential broadband networks
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Estimating the number of users behind ip addresses for combating abusive traffic
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Covert communications despite traffic data retention
Security'08 Proceedings of the 16th International conference on Security protocols
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Security enhancement by detecting network address translation based on instant messaging
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
Application presence fingerprinting for NAT-Aware router
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Exploiting the IPID field to infer network path and end-system characteristics
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Tetherway: a framework for tethering camouflage
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
A contextual privacy-aware access control model for network monitoring workflows: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Source attribution for network address translated forensic captures
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Spying in the dark: TCP and tor traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
A technique for remote detection of certain virtual machine monitors
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Estimating the number of hosts corresponding to an address while preserving anonymity
NSS'12 Proceedings of the 6th international conference on Network and System Security
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
Mosaic: quantifying privacy leakage in mobile networks
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Passive remote source NAT detection using behavior statistics derived from netflow
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
Estimating the number of hosts corresponding to an intrusion alert while preserving privacy
Journal of Computer and System Sciences
Hi-index | 0.00 |
There have been many attempts to measure how many hosts are on the Internet. Many of those end-points, however, are NAT boxes (Network Address Translators), and actually represent several different computers. We describe a technique for detecting NATs and counting the number of active hosts behind them. The technique is based on the observation that on many operating systems, the IP header's ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined. Our implementation, tested on aggregated local trace data, demonstrates the feasibility (and limitations) of the scheme.