North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: SlashDot: "Comcast Gunning for NAT Users"
- From: Chris Adams
- Date: Fri Feb 01 01:59:55 2002
On Thursday, January 31, 2002, at 02:09 , Eric A. Hall wrote:
This is one of the better ones (assuming you only check platform & not
browser - it's not uncommon to have more than one of IE/Netscape/Opera
running). Even better might be sniffing windowsupdate requests as
proxies and some browsers can easily spoof user-agents but there's no
reason other than NAT or proxying to explain automatically downloading
both the NT and XP patch lists.
"Bill Woodcock" <firstname.lastname@example.org> wrote:
Besides the technical difficulties of detecting a household that is
running a NAT...
Can you think of a way of doing it reliably? Anything that provides
anything more than a guess?
HTTP proxies indicating that multiple browsers are in use, especially
if multiple platforms (Win95, WinXP, as simple test)
Really, really bad idea. Opening a page with images causes multiple HTTP
requests in most browsers, particularly if someone's used one of the web
accelerators - if you have a few windows open, this could easily cause
>30 simultaneous connections (particularly with slow servers). Many
programs poll for updates, chat software involves permanent connections
(my opening Trillian opens 4 connections), most cable modem users keep
their email clients running and it's pretty common to be streaming music
or playing online games.
More than ~4 simultaneous TCP connections open at once.
I think that blocking based on known MAC address ranges or traits (e.g.
HTTP banners) of NAT devices would be the only acceptable route. That'd
probably get the majority of the NAT users but would avoid those who are
capable of stealthing a system (this would become particularly
interesting with some of the kernel patches floating around which mimic
another TCP/IP stack) and these users are the most likely to be soaking
Even this would have problems - there'd probably be a class action if
they required users not to use firewalls and I doubt they'd want to deal
with the support headache in convincing users to give up their wireless
The real lesson is that filtering on equipment is a bad way to control
bandwidth usage. Of course, these are the same people who will complain
about something listening on port 80 which transfers 5KB/month but won't
say a thing if you spend 18 hours a day deathmatching and downloading