OK i have go 2 computers behind the router I'm using MASQUARADE my inner computers have got address like 192.168........ Since I'm using NAT is there a possibility for someone from outer network to find out that I'm using more than one computer. ??
Hm, theoretically yes. I can't remember the details and it was pretty technical, but there was some way where you could at least make good guesstimates. It's not something I would worry about, unless you're doing something you shouldn't :)
It would be nice to find the article again, though, it was an interesting read.
It would be nice to find the article again, though, it was an interesting read.
f0dder is right, it's possible.
Some fields in IP packets could be used to determine if you are using a single machine or a whole network of IP masqueraded machines.
When IP packet is created TTL (time to live) field set to 128 (or 255) and ID field set to some sequential number.
Now two different things happen when using single machine vs number of machines behind nat/masquerading. If it's a single computer then packets arrive at destination with unchanged TTL 128 (or 255) and ID of some single sequence (1st packet - 30000, 2nd packet -30001, etc.)
For machines behind NAT or IP masquerading the story is a bit different. TTL field gets decremented once it passes a forwarding device and each machine sets it's own sequence for ID field. So at destination packets arrive with TTL less then 128 (or 255) and IDs with different sequences (1st packet - 30000, 2nd packet -30001, 3rd - 10010, 4th - 10011, etc). The ID fields then could be used to determine number of machines on the network.
Btw, this is how ISPs determine if you are connecting a single pc or a number of pcs to their server. My ISP for example, till recently used to have different billing prices depending on the amount of pcs you'll be connecting. :mad:
Some fields in IP packets could be used to determine if you are using a single machine or a whole network of IP masqueraded machines.
When IP packet is created TTL (time to live) field set to 128 (or 255) and ID field set to some sequential number.
Now two different things happen when using single machine vs number of machines behind nat/masquerading. If it's a single computer then packets arrive at destination with unchanged TTL 128 (or 255) and ID of some single sequence (1st packet - 30000, 2nd packet -30001, etc.)
For machines behind NAT or IP masquerading the story is a bit different. TTL field gets decremented once it passes a forwarding device and each machine sets it's own sequence for ID field. So at destination packets arrive with TTL less then 128 (or 255) and IDs with different sequences (1st packet - 30000, 2nd packet -30001, 3rd - 10010, 4th - 10011, etc). The ID fields then could be used to determine number of machines on the network.
Btw, this is how ISPs determine if you are connecting a single pc or a number of pcs to their server. My ISP for example, till recently used to have different billing prices depending on the amount of pcs you'll be connecting. :mad:
This could be handled, though, if your NAT software does some a bit-more-than-trivial packet rewriting, I guess?
Yeah, I guess it could be fooled by restoring the TTL and synchronizing IDa sequences among the machines.
Hm, theoretically yes. I can't remember the details and it was pretty technical, but there was some way where you could at least make good guesstimates. It's not something I would worry about, unless you're doing something you shouldn't :)
It would be nice to find the article again, though, it was an interesting read.
Yep I'm doing something i shouldn't but this guy who is giving me access to internet does not pay taxes for it, so I'm feeling justified :P
Thx guys for the answears, it looks like i will have to dust some old machine for a Linux router.
Unless it is simple HTTP it is nOT going to work... the router that is masquerading (be it Linux or whatever) will need to know the destination of incoming UDP and ICMP and other low level packets... it can only be done by packet tagging and this will be noticed by the ISP ...
Basically ISP will always know ;) if it wants to...
Basically ISP will always know ;) if it wants to...