RE: enumerating hosts behind a NAT box

["Zuromski, Brian" <brzurom () tycho ncsc mil>]

Thanks everyone....Alot of good info to start with!!

-----Original Message-----
From: Erik Kamerling [mailto:ekamerling () snaplen com]
Sent: Friday, June 10, 2005 12:03 PM
To: pen-test () securityfocus com
Cc: Todd Towles; Zuromski, Brian
Subject: Re: enumerating hosts behind a NAT box


Idle scanning was conceived by Salvatore Sanfilippo in 1998 - before this 
paper was published I believe.

This paper may provide you with some good info as well. 
http://www.caida.org/outreach/papers/2005/fingerprinting/

Best wishes and Good Luck! :-)

Erik Kamerling

On Friday 10 June 2005 11:49, Todd Towles wrote:
> "A Technique for Counting NATted Hosts" - AT&T Labs Research
> http://www.cs.columbia.edu/~smb/papers/fnat.pdf
>
> It uses the IPID, like in Idlescanning. I can't remember exactly, but I
> think it was this paper that sparked the whole idlescanning idea, but I
> could be confused.
>
> -Todd
>
> > -----Original Message-----
> > From: Zuromski, Brian [mailto:brzurom () tycho ncsc mil]
> > Sent: Friday, June 10, 2005 10:25 AM
> > To: 'pen-test () securityfocus com'
> > Subject: enumerating hosts behind a NAT box
> >
> > hello,
> >          I'm trying to design a network mapping program and
> > need to know if there is a way to pickup (identify, count, os
> > identification) any hosts behind a NAT box. Also identifying
> > a NAT box in the first place would be
> > useful.   Anyone have any luck doing so before or know of a way?
> >
> > Thanks
> > ~Brian