[unisog] Consumer-grade networking in Residence Halls
dshield at hilotec.net
Fri Sep 2 10:22:03 GMT 2005
> What utilities and methods have others on this list used on their
I believe I've seen a plugin for snort that detect hosts that
potentialy do NAT.
They assume that when a hosts does NAT it assigns a restricted range
of outgoing ports for these NATted connections (on linux ports > 61000,
I believe) and detect that. They do also some voodoo on the TCP sequence
numbers that, for a reason I can't remember, have a different behaviour
when they're associated with a NATted connection.
HILOTEC Engineering + Consulting GmbH
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/
More information about the unisog