[unisog] Consumer-grade networking in Residence Halls

Jean-Pierre Schwickerath dshield at hilotec.net
Fri Sep 2 10:22:03 GMT 2005



> What utilities and methods have others on this list used on their
> campuses?

I believe I've seen a plugin for snort that detect hosts that
potentialy do NAT. 

They assume that when a hosts does NAT it assigns a restricted range
of outgoing ports for these NATted connections (on linux ports > 61000,
I believe) and detect that. They do also some voodoo on the TCP sequence
numbers that, for a reason I can't remember, have a different behaviour
when they're associated with a NATted connection. 

Regards,

Jean-Pierre

-- 
HILOTEC Engineering + Consulting GmbH
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/


More information about the unisog mailing list