On Apr 9, 2004, at 8:33 AM, Rob wrote:
I plan to have a FreeBSD (4.9 stable) system serving as a router between my provider and a set of my home computers connected via a home network.
My provider does not really like this, but I don't care so much, as long as s/he cannot detect (too easily) my home network.
Most ISP's do not care a toss, expcept perhaps for port 25 and port 80.
However there is a fair chunk of software (we did some, and found there was competition :-) which uses TCP sequence numbers to detect NAT. Various forms of through-nat fingerprinting can also be used to make a stab as to wether there is 1 or >1 machines behind a router. (Note that for legal reasons only the case N=1 versus N>1 is of interested; generally not the exact number) Even if the TCP and signatures are cloaked there is some easy to run software which will look at application level signatures (HTTP Agent strings) or things as simple as two IM log in's in parallel. The objective is generally to run such software over the 2-5% of your top bandwidth hoggers to bring it down to a small number - and look at those in depth. What you are really after is blatent abuse.
Dw
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"