[c-nsp] NAT Detection with netflow or anything.

[Joseph Jackson]

Hey all,

I've been thinking about NAT detection for security purposes (rogue wireless
AP's, etc). After some searching on the google
I haven't been able to come up with much.  Other than a page with a few dead
links to papers/tools you can use I've come up empty.
Anyone have any solutions to this?

Joseph
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NAT Detection with netflow or anything.

[Eric Gauthier]

Joseph,

 I've been thinking about NAT detection for security purposes (rogue wireless
 AP's, etc). After some searching on the google
 I haven't been able to come up with much.  Other than a page with a few dead
 links to papers/tools you can use I've come up empty.
 Anyone have any solutions to this?

If you have a solid understanding of your network topology, you can look 
at the IP TTL field: http://www.sflow.org/detectNAT/.  I've normally heard of
this being done in combination with a MAC-based network registration system
within the capative portal, but you could probably also do this via netflow.

Eric Gauthier
Boston University
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/