From Slashdot: Comcast goes after NAT users
Jeremy Fowler, CNA
jfowler at westrope.com
Fri Jan 25 16:24:24 CST 2002
I doubt they will try to see what types of PC's are behind a firewall. Port
scanning is very intrusive. And for the most part, all you would be scanning is
the NAT device or firewall. What they probably will do is setup some type of
packet sniffer device similar to the FBI's carnivore on their network. This
device will probably scan for packets that have the same IP address, but
different MAC addresses. Since you only use the one IP address Comcast gives you
with IP Masquerading, they would be able to spot you if you had multiple PCs
behind the firewall. I'm sure they will account for people who replace their
NICs, and first target the people with the highest count of different MAC
addresses. If you just have one PC using a broadband router as a firewall, they
probably won't bother you since your MAC address will always be the same. Then
again, I could be wrong. But whatever they do, I'm sure they will try to keep it
a secret to prevent people from figuring out ways to get around it.
One possible workaround is to write a module for iptables that not only
masquerades the IP address, but the MAC address as well. Or you could move...
;-) Time Warner Cable doesn't have any restrictions that I'm aware of... yet.
I wonder what would happen if someone were to bring this to court? Maybe
something like this will reverse that whole non-compete law and allow cable
companies to go at it again. Imagine cable companies offering digital cable
channels and faster broadband at competitive prices. ;-)
-Jeremy
> -----Original Message-----
> From: owner-kclug at marauder.illiana.net
> [mailto:owner-kclug at marauder.illiana.net]On Behalf Of Marvin Bellamy
> Sent: Friday, January 25, 2002 8:24 AM
> Cc: kclug at kclug.org
> Subject: Re: From Slashdot: Comcast goes after NAT users
>
>
> Can you give some details? I don't see how it is possible to see
> machines behind an IPF/IPNAT server.
>
> Aaron wrote:
>
> >Of course. Keep in mind that using IP fragmentation (with some fragment
> >overlaying techniques), any Packet filtering firewall can be bypassed to
> >reveal the machines behind it. Also, you can use products like NMAP and
> >Firewalk (under Linux, of course) to see if the offending machine is a
> >firewall-type device and what's behind it. Weather Comcast is that smart, I
> >don't know but from what I've heard from the people on this list and some
> >friends who use them, I doubt it.
> >
> >Aaron
> >
> >----- Original Message -----
> >From: "Duane Attaway" <dattaway at attaway.org>
> >To: "jim" <jim at weathercom.com>
> >Cc: <kclug at kclug.org>
> >Sent: Thursday, January 24, 2002 11:42 PM
> >Subject: Re: From Slashdot: Comcast goes after NAT users
> >
> >
> >>I have a question. How can they technically do this? Could this be scare
> >>tactics or can they really "see" other computers behind a firewall? Is
> >>there clues in the headers that give it away? Would they have to sniff
> >>port 80 and see the odd things like different browser versions at the same
> >>time (Linux Mozilla AND MSIE at the same time?) Maybe I haven't paid much
> >>attention to tcpdump, but I haven't seen any clues that any of those
> >>packets from my cablemodem are going to make a few additional hops.
> >>
> >>On Thu, 24 Jan 2002, jim wrote:
> >>
> >>>Any Comcast employees want to comment on this folderol. I only have one
> >>>computer, but it's connected to the 'net via a Linksys firewall/router
> >>>because Comcast won't do squat about security. They going to come after
> >>>
> >me
> >
> >>>next? I'm checking out DSL tomorrow.
> >>>
> >
> >
> >
> >
> >
>
>
>
>
More information about the Kclug
mailing list