From Slashdot: Comcast goes after NAT users

ndr phidias at netgate.net
Fri Jan 25 17:12:32 CST 2002 

Call me ignorant, but I do not see how they would see the MAC addresses of
the machines behind the NAT. Wouldn't they only see the MAC of the outside
interface? NAT is supposed to hide all of that information. If the packets
were sent with the MAC of the internal NICs it would cause confusion on
the public facing interface and slow things down. 

Carnivore is, I believe, an application level sniffer. Monitor SMTP, HTTP,
etc. streams. It wouldn't be hard to have one that looks at the MAC, but
to me it would seem utterly useless.

I would imagine that Comcasts intentions are too scare people into
honesty and get the extra bits of cash squeezed out of them. The only way
they could catch a NAT is by doing exhaustive traffic analysis at the
application level or coming to your house and searching your setup. Both
are too expensive and cumbersome for them to bother.

On Fri, 25 Jan 2002, Jeremy Fowler, CNA wrote:

> I doubt they will try to see what types of PC's are behind a firewall. Port
> scanning is very intrusive. And for the most part, all you would be scanning is
> the NAT device or firewall. What they probably will do is setup some type of
> packet sniffer device similar to the FBI's carnivore on their network. This
> device will probably scan for packets that have the same IP address, but
> different MAC addresses. Since you only use the one IP address Comcast gives you
> with IP Masquerading, they would be able to spot you if you had multiple PCs
> behind the firewall. I'm sure they will account for people who replace their
> NICs, and first target the people with the highest count of different MAC
> addresses. If you just have one PC using a broadband router as a firewall, they
> probably won't bother you since your MAC address will always be the same. Then
> again, I could be wrong. But whatever they do, I'm sure they will try to keep it
> a secret to prevent people from figuring out ways to get around it.
> 
> One possible workaround is to write a module for iptables that not only
> masquerades the IP address, but the MAC address as well. Or you could move...
> ;-) Time Warner Cable doesn't have any restrictions that I'm aware of... yet.
> 
> I wonder what would happen if someone were to bring this to court? Maybe
> something like this will reverse that whole non-compete law and allow cable
> companies to go at it again. Imagine cable companies offering digital cable
> channels and faster broadband at competitive prices. ;-)
> 
> -Jeremy
>

More information about the Kclug mailing list