From owner-freebsd-questions@FreeBSD.ORG  Fri Apr  9 00:39:55 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 41A2616A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Apr 2004 00:39:55 -0700 (PDT)
Received: from skutsje.san.webweaving.org (skutsje.san.webweaving.org
	[209.132.96.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1A9D343D5F
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Apr 2004 00:39:53 -0700 (PDT)
	(envelope-from dirkx@webweaving.org)
Received: from [10.11.0.203] (fia193-115-100.dsl.hccnet.nl [80.100.115.193])
	(authenticated bits=0)i397X3EJ087760
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO);
	Fri, 9 Apr 2004 00:33:09 -0700 (PDT)
	(envelope-from dirkx@webweaving.org)
In-Reply-To: <407643B7.3080308@users.sourceforge.net>
References: <407643B7.3080308@users.sourceforge.net>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <12729D4C-89F9-11D8-BD91-000A95CDA38A@webweaving.org>
Content-Transfer-Encoding: 7bit
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
Date: Fri, 9 Apr 2004 09:39:45 +0200
To: Rob <nospam@users.sourceforge.net>
X-Mailer: Apple Mail (2.613)
cc: freebsd-questions@freebsd.org
Subject: 
	Re: FreeBSD router: Can my internet provider detect my home network?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Apr 2004 07:39:55 -0000


On Apr 9, 2004, at 8:33 AM, Rob wrote:

> I plan to have a FreeBSD (4.9 stable) system serving as a router
> between my provider and a set of my home computers connected
> via a home network.
>
> My provider does not really like this, but I don't care so much,
> as long as s/he cannot detect (too easily) my home network.
>
Most ISP's do not care a toss, expcept perhaps for port 25
and port 80.

However there is a fair chunk of software (we did some, and found
there was competition :-) which uses TCP sequence numbers to
detect NAT. Various forms of through-nat fingerprinting can also be
used to make a stab as to wether there is 1 or >1 machines behind
a router. (Note that for legal reasons only the case N=1 versus N>1
is of interested; generally not the exact number) Even if the TCP
and signatures are cloaked there is some easy to run software which
will look at application level signatures (HTTP Agent strings) or things
as simple as two IM log in's in parallel. The objective is generally
to run such software over the 2-5% of your top bandwidth hoggers
to bring it down to a small number - and look at those in depth. What
you are really after is blatent abuse.

Dw