[NTLUG:Discuss] [ms.g@noitacude.com: [sb1116] ALERT: Texas "super DMCA" movingthrough the legislature]

[Rusty Haddock]

Darin W. Smith wrote:
    >On Fri, 23 May 2003 08:30:05 -0400, Rob Apodaca <rob.apodaca at attbi.com> 
    >wrote:
    >
    >>PC, how would they know if you were doing it? I really don't know very 
    >>much
    >>about packets and what exactly is done to them when they go through 
    >>nat...can
    >>an ISP detect if there are multiple PC's behind a nat or even if packets 
    >>are
    >>being nat'd? Even if they could, I think you could mask that by simply 

My understanding is that each machine, in the IP headers, maintains
a packet sequence counter, of sorts, and this is gonna be different
between machines at any given time.   Even if they were the same the
numbers would being to mismatch fairly quickly.  This IP info is not
mangled by the NAT so... you could, effectively, watch the stream of
data flowing from a particular physical connection and check out the
IP sequence numbers.  If you start sucking down FTP packets from one
host and then have a telnet connection going to another, the sequence
numbers will be different unless they are from the same machine.  Even
if the sequence numbers are close together, numerically, the IP stacks
on those machine would need to be synchronized to avoid this type of
detection.

This is my understanding.  I really should check it out as I could
very well be totally wrongo.  :-0   Someone with more IP knowledge
should correct me.

	-Rusty-
-- 
   _____        Rusty Haddock  =  KD4WLZ  =  rusty at fe2o3.lonestar.org
|\/   o \   o  **Out yonder in the Van Alstyne (TX) Metropolitan Area**
|   (  -<  O o   The day Microsoft makes something that doesn't suck
|/\__V__/           is the day they start making vacuum cleaners.