[c-nsp] NAT Detection with netflow or anything.
Eric Gauthier
eric at roxanne.org
Tue Feb 5 07:08:23 EST 2008
Joseph,
> I've been thinking about NAT detection for security purposes (rogue wireless
> AP's, etc). After some searching on the google
> I haven't been able to come up with much. Other than a page with a few dead
> links to papers/tools you can use I've come up empty.
> Anyone have any solutions to this?
If you have a solid understanding of your network topology, you can look
at the IP TTL field: http://www.sflow.org/detectNAT/. I've normally heard of
this being done in combination with a MAC-based network registration system
within the capative portal, but you could probably also do this via netflow.
Eric Gauthier
Boston University
More information about the cisco-nsp
mailing list