IP agnostic real-time traffic filtering and host identification using TCP timestamps

  title={IP agnostic real-time traffic filtering and host identification using TCP timestamps},
  author={Georg Wicherski and Florian Weingarten and Ulrike Meyer},
  journal={38th Annual IEEE Conference on Local Computer Networks},
In this work, we describe and evaluate the design and implementation of natfilterd, a flexible and lightweight extension of the Linux netfilter packet filter framework, which enables us to identify hosts completely independent of IP addresses by taking advantage of certain characteristics of TCP timestamps. As an immediate consequence, not only can we count hosts behind a NAT gateway but block TCP traffic from single hosts without blocking the gateway itself. Our work extends ideas from… CONTINUE READING


Publications referenced by this paper.
Showing 1-10 of 21 references

TCP Timestamp To count Hosts behind NAT

  • E. Bursztein
  • Phrack Magazine, issue #63, article 0x03-2, http…
  • 2005
Highly Influential
7 Excerpts

Detecting NAT Devices using sFlow

  • P. Phaal
  • http://www. sflow.org/detectNAT/, accessed 17…
  • 2011
1 Excerpt

p0f - Dr. Jekyll had something to Hyde - passive OS fingerprinting tool

  • M. Zalewski
  • http://lcamtuf.coredump. cx/p0f/README, accessed…
  • 2011
1 Excerpt

Detecting Private Address Space based on Application Layer Information

  • L. Zhao, M. Zhang, J. Bi, J. Wu
  • First IEEE Workshop on Adaptive Policy-based…
  • 2006
1 Excerpt

Similar Papers

Loading similar papers…