At 05:05 p.m. 13/06/2008, you wrote:
Is there currently any known method for detecting information about a
machine behind a PF firewall?
Specifically, if I have a machine with two IP addresses, is it
possible for a remote attacker to detect that these two IP addresses
are bound on the same machine (this machine would be behind a PF
firewall with the scrubbing option). The two IP addresses would be
known to the attacker.
That depends on the TCP/IP implementation of the hosts behind de NAT.
For example, if the IP ID generator is linear, it can be exploited to
infer that two IP addresses actually correspond to the same host.
Other TCP/IP parameters might be of similar help. However, if those
parameters are randomized in each of the systems behind the NAT, your
task would be harder.
See, e.g.,
Bellovin, S. M. 2002. A Technique for Counting NATted Hosts. IMW'02,
Nov. 6-8, 2002, Marseille, France.
Kind regards,
--
Fernando Gont
e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
