Press "Enter" to skip to content

Methods for device enumeration behind NAT and its prevention [closed]

        What methods do exist for enumeration devices behind a NAT from the upstream connection?

I found sflow which uses TTL values. Are there other ways? I think this is partially related to OS fingerprinting. But from OS fingerprinting alone you would probably not know about multiple machines using the same OS.

What could you do to prevent enumeration?
I think a proxy intercepting all connections would work. A problem might be UDP and maybe TCP cleartext traffic. Could something like snort or suricata kind of equalize traffic so it looks like it comes all just from a single machine?

Be First to Comment

Leave a Reply