Opened 7 years ago

Closed 16 months ago

#7228 closed enhancement (wontfix)

Detect if the client is behind NAT

Reported by: hellais Owned by: hellais
Priority: Low Milestone:
Component: Archived/Ooni Version:
Severity: Normal Keywords: oonib, wishlist, archived-closed-2018-07-04
Cc: vecna@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In #6074 we thought that it would be nice to be able to detect if the client running an OONI-probe test is behind NAT.

Doing some very summary research a possible approach is detailed in RFC3947 (http://www.ietf.org/rfc/rfc3947.txt) section 3.2.
The idea is that the client and server send the packets they send and receive. If there is a mismatch between these then somewhere along the path either the DST/SRC ip:port pair has changed and then NAT is present.

This should be implemented in both the OONI client and the OONI backend.

A technique that does not require having a backend would be ideal.

Phrack #63 contains a technique for detecting NAT based on TCP timestamp fingerprints: http://www.phrack.org/issues.html?id=3&issue=63

A tool that probably is not that relevant is masquet http://toxygen.net/misc/. It detects devices that may be natted on the local network based on the TTLs of packets and port numbers.

Child Tickets

Attachments (1)

isBenhindNat.patch (942 bytes) - added by reezer 5 years ago.
function to check ip addresses against rfc1918

Download all attachments as: .zip

Change History (9)

comment:1 Changed 7 years ago by ioerror

The easy way is to see if we have an RFC1918 address. If we do, we can be pretty sure that we're behind a NAT.

The more involved way is to actually emulate all of the Netalyzer tests.

As a first iteration, I propose we just look to see if we have an interface bound to an RFC1918 address or if our gateway is an RFC1918 address.

As a second iteration, I propose we tcptraceroute with a three hop ttl to see if we see any RFC1918 addresses.

As a third iteration, I propose Netalyzer tests that talk to a third server. This iteration should be broken down into a series of tests that we implement incrementally.

comment:2 Changed 7 years ago by hellais

Keywords: SponsorH201210 added

comment:3 Changed 7 years ago by hellais

Keywords: SponsorH201212 added; SponsorH201210 removed

comment:6 Changed 6 years ago by hellais

Keywords: wishlist added; SponsorH201212 removed

Changed 5 years ago by reezer

Attachment: isBenhindNat.patch added

function to check ip addresses against rfc1918

comment:7 Changed 23 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:8 Changed 16 months ago by teor

Keywords: archived-closed-2018-07-04 added
Resolution: wontfix
Status: newclosed

Close all tickets in archived components

Note: See TracTickets for help on using tickets.