Something about pots 161



  • I have a ADSL modem ,and I have a pfsense box , I configure it as as router and firewall with pppoe dialup. And my lan has 20 PCs, and my ISP told me that I CAN NOT USE THIS WAY TO SHARE MY ADSL LINE, it only may less than fine PCs, my question is that how my ISP know that I HAVE 20 PCs, then  I READ SOME INFORMATION about this ,and know that ISP CAN USE SOME TOOLS SCAN MY SNMP port,but my pfsense box did not enable the SNMP,how can my isp scan.
    HOW CAN I DO SO THAT MY ISP CAN NOT SCAN MY SNMP SERVICE? >:(


  • LAYER 8 Moderator

    There are a few other ways to discover (or guess) the number of PCs behind a box. At first you did not mention if and you you setup NAT on pfSense. If you have not configured snmp (and I think you did not from the outside) there are other ways to manage that. E.g. IP-ID scanning the traffic coming from your router. For thats sake it is the provider and if sth is easily able to "log" your traffic, its him. I would guess he uses some kind of ip-id scanning (some ISP in germany had done so) and if you are using many boxes with weak random ip-id implentations (like windows or some linuxes, too), you can paint a diagram and match it against the ip packets and their ids to draw some kind of picture which shows, how much boxes are active behind the NAT.

    For an example, look here: -> http://www.cs.columbia.edu/~smb/papers/fnat.pdf

    I don't know if freebsd's implementation of pf matches the one of openbsd completely, but there you could use the keyword "random-id" as a key in the NAT clause to scramble all IDs leaving your network to behave really random and to blur your internal structure.


Log in to reply