Discussion on Detection Technology for NAT Access Routing Equipment

With the popularity of portable wireless routers, because of its lack of space, low price, flexible configuration, etc., these devices have become the choice of internal users to expand the network or private network. The wireless router private access is a private extension and extension of the original network boundary, which will bring unpredictable security risks to the original network. How to quickly detect this technology? At present, the detection technologies for such devices mainly include the following two. Kind:
Data based monitoring
The video traffic analysis device adopts this technology and is deployed at the exit of the front-end device to access the aggregation switch. It can monitor and discover the private device and its abnormal behavior. The abnormal behavior includes port scanning, abnormal service access, and access to the database. And abnormal behavior such as unauthorized access to business system management services.
The video traffic analysis device adopts bypass deployment, which can monitor and analyze network traffic, perform in-depth analysis and detection on data packets in the network, and is suitable for deployment on the network exit. The principle is to analyze data and video traffic and distinguish according to feature words. Normal and abnormal behavior access relies on the analysis of packet headers and certain special fields of the transport protocol to determine and distinguish between portable WIFI access, smartphone access, and NAT device access, such as:
(1) The NAT access device that detects the standard by using the TTL field change of the IP packet.
(2) Confirm the number of devices that the user has privately connected by using the hopping of the ID of the IP packet.
(3) Use the User-Agent field in the HTTP protocol to detect smart devices that are connected to the Internet.
(4) Identify portable WIFI based on the back door of portable WIFI and free WIFI.
The advantages are:
(1) Within the coverage of the monitoring data, it is possible to relatively accurately find some smart phones and portable WIFI access.
(2) The NAT access device can be identified relatively accurately, and the number of access through the NAT is counted.
The shortcomings are manifested in:
(1) The coverage of the monitoring data determines its detection range, there is a false negative, and it is suitable for an access network with a convergence exit.
(2) Due to the limitation of detection technology, there may be false positives and false negatives.
(3) It is mainly based on detection and does not have a blocking control function.
Network based scanning
The NMAP detection operating system fingerprint technology is represented by the analysis of TCP/IP protocol features for scanning and identification. The collected system fingerprint characteristics are also different, so as to determine whether the target machine is a NAT access device, a smart phone device, and a portable device. WIFI access devices and free WIFI access devices. The main difference is:
(1) AP or HUB mode
This method basically opens the application interface to the outside world, mainly based on the HTTP application port, which is convenient for its own device management, and the technical detection is not difficult.
(2) NAT routing method
For NAT device private detection, the system can quickly alarm and locate privately accessed NAT devices through remote scanning, including the IP address, MAC address, and access switching port of the NAT private device.
Scenario 1: No ports are open, which is the performance of most NAT access devices. The technical difficulties in detection are:
1 Due to the fact that no ports are open to the outside world, the technical features that can be acquired are limited.
2 need to distinguish between NAT mode and firewall mode, can also be through firewall or access control technology
The shielding of the full port is realized, and the two are not identical in the detection technical characteristics, and need to be distinguished, otherwise the detection result may generate deviation and false alarm.
Scenario 2: Ports are used to open application ports, such as HTTP, P2P, and Telnet. Each port or ports corresponds to one type of device. Multiple ports may correspond to multiple types of devices. The technical difficulties in detection are:
1 The technical feature detected by the mapping port is not the feature of the routing device itself, but the feature of the device corresponding to the port mapping.
2 It is required that the mapping port can distinguish different access devices, otherwise the detection will be underreported.
Based on network scanning detection technology, its advantages are:
1 It can accurately find some smart phones and portable WIFI access. The coverage is related to the scanning range. It is suitable for large and medium-sized networks and can be used as inspection and management tools.
2 It can accurately identify the routing device accessed by NAT.
3 Can accurately identify wireless AP access and provide the SSID number of the wireless AP.
4 Combined with switch port location technology, network positioning and blocking control can be performed on violating access devices.
The disadvantage is the possibility of false negatives and false positives due to the use of remote network scanning mechanisms.
At present, there are not many detection methods for illegal NAT private devices, and none of them can guarantee 100% accuracy, that is, there is a certain false positive rate. Therefore, it is more difficult to manage NAT private devices. The reason is that the routing device (especially the wireless router) can easily break through the limitation of the switch port binding admission control through "MAC clone + NAT access mode". To prevent the illegal access device from harming the video surveillance network, you are advised to use the network scanning-based detection method to detect unauthorized access devices to maintain normal network order. (Author: Li Hongmei Huang Xiaoping)

PTFE Tape

Ptfe Tape,Ptfe High Temperature Tape,Pet Cloth Wire Harness Tapes,Anti Static Ptfe Fabric

Kunshan An De Qing Electric Technology Co., Ltd. , https://www.andeqing.com