Security Enhancement by Detecting Network Address Translation Based on Instant Messaging

  • Jun Bi
  • Miao Zhang
  • Lei Zhao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4097)


Detecting network address translation is helpful for network administrators to enhance the network security. Current network address translation detection approaches can not work effectively in all scenarios. In this paper, a new detection scheme ImNatDet utilizing instant messaging information is presented, a case study based on characters of MSN Messenger is analyzed, and related security issues are discussed. This paper also indicates that characters of instant messaging applications can be used to detect users’ privacy information.


Instant Messaging Port Number User Datagram Protocol Network Address Translation Network Address 


  1. 1.
    Srisuresh, P., Egevang, K.: Traditional IP Network Address Translator (Traditional NAT), RFC3022 (January 2001)Google Scholar
  2. 2.
    Rosenberg, J., Weinberger, J., Huitema, C.: STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) (March 2003)Google Scholar
  3. 3.
    Armitage, G.: Inferring the Extent of Network Address Port Translation at Public/Private Internet Boundaries, Technical Report 020712A, CAIA (2002)Google Scholar
  4. 4.
    Hain, T.: Architectural Implications of NAT, RFC2993 (November 2000)Google Scholar
  5. 5.
    Holdrege, M., Srisuresh, P.: Protocol Complications with the IP Network Address Translator, RFC3027 (January 2001)Google Scholar
  6. 6.
    Senie, D.: Network Address Translator (NAT)-friendly Application Design Guidelines, RFC3235 (January 2002)Google Scholar
  7. 7.
    Phaal, P.: Detecting NAT devices Using sFlow (2003),
  8. 8.
    Bellovin, S.: A Technique for Counting NATted Hosts. The 2nd Internet Measurement Workshop (November 2002)Google Scholar
  9. 9.
    Zalewski, M.: Passive OS Fingerprinting Tool (2003),
  10. 10.
    Kaniewski, W.: Detect NAT Users in Your LAN (2000),
  11. 11.
    Ulikowski, M.: NAT Detection Tool (2003),
  12. 12.
    Kohno, T., Broido, A., Claffy, K.: Remote Physical Device Fingerprinting. In: IEEE Sympo-sium on Security and Privacy (2005)Google Scholar
  13. 13.
    Isaacs, E., Walendowski, A., Whittaker, S., Schiano, D., Kamm, C.: The Character, Func-tions, and Styles of Instant Messaging in the Workplace. In: CSCW 2002, New Orleans, Louisiana, USA (November 2002)Google Scholar
  14. 14.
    Day, M., Rosenberg, J., Sugano, H.: A Model for Presence and Instant Messaging, RFC2778 (February 2000)Google Scholar
  15. 15.
    Movva, R.: MSN Messenger Service 1.0 Protocol, draft-movva-msn-messenger-protocol-00.txt (August 1999)Google Scholar
  16. 16.
    MSN Messenger Protocol,
  17. 17.
    MSNPiki, Unofficial MSN Protocol Documentation,
  18. 18.
    Leech, M.: SOCKS Protocol V5, RFC 1928 (March 1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jun Bi
    • 1
  • Miao Zhang
    • 1
  • Lei Zhao
    • 1
  1. 1.Network Research CenterTsinghua UniversityBeijingP.R.China

Personalised recommendations