Application Presence Fingerprinting for NAT-Aware Router

  • Jun Bi
  • Lei Zhao
  • Miao Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4252)


NAT-aware routers are required by ISPs to administrate network address translation and enhance the management and security of access network. In this paper, we propose the new fingerprinting for NAT-aware router based on application-level presence information, which is usually not easily modified by network address translation gateways or the fingerprinted hosts behind gateways.


Port Number Edge Router Network Address Translation Notification Server Source Port Number 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Smart, M., Malan, G.R., Jahanian, F.: Defeating TCP/IP Stack Fingerprinting. In: Proc. of 9th USENIX Security Symposium, pp. 229–240 (2000)Google Scholar
  2. 2.
    Bellovin, S.M.: A Technique for Counting NATted Hosts. In: Proc. of 2nd Internet Measurement Workshop, pp. 267–272 (2002)Google Scholar
  3. 3.
    Zalewski, M.: Passive OS Fingerprinting Tool (2003),
  4. 4.
    Taleck, G.: Ambiguity Resolution via Passive OS Fingerprinting. In: Proc. of 6th International Symposium Recent Advances in Intrusion Detection (2003)Google Scholar
  5. 5.
    Beverly, R.: A Robust Classifier for Passive TCP/IP Fingerprinting. In: Proc. of 5th Passive & Active Measurement Workshop (April 2004)Google Scholar
  6. 6.
    Roualland, G., Saffroy, J.M.: Linux IP Personality,
  7. 7.
    Kohno, T., Broido, A., Claffy, K.C.: Remote Physical Device Fingerprinting. IEEE Transactions on Dependable and Secure Computing 2(2) (2005)Google Scholar
  8. 8.
    Day, M., Rosenberg, J., Sugano, H.: A Model for Presence and Instant Messaging, RFC2778 (February 2000)Google Scholar
  9. 9.
    Movva, R.: MSN Messenger Service 1.0 Protocol, draft-movva-msn-messenger-protocol-00, (August 1999)Google Scholar
  10. 10.
    Saint-Andre, P.: Extensible Messaging and Presence Protocol (XMPP): Core, RFC 3920 (October 2004)Google Scholar
  11. 11.
    Bi, J., Zhang, M., Zhao, L., Wu, J.: New Approaches to NAT Detection for Edge Network Management. In: Proc. of IEEE 6th International Symposium and School on Advance Distributed Systems (January 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jun Bi
    • 1
  • Lei Zhao
    • 1
  • Miao Zhang
    • 1
  1. 1.Network Research CenterTsinghua UniversityBeijingP.R. China

Personalised recommendations