Have you been reading NANOG or Slashdot? There was an article about Comcast, specifically, who is trying to combat NAT.
What was determined is that: 1) There is no definite way to detect NAT 2) There are many implementations of NAT (even many RFC's stating how NAT works) 3) Bandwidth usage or number of open connections can not be correlated to using NAT What I do not understand is your AUP. I also do not understand how NAT has very serious security breach implications. You seem to have a misunderstanding of NAT operation. What is the real problem you are trying to solve? For understanding NAT, you might want to read up, especially: RFC 1631, 2391, 2428, 2663, 2694, 2709, 2766, 2962, 2993, 3022, 3027, and 3235 Internet-Drafts http://www.ietf.org/ids.by.wg/nat.html Bandwidth usage can be combated in several other different ways. 1) Add more bandwidth (well, this costs money and you are a University... so...) 2) Implement QoS methods (rate-limiting, queueing, RED, etc -- there are many ways) 3) Get a cache server (either transparent, wpad, or configured) and optionally join a cache hierarchy Your overall network design and bottlenecks should be looked at very closely. Gathering the right data to know what's going on in your network is probably the number one priority over everything else. Some of the tools are easy to setup (Ntop, MRTG, etc). The best way to look at your network is really up to you and may take years of work to get exactly what you want. Some suggestions that people from Cisco would give would be like using NBAR or NetFlow and maybe RMON to get at the network application data passing through your network. There are millions of ways to do this. Also, you might want to take a look at your AUP and policies again. It sounds like you might be moving in a direction that doesn't fit the needs of your University or your users. Read through RFC 1173 and RFC 1746 for help in building up your AUP. I believe that setting up a cache server (especially Squid) may help you with a lot of your problems, especially if you use it as a staging ground to combat the problems you think you are having. Fight fire with fire. If somebody is going proxy-crazy on your network and creating all sort of covert channels all over the place (playing with TCP/IP in interesting ways), then put up your own proxies and covert channels. Maybe you will learn a lot about their methods and motivations, as well. -dre ""Kwame"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone know of a tool for detecting NAT activity on the network. I work in a > large university and we've instituted a policy against nat especially in the > dorms due to some very serious security breaches. Is there anything out > there that can remotely detect a nat operation? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36260&t=36248 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]