NAT Denial of Service: An Analysis of Translation Table Behavior on Multiple Platforms

Authors

Nathan Winemiller
Bruce Hartpence
Daryl Johnson
Sumita Mishra

Description

Network Address Translation or NAT, is a technology that is used to translate internal addresses to globally routable addresses on the internet. NAT continues to be used extensively in almost every network due to the current lack of IPv4 addresses. Despite being exceptionally commonplace, this networking technique is not without its weaknesses, and can be disabled with a fairly straightforward attack. By overpopulating the translation table, the primary mechanism used to translate the internal to external addresses, an attacker can effectively deny all internal users access to the external network. This paper takes an in-depth look at how five different vendors: Cisco, Extreme, Linksys, VMWare, and Vyatta, implement the translation table during active NAT sessions and how they are affected by TCP, UDP, and ICMP variations of the DOS attack.

Date of creation, presentation, or exhibit

2012

Comments

The 2012 International Conference on Security and Management Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in February 2014.

Document Type

Conference Paper

Department, Program, or Center

Department of Computing Security (GCCIS)

Recommended Citation

Winemiller, Nathan; Hartpence, Bruce; Johnson, Daryl; and Mishra, Sumita, "NAT Denial of Service: An Analysis of Translation Table Behavior on Multiple Platforms" (2012). Accessed from
https://repository.rit.edu/other/753

Campus

RIT – Main Campus