Johannes Faustus submits, Steven M. Bellovin (co-author of the classic and recently re-published Firewalls and Internet Security: Repelling the Wily Hacker) has an interesting paper on detecting NATs (Network Address Translation setups) and counting the hosts behind the NAT box.. . .
Johannes Faustus submits, Steven M. Bellovin (co-author of the classic and recently re-published Firewalls and Internet Security: Repelling the Wily Hacker) has an interesting paper on detecting NATs (Network Address Translation setups) and counting the hosts behind the NAT box.

The techniques outlined are not completely deterministic, so host counts will not necessarily be accurate. But the paper does outline the strengths and weaknesses of the general approach in enough detail for the security expert to make informed use of the information he presents.

The link for this article located at Johannes Faustus is no longer available.