Carrier-grade NAT — is it really secure for customers? A test on a Turkish service provider

Abstract

Dramatic rise in the user amount yields increase in the number of internet accessed devices within the last decade. Since most of the devices have internet connection, IPv4 space becomes inadequate. In order to avoid this situation, internet service providers focus on using their IP's within their IP pool, optimally. The most preferred approach to handle this problem is called Carrier Grade Network Address Translation (CGN). In this technique, a city, a neighborhood or a group of users could be configured as if they are in the same Local Area Network (LAN) and they have IPv4 Network Address Translation (NAT) connections for Wide Area Network (WAN) accesses. By applying this approach, IP costs are reduced and number of IP's in the pool is optimized. However, implementations done in recent systems could cause vulnerabilities as well. This work focuses on examining a part of CGN applied network that acts as LAN, by scanning, exploring users, devices and vulnerabilities for a specific neighborhood in Turkey. Users and devices are determined and since they are considered in the same LAN most of them are easily gained access and the insecurity of the system is proved. Also it is also observed that a user could stop or slow down the traffic by Denial of Service (DoS) or Distributed DoS attacks.