Kevser Ovaz Akpinar, M. Akpinar, Ibrahim Ozcelik, N. Yumusak
{"title":"运营商级NAT——对客户来说真的安全吗?对土耳其服务提供商的测试","authors":"Kevser Ovaz Akpinar, M. Akpinar, Ibrahim Ozcelik, N. Yumusak","doi":"10.1109/ICAICT.2016.7991693","DOIUrl":null,"url":null,"abstract":"Dramatic rise in the user amount yields increase in the number of internet accessed devices within the last decade. Since most of the devices have internet connection, IPv4 space becomes inadequate. In order to avoid this situation, internet service providers focus on using their IP's within their IP pool, optimally. The most preferred approach to handle this problem is called Carrier Grade Network Address Translation (CGN). In this technique, a city, a neighborhood or a group of users could be configured as if they are in the same Local Area Network (LAN) and they have IPv4 Network Address Translation (NAT) connections for Wide Area Network (WAN) accesses. By applying this approach, IP costs are reduced and number of IP's in the pool is optimized. However, implementations done in recent systems could cause vulnerabilities as well. This work focuses on examining a part of CGN applied network that acts as LAN, by scanning, exploring users, devices and vulnerabilities for a specific neighborhood in Turkey. Users and devices are determined and since they are considered in the same LAN most of them are easily gained access and the insecurity of the system is proved. Also it is also observed that a user could stop or slow down the traffic by Denial of Service (DoS) or Distributed DoS attacks.","PeriodicalId":446472,"journal":{"name":"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Carrier-grade NAT — is it really secure for customers? A test on a Turkish service provider\",\"authors\":\"Kevser Ovaz Akpinar, M. Akpinar, Ibrahim Ozcelik, N. Yumusak\",\"doi\":\"10.1109/ICAICT.2016.7991693\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Dramatic rise in the user amount yields increase in the number of internet accessed devices within the last decade. Since most of the devices have internet connection, IPv4 space becomes inadequate. In order to avoid this situation, internet service providers focus on using their IP's within their IP pool, optimally. The most preferred approach to handle this problem is called Carrier Grade Network Address Translation (CGN). In this technique, a city, a neighborhood or a group of users could be configured as if they are in the same Local Area Network (LAN) and they have IPv4 Network Address Translation (NAT) connections for Wide Area Network (WAN) accesses. By applying this approach, IP costs are reduced and number of IP's in the pool is optimized. However, implementations done in recent systems could cause vulnerabilities as well. This work focuses on examining a part of CGN applied network that acts as LAN, by scanning, exploring users, devices and vulnerabilities for a specific neighborhood in Turkey. Users and devices are determined and since they are considered in the same LAN most of them are easily gained access and the insecurity of the system is proved. Also it is also observed that a user could stop or slow down the traffic by Denial of Service (DoS) or Distributed DoS attacks.\",\"PeriodicalId\":446472,\"journal\":{\"name\":\"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICAICT.2016.7991693\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAICT.2016.7991693","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Carrier-grade NAT — is it really secure for customers? A test on a Turkish service provider
Dramatic rise in the user amount yields increase in the number of internet accessed devices within the last decade. Since most of the devices have internet connection, IPv4 space becomes inadequate. In order to avoid this situation, internet service providers focus on using their IP's within their IP pool, optimally. The most preferred approach to handle this problem is called Carrier Grade Network Address Translation (CGN). In this technique, a city, a neighborhood or a group of users could be configured as if they are in the same Local Area Network (LAN) and they have IPv4 Network Address Translation (NAT) connections for Wide Area Network (WAN) accesses. By applying this approach, IP costs are reduced and number of IP's in the pool is optimized. However, implementations done in recent systems could cause vulnerabilities as well. This work focuses on examining a part of CGN applied network that acts as LAN, by scanning, exploring users, devices and vulnerabilities for a specific neighborhood in Turkey. Users and devices are determined and since they are considered in the same LAN most of them are easily gained access and the insecurity of the system is proved. Also it is also observed that a user could stop or slow down the traffic by Denial of Service (DoS) or Distributed DoS attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
