Research Of Detection On Proxy Server And NAT Gateway

With the rapid development of the Internet, the situation of existing networks and address the growing severe, which it is even more prominent in Europe and Asia area. At the same time, some large enterprises or groups in order to better manage their own network to ensure its security and stability, the proxy server and NAT gateway start more applied in the Internet. Because of the one-to-one structure of the Internet was broken by the proxy server and NAT gateway applications in the Internet, the structure of inner network behind the proxy server and NAT gateway is unknown to the public network namely external network. Therefore, on the one hand we use proxy server and NAT gateway to enhance network security and to achieve an extension of the network, on the other hand there is a chance that non-authorized user illegal access network.In order to better manage networks, we need update the network structure information in time. We provide access services for the customer, at same time we avoid un-authorized users illegal access network. On the one hand, we need prevent to avoid charges of web services, on the other hand more important is to prevent users use proxy server or NAT gateway set up the private address space in order to hide their address information so that to achieve its illegal purpose. The past most commonly used detection methods are based on the network layer and transport layer detection, it analysis the packets information in the network. The methods of detection: such as active detection, passive detection and semi-active detection.This paper studied the detection method is passive detection method based on the application layer. For the proxy server detection, we main analysis the most common is HTTP agent. We obtain the client address information, browser information and operating system information most through passive catch HTTP protocol information in the network packets and analysis it. For the NAT gateway detection, this paper uses the application layer software information analysis method [23]. At the selection of application software, we select the relatively popular instant message software as a detector for analysis, such as MSN, QQ etc. The reason why such software selection is: on the one hand this type of software has many users, moreover it has high usage rate compared with other application software. On the other hand, the type of software commonly used server-client communication. The client equipment wills regularly communication with the server even if the client is not at a certain period time to operate. It has long time on-line and stability of the software feature information easy to capture and analysis. In the analysis process, this paper use count the quantity of the instant message software presence channel and IP ID sequence which come from a particular address to determine the address is a single activity host or one private address space, and further to determine the quantity of host within the private address space. At last, we put forward a conjecture: detect the number of clock skew in odor to determine the host number in the private space.