Date: Sun, 11 Apr 2004 09:24:37 +0200 From: Uwe Doering <gemini@geminix.org> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD router: Can my internet provider detect my home network? Message-ID: <4078F2B5.3080300@geminix.org> In-Reply-To: <407643B7.3080308@users.sourceforge.net> References: <407643B7.3080308@users.sourceforge.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Rob wrote: > > I plan to have a FreeBSD (4.9 stable) system serving as a router > between my provider and a set of my home computers connected > via a home network. > > My provider does not really like this, but I don't care so much, > as long as s/he cannot detect (too easily) my home network. > [...] > > Is it correct, that the combination of firewall and natd divert > all requests and thus hide the home network for my provider? > Are requests from all other networked home PC's done on behalf of > the router, so that my provider will only see requests from my router? If they want to, they can detect that there's more than one computer using that link. They just need to look at the TCP sequence numbers. This way they can associate TCP packets with their individual originating hosts. If they see more than one group of sequentially increasing TCP sequence numbers they know that you're cheating. Whether they really care about it as long as you're not causing excessive network traffic or other trouble is a different matter. The only way to really hide your computers is to block direct Internet connections and instead use proxy software on a gateway server for each and every service. IMHO, quite an effort for probably just a couple of bucks saved. Larger companies do this, but for security reasons and also to control what their employees do on the Internet. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4078F2B5.3080300>