Share or Not: Investigating the Presence of Large-Scale Address Sharing in the Internet

Network Address Translation (NAT) allows multiple devices with private addresses to share one public address. NAT was mainly confined to home gateways, but with the exhaustion of the IPv4 address space, large-scale NATs have been deployed. Other technologies causing large-scale address sharing are on the rise as well (e.g. VPNs). Large-scale address sharing is problematic, since it limits the number of concurrent TCP connections and severely limits geolocation and geoblocking. We investigate the presence of large-scale address sharing in the Internet, including how frequently it occurs, in which types of organisations it occurs, where it occurs geographically, how many users share addresses, and whether its presence is linked to IPv4 address shortage. Our results show that there are thousands of addresses with significant large-scale sharing with up to a few thousand users sharing a single address. Most of this sharing occurs within ISPs, many of which are located in countries with IPv4 address shortage, indicating that large-scale NATs may be a consequence of IPv4 shortages.

[1]  Bernard Aboba,et al.  IPsec-Network Address Translation (NAT) Compatibility Requirements , 2004, RFC.

[2]  Steven M. Bellovin,et al.  A technique for counting natted hosts , 2002, IMW '02.

[3]  Steve Uhlig,et al.  IP geolocation databases: unreliable? , 2011, CCRV.

[4]  Anja Feldmann,et al.  NAT Usage in Residential Broadband Networks , 2011, PAM.

[5]  Heejung An,et al.  STEAM , 2019, Journal of Dance Education.

[6]  Grenville J. Armitage,et al.  Issues with network address translation for SCTP , 2008, CCRV.

[7]  W. B. Cavnar,et al.  N-gram-based text categorization , 1994 .

[8]  Martin Grill,et al.  Passive NAT detection using HTTP logs , 2015 .

[9]  Sebastian Zander,et al.  Dissecting server-discovery traffic patterns generated by multiplayer first person shooter games , 2005, NetGames '05.

[10]  Georgios Smaragdakis,et al.  Beyond Counting: New Perspectives on the Active IPv4 Address Space , 2016, Internet Measurement Conference.

[11]  Lachlan L. H. Andrew,et al.  Capturing ghosts: predicting the used IPv4 space by inferring unobserved addresses , 2014, Internet Measurement Conference.

[12]  Yuval Shavitt,et al.  A Geolocation Databases Study , 2011, IEEE Journal on Selected Areas in Communications.

[13]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[14]  Grenville Armitage Inferring the extent of network address port translation at public/private internet boundaries , 2002 .

[15]  Lachlan L. H. Andrew,et al.  Collaborative and privacy-preserving estimation of IP address space utilisation , 2017, Comput. Networks.

[16]  Steven M. Bellovin,et al.  Firewall-Friendly FTP , 1994, RFC.