[p2p-hackers] NATs reconfiguring IPs and Port Numbers

Saikat Guha saikat at cs.cornell.edu
Thu Mar 2 23:24:29 UTC 2006


On Thu, 2006-03-02 at 14:54 -0800, Eric Hopper wrote:
> I think though that consumer level NAT hardware might have some sort of
> limit on the number of mappings it can keep in memory and apply to
> packets though.

Certain (really old) NAT models (/firmware) did indeed limit the number
of simultaneous connections to 256. They are really hard to find these
days. The lowest limit I can find is 1000
(http://nutss.net/stunt-results.php?sort=-9), but most NATs support
roughly 65K mappings these days.

You'd think they'd allow memory to fill up before doing any garbage
collection of stale connections; turns out vendors would rather do the
timeout thing (some fud about DoS etc. check the behave list for
messages from Hoffman and Srisuresh on the topic) -- so for the most
part, 65K is more than the app can use anyways and inactivity timeouts
are the primary concern here.

-- 
Saikat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://zgp.org/pipermail/p2p-hackers/attachments/20060302/aa007f25/attachment.pgp


More information about the P2p-hackers mailing list