«Anti-NAT» — the system designed for processing the information about communication services provided to subscribers, as well as for identification of the internal address of the subscriber.
«Anti-NAT» is developed in accordance with the Government Resolution №538 from August 27, 2005 about «the Rules for Interaction by Communication Operators with Authorized Government Agencies conducting operative crime detection activities».
Technical Characterisctics:
4 10GE ports: 2 on the traffic input «before NAT», 2 on the traffic input «after NAT».
Types of saved fields:
- T (local clock of the device «Anti-NAT» flow-through time);
- LOCAL-IP (subscriber’s local address);
- LOCAL-PORT (subscriber’s port in the local network);
- GW-LOCAL-IP (local address of the gateway in the subscriber network);
- GW-GLOBAL-IP (the address from which this flow was seen on the resource);
- GW-GLOBAL-PORT (the subscriber’s port in the global network from which the subscriber was seen on the resource);
- REMOTE-IP (the global resource address);
- REMOTE-PORT (the resource service port).
Search fields combinations:
- T;
- T+LOCAL-IP;
- T+REMOTE-IP+REMOTE-PORT;
- T+GW-GLOBAL-IP+GW-GLOBAL-PORT.
Indication of temporary parameters during the search allows to compensate the possible difference in hours between «Anti-NAT» and other devices.
Issue format:
- CSV;
- Table in HTML.
Energy efficiency:
- Server for installation in the 1U high rack;
- 2 rays of feed;
- The maximum power consumption is 460W.
Principle of work:
From logs of the visited resource, for example Apache, define the external IP-adress, port and time, from which the subscriber got behind NAT and define the internal address by it.
The scheme of «Anti-NAT» connection:
