Recently, UC Irvine's Residential Network department changed their security policies to include the following requirement:
Reconfiguration of Home Routers
Home routers will need to have DHCP functionality and network address translation (NAT) disabled.
Now, I've only dabbled in network protocols, but I thought that it's impossible to tell if a device on your network is a router using NAT or a client that's just making a lot of connections, and that DHCP is completely OS agnostic.
So I'm wondering: social issues aside*, would it be technically feasible to enforce this policy**? (on a university residential network's budget, of course)
I don't know how they could do it, especially in a network that has to deal with more sophisticated users who might be doing things like changing their MAC address or modifying their browser's user-agent string (and isn't that particularly expensive to sniff?).
On the other hand, like I said before, I've only ever dabbled in network protocols, so maybe there's something obvious I'm missing.
* Presumably, after this policy change, they can now say "well, you weren't following policy, it's your job to find the computer that was infected and fix it".
** As far as I can tell, they aren't actually. It theoretically went into effect last week.
Best Answer
It can be difficult, but not impossible. For example, if you see a Macintosh and a Windows browser client from the same IP, that's probably NAT. Or, if you routinely see near-simultaneous requests for completely different web pages (say, serverfault and TMZ), that could also be a sign. Or, ICMP requests that can be "fingerprinted" differently - e.g. some implentations null-filling certain packets and some that don't. Remember, even if they do find people doing these sorts of things, it's still against policy, so if they catch you doing it, they can still say 'it was against the rules'. You can almost never fully enforce a policy decision via technical means, but this allows them to say 'See, it is against the rules.