Internet denial by higher-tier ISPs: A NAT-based solution

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Saudi Digital Library
Internet is an interconnection of independent Autonomous Systems (ASes). Most of the large ASes are operated by Internet Service Providers (ISPs), which are classified into 3 tiers based on their size and interconnections. Most of the Internet traffic is routed through the Internet core, represented by higher-tier ISPs. Because of the security flaws of Border Gateway Protocol (BGP), the presence of one or more malicious ISPs among the higher-tier ISPs can lead to many security concerns. Internet denial is when a malicious ISP blocks some or all the traffic that belongs to a specific network. The impact of Internet denial can be very critical. Network Address Translation (NAT) is used to design a solution that is scalable. In the NAT-based solution, outgoing traffic is address-translated into a non-blocked IP address in order to hide its identity. However, NAT limits end-to- end connectivity, causing servers within the victim network to become unreachable by external users. Application-layer information is used to design solutions for web and email server reachability behind NAT. NAT also limits peer-to-peer (p2p) connectivity, preventing p2p applications from working properly. Existing solutions for NAT traversal are used to bypass this limitation. The impact of the proposed NAT-based solution on performance is negligibly small, and only a single NAT traversal technique, namely relaying, causes significant impact on the network performance.