Detection and Prohibition of NAT for Network User Authentication Gateway System Opengate

Mitsuhiro Suenaga, Hisaharu Tanaka, Makoto Otani, Yasuhisa Okazaki, Kenzi Watanabe


Opengate is a user authentication gateway system for network in the environment opened to public. This system has been operating for controlling the campus-wide open network in Saga University since 2001. When NAT device is on the network of the user side of Opengate, nobody can identify which node of the local network accessed through the NAT device. Therefore, if public terminals downstream of the NAT device is used incorrectly, it becomes difficult to identify user. In this research, we have introduced a method for detection and prohibition of NAT under the Opengate. We have implemented a method of detecting NAT device by comparing an actual IP address assigned to the client and an IP address of the client that Opengate knows using a signed Java applet. In addition, we have implemented a method for detecting the NAT device by the monitoring of the TTL as an alternative in an environment where Java applet does not work.


Opengate; NAT; Network Authentication; NAT Detection

Full Text:



  • There are currently no refbacks.