Working with NAT Flow. How to find a subscriber after NAT [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Next revision    		Previous revision
    en:dpi:opt_cgnat:abuse_letters:start [2024/03/14 08:51] – created elena.krasnobryzhen:dpi:opt_cgnat:abuse_letters:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
    Line 1: Line 1:
    -======Working with abuse letters. How to find a subscriber after NAT====== 
    -<note tip>The following components are required to work with QoE statistics: [[en:dpi:dpi_components:qoestor:start|QoE Stor Module]] и [[en:dpi:dpi_components:dpiui:start|SSG DPI control interface]].\\ 
    -Description for configuring NAT in QoE: [[en:dpi:dpi_components:qoestor:configuration:nat_flow:start]]</note> 
      
    -This tutorial is how to find the specific subscriber who is reported abuse.\\ 
    -The abuse email usually contains a global address from a NAT pool. We need to understand which of the subscribers went to the resource where the virus activity was detected at a known time behind this NAT-pool.\\ 
    -We need to perform **two steps** — find the necessary information in the abuse email and use it to identify the subscriber in the GUI of the Stingray. 
    - 
    -=====Step 1. Research the email===== 
    -  - The address from your NAT pool (source IP). 
    -  - Address of the attacked resource (destination IP) 
    -  - Activity time on the attacked resource //(considering the time zones!)// 
    - 
    -  * **Example 1.** \\ {{dpi:opt_cgnat:cgnat_faq:email-ex-1.png?nolink&600|}} 
    - 
    -  * ** Example 2.** \\ {{dpi:opt_cgnat:cgnat_faq:email-ex-2.png?nolink&600|}} 
    - 
    -More can be found useful in the email: 
    -  - Reason of abuse \\ {{dpi:opt_cgnat:cgnat_faq:email-abuse-type.png?nolink&600|}} 
    -  - History of abuse (if the activity was repeated) \\ {{dpi:opt_cgnat:cgnat_faq:email-abuse-logs.png?nolink&600|}} 
    - 
    -This can help you understand the scope of the problem and identify similar problems on your network. 
    - 
    -=====Step 2. Looking for subscriber activity in the GUI===== 
    -The task is to determine from the logs which subscriber behind the NAT-pool (source IP) specified in the letter was accessing the destination IP at that time. 
    - 
    -Before you start the search it is worth checking two facts: 
    -  - The NAT pool in question is set to CG-NAT in Stingray. \\ {{dpi:opt_cgnat:cgnat_faq:nat_pool.png?direct&600|}} 
    -  - The NAT log storage time captures the time of activity. View and configure \\ {{dpi:opt_cgnat:cgnat_faq:nat_log_lifetime.png?direct&600|}} 
    - 
    -Then in the GUI you need to open the section NAT flow, select a period, enter the source and destination IP. \\ 
    -  * {{dpi:opt_cgnat:cgnat_faq:nat_flow_src_dest_1.png?direct&600|}} 
    - 
    -  * {{dpi:opt_cgnat:cgnat_faq:nat_flow_src_dest_2.png?direct&600|}} 
    -<note>Perform the necessary actions with the found subscriber to prevent further abuse.</note>