19 Dec
2017
19 Dec
'17
6:12 p.m.
On 12/18/2017 11:10 PM, teor wrote:
The number of active connections that can be NATed per IP address is limited by the number of ports: 65535. (Technically, it's 65535 per remote IP address and port, but most NATs don't have that much RAM or bandwidth.)
Also, genuine users behind a NAT would likely have multiple Tor and non-Tor connections open. And spare ports are needed for NAT to manage port churn and the TCP delay wait state on connection close.
To be more precise:
- if all 65535 connections on an IP were open to the Tor network, and
- the biggest Tor Guard has 0.91% Guard probability[0], then
- it would expect to see 597 connections.
good example, Thx teor !
--
Toralf
PGP C4EACDDE 0076E94E