0

On the same local network, we have two identical computers (a) and (b) which have identical software installed which send identical HTTP headers and requests to the same server, except for the url which reveals which machine the request comes from:

a$ curl example.com/a
b$ curl example.com/b

Then we let the two machines use a different software to again send two identical requests, but this time we use completely identical URLs, so the requests are indistinguishable. 

a$ wget example.com
b$ wget example.com

Is there any way the receiving Web server can tell which of the two wget requests came from machine a and which came from machine b?

I assume the answer lies in explaining how NAT works and if there is any way someone on the outside can know which of n machines inside a local network they are talking to, provided the requests themselves are identical and don't reveal anything specific about the requesting machine.

forthrin
  • 1,741
  • 1
  • 13
  • 21

1 Answers1

2

If the machines have the same software version of wget and curl and operating system, and assuming that both requests have the same source IP due to the NAT, is impossible to know the source machine from the destination server. Take into account that the only field available on HTTP that could differentiate the machine type is the User-Agent and also this field could be modified and fake it on the source. Hope clarifies

An example on python-curl (wrapper of curl)

User-Agent: PycURL/7.43.0.2 libcurl/7.59.0 OpenSSL/1.1.0i

This User-Agent could vary depending on the python-curl version and on the openssl used.

An example of python requests

User-Agent: python-requests/2.19.1

So if you have two machines with the same version of python-requests 2.19 (for example) but one is Windows and the other is Linux, and only the 2.19.1 is supported in Linux you will know exactly what was the machine, but remember that this information (the user agent) could be modified easily.

camp0
  • 2,172
  • 1
  • 10
  • 10
  • That is reassuring to know! A related side question would be how NAT knows, when it gets an (asynchronous!) response back from someone, which computer inside the local network it should forward the response back to, since the response doesn't contain any clue of which computer it came from in the first place. Does it use bidirectional sockets or something that are kept open until the response arrives, thereby ensuring that request and response are kept within a defined and confined environment? – forthrin Feb 15 '19 at 10:09
  • @forthrin: How NAT works is not really a security question. Apart from that new questions should not be asked in a comment. But basically it is a stateful packet filter and the state information contain the relevant information on how to translate port and address in the packet. To understand what a stateful packet filter does it might be useful to understand basic network concepts, i.e. how UDP and TCP work. Then you will see that *"since the response doesn't contain any clue of which computer it came from"* is not true, at least not from the perspective of the device doing NAT. – Steffen Ullrich Feb 15 '19 at 10:15
  • @SteffenUllrich: I meant the response sent from the Web server doesn't contain that, but obviously from the perspective of the device doing NAT, you're surely right. I assume diving into NAT, UDP and TCP are not for the faint at heart, but maybe I can find some information that skims the surface enough for me to grasp the basics. Thanks! – forthrin Feb 15 '19 at 10:28