Systems behind routers tracable?
Steve Bellovin, one of the founding fathers of Usenet and now working for the Internet Engineering Task Force, claims to have written an algorithm able to make the distinction between packets coming from different computers behind a NAT-router.
What he did is study the IPid, a 16-bit IP header number (RFC 0760) added to the packets by the TCP/IP protocol. Succeeding packets are numbered with succeeding IPid's. What Bellovin's algorithm does, is search for succeeding sequences, where different sequences belong to different computers.
A helping hand for ISP's that don't like customers to connect more than one computer on one line?
There's something that doesn't make the algo 100% effective though. Within a LAN, packets are also numbered. This makes that from outside the router, the visable IPid values appear to belong to different sequences, making it look like there is more than one computer behind the router.
Another thing is that BSD for example generates random IPid's, making the algorithm useless...
Here's the research paper.