共找到 20 条结果
In this paper, we conduct an empirical study on remote DoS attacks targeting NAT networks. We show that Internet attackers operating outside local NAT networks can remotely identify a NAT device and subsequently terminate TCP connections initiated from the identified NAT device to external servers. Our attack involves two steps. First, we identify NAT devices on the Internet by exploiting inadequacies in the PMTUD mechanism within NAT specifications. This deficiency creates a fundamental side channel that allows Internet attackers to distinguish if a public IPv4 address serves a NAT device or a separate IP host, aiding in the identification of target NAT devices. Second, we launch a remote DoS attack to terminate TCP connections on the identified NAT devices. While recent NAT implementations may include protective measures, such as packet legitimacy validation to prevent malicious manipulations on NAT mappings, we discover that these safeguards are not widely adopted in real world. Consequently, attackers can send crafted packets to deceive NAT devices into erroneously removing innocent TCP connection mappings, thereby disrupting the NATed clients to access remote TCP servers. Our
Reinforcement learning (RL) has become a key driver of progress in large language models, but scaling RL to long chain-of-thought (CoT) trajectories is increasingly constrained by backpropagation over every generated token. Even with optimized rollout engines, full-token updates can consume a large fraction of total training cost, turning token length into a hidden tax on RL. We introduce Not All Tokens Are Needed (NAT), a unified framework that makes the token budget a first-class optimization primitive. NAT updates the policy using only a selected subset of generated tokens while preserving the learning signal of full-sequence RL. The core idea is an unbiased partial-token policy-gradient estimator via Horvitz-Thompson reweighting, which ensures statistically correct gradients despite subsampling. We instantiate NAT with two simple, plug-and-play token selection schemes: Uniform Random Sampling (URS) and Random Prefix Cutting (RPC), both of which reduce forward and backward compute and memory without modifying the reward computation or rollout pipeline. Across mathematical reasoning benchmarks, NAT matches full-token GRPO performance while using as few as 50% of tokens, providing
The promise of decentralized peer-to-peer (P2P) systems is fundamentally gated by the challenge of Network Address Translation (NAT) traversal, with existing solutions often reintroducing the very centralization they seek to avoid. This paper presents the first large-scale measurement study of a fully decentralized NAT traversal protocol, Direct Connection Upgrade through Relay (DCUtR), within the production libp2p-based InterPlanetary File System (IPFS) network. Drawing on over 4.4 million traversal attempts from 85,000+ distinct networks across 167 countries, we provide an empirical analysis of modern P2P connectivity. We establish a conditional success rate of $70\% \pm 7.1\%$ for the hole-punching stage, given that prerequisite relay reservation and public address discovery succeed, providing a crucial new benchmark for the field. Critically, we empirically challenge the long-held belief of UDP's superiority for NAT traversal, demonstrating that DCUtR's high-precision, RTT-based synchronization yields statistically indistinguishable success rates for both TCP and QUIC ($\sim70\%$). Our analysis further validates the protocol's design for permissionless environments by showing t
The generation of transferable adversarial perturbations typically involves training a generator to maximize embedding separation between clean and adversarial images at a single mid-layer of a source model. In this work, we build on this approach and introduce Neuron Attack for Transferability (NAT), a method designed to target specific neuron within the embedding. Our approach is motivated by the observation that previous layer-level optimizations often disproportionately focus on a few neurons representing similar concepts, leaving other neurons within the attacked layer minimally affected. NAT shifts the focus from embedding-level separation to a more fundamental, neuron-specific approach. We find that targeting individual neurons effectively disrupts the core units of the neural network, providing a common basis for transferability across different models. Through extensive experiments on 41 diverse ImageNet models and 9 fine-grained models, NAT achieves fooling rates that surpass existing baselines by over 14\% in cross-model and 4\% in cross-domain settings. Furthermore, by leveraging the complementary attacking capabilities of the trained generators, we achieve impressive f
The rapid expansion of distributed Artificial Intelligence (AI) workloads beyond centralized data centers creates a demand for new communication substrates. These substrates must operate reliably in heterogeneous and permissionless environments, where Network Address Translators (NATs) and firewalls impose significant constraints. Existing solutions, however, are either designed for controlled data center deployments or implemented as monolithic systems that tightly couple machine learning logic with networking code. To address these limitations, we present Lattica, a decentralized cross-NAT communication framework designed to support distributed AI systems. Lattica integrates three core components. First, it employs a robust suite of NAT traversal mechanisms to establish a globally addressable peer-to-peer mesh. Second, it provides a decentralized data store based on Conflict-free Replicated Data Types (CRDTs), ensuring verifiable and eventually consistent state replication. Third, it incorporates a content discovery layer that leverages distributed hash tables (DHTs) together with an optimized RPC protocol for efficient model synchronization. By integrating these components, Latt
The promise of decentralized peer-to-peer (P2P) systems is fundamentally gated by the challenge of Network Address Translation (NAT) traversal, with existing solutions often reintroducing the very centralization they seek to avoid. This paper presents the first large-scale, longitudinal measurement study of a fully decentralized NAT traversal protocol, Direct Connection Upgrade through Relay (DCUtR), within the production libp2p-based IPFS network. Drawing on over 4.4 million traversal attempts from 85,000+ distinct networks across 167 countries, we provide a definitive empirical analysis of modern P2P connectivity. We establish a contemporary baseline success rate of $70\% \pm 7.1\%$ for the hole-punching stage, providing a crucial new benchmark for the field. Critically, we empirically refute the long-held 'tribal knowledge' of UDP's superiority for NAT traversal, demonstrating that DCUtR's high-precision, RTT-based synchronization yields statistically indistinguishable success rates for both TCP and QUIC ($\sim70\%$). Our analysis further validates the protocol's design for permissionless environments by showing that success is independent of relay characteristics and that the m
The widespread adoption of Network Address Translation (NAT) technology has led to a significant number of network end nodes being located in private networks behind NAT devices, impeding direct communication between these nodes. To solve this problem, a technique known as "hole punching" has been devised for NAT traversal to facilitate peer-to-peer communication among end nodes located in distinct private networks. However, as the increasing demands for speed and security in networks, TCP-based hole punching schemes gradually show performance drawbacks. Therefore, we present a QUIC-based hole punching scheme for NAT traversal. Through a comparative analysis of the hole punching time between QUIC-based and TCP based protocols, we find that the QUIC-based scheme effectively reduces the hole punching time, exhibiting a pronounced advantage in weak network environments. Furthermore, in scenarios where the hole punched connection is disrupted due to factors such as network transitions or NAT timeouts, this paper evaluates two schemes for restoring the connection: QUIC connection migration and re-punching. Our results show that QUIC connection migration for connection restoration saves
Network Address Translation (NAT) plays an essential role in shielding devices inside an internal local area network from direct malicious accesses from the public Internet. However, recent studies show the possibilities of penetrating NAT boxes in some specific circumstances. The penetrated NAT box can be exploited by attackers as a pivot to abuse the otherwise inaccessible internal network resources, leading to serious security consequences. In this paper, we aim to conduct an Internet-wide penetration testing on NAT boxes. The main difference between our study and the previous ones is that ours is based on the TCP/IP side channels. We explore the TCP/IP side channels in the research literature, and find that the shared-IPID side channel is the most suitable for NAT-penetration testing, as it satisfies the three requirements of our study: generality, ethics, and robustness. Based on this side channel, we develop an adaptive scanner that can accomplish the Internet-wide scanning in 5 days in a very non-aggressive manner. The evaluation shows that our scanner is effective in both the controlled network and the real network. Our measurement results reveal that more than 30,000 netwo
Quick network address translation (NAT) is proposed to improve the network performance of the NAT system on the commodity server by three ways. First, the quick NAT search algorithm is designed to use the Hash search instead of the sequential search to reduce latency when looking up the NAT rule table. Second, to leverage the power of the multi-core central processing unit (CPU) and the multi-queue network interface card, Quick NAT enables multiple CPU cores to process in parallel. The localized connection tracking table and the compare-and-swap based lock-free NAT Hash tables are designed to eliminate the lock overhead. Third, Quick NAT uses the polling and zero-copy delivery to reduce the cost of interrupt and packet copies. The evaluation results show that Quick NAT obtains high scalability and line-rate throughput on the commodity server.
In recent times, the prevalence of home NATs and the widespread implementation of Carrier-Grade NATs have posed significant challenges to various applications, particularly those relying on Peer-to-Peer communication. This paper addresses these issues by conducting a thorough review of related literature and exploring potential techniques to mitigate the problems. The literature review focuses on the disruptive effects of home NATs and CGNATs on application performance. Additionally, the study examines existing approaches used to alleviate these disruptions. Furthermore, this paper presents a comprehensive guide on how to puncture a NAT and facilitate direct communication between two peers behind any type of NAT. The techniques outlined in the guide are rigorously tested using a simple application running the IPv8 network overlay, along with their built-in NAT penetration procedures. To evaluate the effectiveness of the proposed techniques, 5G communication is established between two phones using four different Dutch telephone carriers. The results indicate successful cross-connectivity with three out of the four carriers tested, showcasing the practical applicability of the sugges
In Fig. 4c, under the section titled "Pinning and thermally activated motion of vortices" in arXiv:2206.14108 and Nat Phys. 19, 1293 (2023) [1], Minkov and co-workers presented the time dependence of the magnetic moment of sulfur hydride (H$_{3}$S) under high pressure and argued that they had observed magnetic flux creep at 165 K, 180 K and 185 K. Flux creep is a phenomenon observed under the assumption that the material under study can trap magnetic flux, and thus, Fig. 4c serves as evidence that H$_{3}$S traps magnetic flux and is a high-temperature superconductor. The claim remains unchanged even in the recently published Author Correction [2] to Ref. [1]. However, Ref. [2] discloses an experimental protocol they used to collect the time-dependent magnetic moment data. In this Commentary Paper, we point out that the protocol is not applicable to H$_{3}$S under high pressure and propose an alternative protocol. The correct protocol demonstrates that the claim in Refs. [1,2] -- that their time-dependent magnetic moment data serve as evidence of "pinning and thermally activated motion of vortices" -- is indeed invalid.
I analyze the implications of the recently published "Author Correction" (Nat Commun 14, 5322 (2023)) to a paper by Eremets and coauthors reporting magnetization measurements on hydrides under high pressure (Nat Commun 13, 3194 (2022)) to the understanding of the validity and reproducibility of the published data. This paper is a compilation of several different papers already published or to be published in the scientific literature.
Carrier Grade NAT (CGN) mechanisms enable ISPs to share a single IPv4 address across multiple customers, thus offering an immediate solution to the IPv4 address scarcity problem. In this paper, we perform a large scale active measurement campaign to detect CGNs in fixed broadband networks using NAT Revelio, a tool we have developed and validated. Revelio enables us to actively determine from within residential networks the type of upstream network address translation, namely NAT at the home gateway (customer-grade NAT) or NAT in the ISP (Carrier Grade NAT). We demonstrate the generality of the methodology by deploying Revelio in the FCC Measuring Broadband America testbed operated by SamKnows and also in the RIPE Atlas testbed. We enhance Revelio to actively discover from within any home network the type of upstream NAT configuration (i.e., simple home NAT or Carrier Grade NAT). We ran an active large-scale measurement study of CGN usage from 5,121 measurement vantage points within over 60 different ISPs operating in Europe and the United States. We found that 10% of the ISPs we tested have some form of CGN deployment. We validate our results with four ISPs at the IP level and, rep
In the present study we have measured the excitation functions for the nuclear reactions $^{100}$Mo($α$,n)$^{103}$Ru, $^{nat}$Mo($α$,x)$^{97}$Ru, $^{nat}$Mo($α$,x)$^{95}$Ru, $^{nat}$Mo($α$,x)$^{96g}$Tc, $^{nat}$Mo($α$,x)$^{95g}$Tc and $^{nat}$Mo($α$,x)$^{94g}$Tc in the energy range 11-32 MeV. We have used the stacked foil activation technique followed by off-line gamma ray spectroscopy technique to measure the excitation functions. In this study we have also documented detailed uncertainty analysis for these nuclear reactions and their corresponding covariance matrix are also presented. The excitation functions are compared with the available experimental data from EXFOR data library and the theoretical prediction from TALYS nuclear reaction code. The present measurements are found to be consistent with the available experimental data.
Biomedical data is growing exponentially, and managing it is increasingly challenging. While Findable, Accessible, Interoperable and Reusable (FAIR) data principles provide guidance, their adoption has proven difficult, especially in larger enterprises like pharmaceutical companies. In this manuscript, we describe how we leverage an Ontology-Based Data Management (OBDM) strategy for digital transformation in Novo Nordisk Research & Early Development. Here, we include both our technical blueprint and our approach for organizational change management. We further discuss how such an OBDM ecosystem plays a pivotal role in the organizations digital aspirations for data federation and discovery fuelled by artificial intelligence. Our aim for this paper is to share the lessons learned in order to foster dialogue with parties navigating similar waters while collectively advancing the efforts in the fields of data management, semantics and data driven drug discovery.
We provide a writeup of a resolution of Erdős Problem #728; this is the first Erdős problem (a problem proposed by Paul Erdős which has been collected in the Erdős Problems website) regarded as fully resolved autonomously by an AI system. The system in question is a combination of GPT-5.2 Pro by OpenAI and Aristotle by Harmonic, operated by Kevin Barreto. The final result of the system is a formal proof written in Lean, which we translate to informal mathematics in the present writeup for wider accessibility. The proved result is as follows. We show a logarithmic-gap phenomenon regarding factorial divisibility: For any constants $0<C_1<C_2$ and $0 < \varepsilon < 1/2$ there exist infinitely many triples $(a,b,n)\in\mathbb N^3$ with $\varepsilon n \le a,b \le (1-\varepsilon)n$ such that \[ a!\,b!\mid n!\,(a+b-n)!\qquad\text{and}\qquad C_1\log n < a+b-n < C_2\log n. \] The argument reduces this to a binomial divisibility $\binom{m+k}{k}\mid\binom{2m}{m}$ and studies it prime-by-prime. By Kummer's theorem, $ν_p\binom{2m}{m}$ translates into a carry count for doubling $m$ in base $p$. We then employ a counting argument to find, in each scale $[M,2M]$, an integer $m$ w
Due to potential level of energy intensity 178m2Hf is an extremely interesting isomer. One possible way to produce this isomer is irradiation of nat-Ta or nat-W samples with high energy protons. Irradiation of nat-Ta and nat-W samples performed for other purposes provides an opportunity to study the corresponding reactions. This paper pre-sents the 178m2Hf independent production cross sections for both targets measured by the gamma-ray spectrometry method. The reaction excitation functions have been obtained for the proton energies from 40 up to 2600 MeV. The experimental results were compared with calculations by various versions of the intranuclear cascade model in the well-known codes: ISABEL, Bertini, INCL4.5+ABLA07, PHITS, CASCADE07 and CEM03.02. The isomer ratio for the nat-Ta(p,x)178m2Hf reaction is evaluated on the basis of the available data.
We study some physical properties of black holes in Null Aether Theory (NAT)--a vector-tensor theory of gravity. We first review the black hole solutions in NAT and then derive the first law of black hole thermodynamics. The temperature of the black holes depends on both the mass and the NAT \textquotedblleft charge" of the black holes. The extreme cases where the temperature vanishes resemble the extreme Reissner-Nordström black holes. We also discuss the contribution of the NAT charge to the geodesics of massive and massless particles around the NAT black holes.
Activation cross sections for proton induced reactions on Sm are presented for the first time for $^{nat}$Sm(p,xn)$^{154,152m2,152m1,152g,150m,150g,149,148,147,146,145}$Eu, $^{nat}$Sm(p,x)$^{153,145}$Sm, $^{nat}$Sm(p,x)$^{151,150,149,148g,148m,146,144,143}$Pm and $^{nat}$Sm(p,x)$^{141}$Nd up to 65 MeV. The cross sections were measured via activation method by using a stacked-foil irradiation technique and high resolution gamma ray spectroscopy. The results were compared with results of the nuclear reaction codes ALICE, EMPIRE and TALYS (results taken from TENDL libraries). Integral yields of the activation products were calculated from the excitation functions.
Structured P2P overlays provide a framework for building distributed applications that are self-configuring, scalable, and resilient to node failures. Such systems have been successfully adopted in large-scale Internet services such as content delivery networks and file sharing; however, widespread adoption in small/medium scales has been limited due in part to security concerns and difficulty bootstrapping in NAT-constrained environments. Nonetheless, P2P systems can be designed to provide guaranteed lookup times, NAT traversal, point-to-point overlay security, and distributed data stores. In this paper we propose a novel way of creating overlays that are both secure and private and a method to bootstrap them using a public overlay. Private overlay nodes use the public overlay's distributed data store to discover each other, and the public overlay's connections to assist with NAT hole punching and as relays providing STUN and TURN NAT traversal techniques. The security framework utilizes groups, which are created and managed by users through a web based user interface. Each group acts as a Public Key Infrastructure (PKI) relying on the use of a centrally-managed web site providing