Detect or Block double NAT

Dear all,
How do i block / detect Double internet sharing (NAT) eg.
I shared the internet to 192.168.0.14
then again 192.168.0.14 shared internet to 192.168.1.14

So how do we detect/block this 2 time internet sharing (NAT)
I heard there is a paper about detecting double NAT but can't find it. I hope u guys will help me . Thank in advance

Nobody replied to my query
is the question unclear guys ?

Honestly, there is really no way to detect this. That is whole point of NAT. It makes multiple hosts look like one.

You might be able to make a logical guess by looking at traffic patterns and the amount of bandwidth used by a the host in question, but there is no easy way to disect the packet and say definitively that a host is doing NAT for one or more machines.
Try looking for a router. Use the IEEE OUI lookup tool to convert the MAC to a manufacturer. If you find a Cisco-Linksys device where there should be a workstation, then you can start your investigation there.

Thanks for the reply, but i heard from somebody that from headers there is way to detect the Double NAT, and even there is white paper on internet. But i m unable to find that paper on internet ? Can somebody help me to get that paper.

As far as I know it is just like d_jabsd said, there is no certain and definite way you can tell if NAT takes place (once or more than once). There are indications that can be extracted from header information and traffic paterns which can lead to a reasonable guess most of the times, however it will always be a guess -any header information that would indicate NAT, like TTL or ID values of IP, can easily be overwritten.

I believe this paper you refer to will be describing such a guessing method.

Given the fact that most papers are published in PDF, you can try your luck using the filetype:pdf filter of google to narrow down your search.

As far as I know it is just like d_jabsd said, there is no certain and definite way you can tell if NAT takes place (once or more than once). There are indications that can be extracted from header information and traffic paterns which can lead to a reasonable guess most of the times, however it will always be a guess -any header information that would indicate NAT, like TTL or ID values of IP, can easily be overwritten.

I believe this paper you refer to will be describing such a guessing method.

Given the fact that most papers are published in PDF, you can try your luck using the filetype:pdf filter of google to narrow down your search.

Can you tell me how do i get header information for this double NAT ?