Full Disclosure mailing list archives
Re: Circumventing NAT via UDP hole punching.
From: Harry Behrens <harry () behrens com>
Date: Wed, 22 Feb 2012 16:52:39 +0100
I believe this is exactly what "Symmetric RTP" in the context of SIP-based communication has been doing for years.
Or have I missed something?
Best regards,
Harry
On 22.02.2012 16:36, Adam Behnke wrote:
A new write up at InfoSec Institute on circumventing NAT. The process works in the following way. We assume that both the systems A and B know the IP address of C.a) Both A and B send UDP packets to the host C. As the packets pass through their NAT's, the NAT's rewrite the source IP address to its globally reachable IP address. It may also rewrite the source port number, in which case UDP hole punching would be almost impossible.b) C notes the IP address and port of the incoming requests from A and B. Let the port number for A equal X and the port number for B equal Y.c) C then tells A to send UDP packet to the global IP address of the NAT for B at port Y, and similarly tells B to send UDP packet to the global IP address of the NAT for A at port X.d) The first packets for both A and B get rejected while entering into each other's NAT's. However as the packet passes from the NAT of A to the NAT of B at port Y, NAT A makes note of it and hence punches a hole in its firewall to allow incoming packets from the IP address of the NAT of B, from port Y. The same happens with the NAT of B and it makes a rule to allow incoming packets from the IP address of the NAT of A from port X.e) Now when A and B send packets to each other, these get accepted and hence a P2P connection is established.http://resources.infosecinstitute.com/udp-hole-punching/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Circumventing NAT via UDP hole punching. Adam Behnke (Feb 22)
- Message not available
- Re: Circumventing NAT via UDP hole punching. Dan Dart (Feb 22)
- Re: Circumventing NAT via UDP hole punching. Travis Biehn (Feb 22)
- Re: Circumventing NAT via UDP hole punching. Dan Dart (Feb 22)
- Message not available
- Re: Circumventing NAT via UDP hole punching. Harry Behrens (Feb 22)
- Re: Circumventing NAT via UDP hole punching. Gaurang Pandya (Feb 22)