[Full-disclosure] Circumventing NAT via UDP hole punching.
harry at behrens.com
Wed Feb 22 15:52:39 GMT 2012
I believe this is exactly what "Symmetric RTP" in the context of
SIP-based communication has been doing for years.
Or have I missed something?
On 22.02.2012 16:36, Adam Behnke wrote:
> A new write up at InfoSec Institute on circumventing NAT. The process
> works in the following way. We assume that both the systems A and B
> know the IP address of C.
> a) Both A and B send UDP packets to the host C. As the packets pass
> through their NAT's, the NAT's rewrite the source IP address to its
> globally reachable IP address. It may also rewrite the source port
> number, in which case UDP hole punching would be almost impossible.
> b) C notes the IP address and port of the incoming requests from A and
> B. Let the port number for A equal X and the port number for B equal Y.
> c) C then tells A to send UDP packet to the global IP address of the
> NAT for B at port Y, and similarly tells B to send UDP packet to the
> global IP address of the NAT for A at port X.
> d) The first packets for both A and B get rejected while entering into
> each other's NAT's. However as the packet passes from the NAT of A to
> the NAT of B at port Y, NAT A makes note of it and hence punches a
> hole in its firewall to allow incoming packets from the IP address of
> the NAT of B, from port Y. The same happens with the NAT of B and it
> makes a rule to allow incoming packets from the IP address of the NAT
> of A from port X.
> e) Now when A and B send packets to each other, these get accepted and
> hence a P2P connection is established.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.