[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Circumventing NAT via UDP hole punching.

To: Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Circumventing NAT via UDP hole punching.
From: Harry Behrens <harry@xxxxxxxxxxx>
Date: Wed, 22 Feb 2012 16:52:39 +0100

I believe this is exactly what "Symmetric RTP" in the context ofSIP-based communication has been doing for years.


Or have I missed something?

Best regards,

    Harry

On 22.02.2012 16:36, Adam Behnke wrote:

A new write up at InfoSec Institute on circumventing NAT. The processworks in the following way. We assume that both the systems A and Bknow the IP address of C.
a) Both A and B send UDP packets to the host C. As the packets passthrough their NAT's, the NAT's rewrite the source IP address to itsglobally reachable IP address. It may also rewrite the source portnumber, in which case UDP hole punching would be almost impossible.
b) C notes the IP address and port of the incoming requests from A andB. Let the port number for A equal X and the port number for B equal Y.
c) C then tells A to send UDP packet to the global IP address of theNAT for B at port Y, and similarly tells B to send UDP packet to theglobal IP address of the NAT for A at port X.
d) The first packets for both A and B get rejected while entering intoeach other's NAT's. However as the packet passes from the NAT of A tothe NAT of B at port Y, NAT A makes note of it and hence punches ahole in its firewall to allow incoming packets from the IP address ofthe NAT of B, from port Y. The same happens with the NAT of B and itmakes a rule to allow incoming packets from the IP address of the NATof A from port X.
e) Now when A and B send packets to each other, these get accepted andhence a P2P connection is established.
http://resources.infosecinstitute.com/udp-hole-punching/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Circumventing NAT via UDP hole punching.
  - From: Adam Behnke

Prev by Date: [Full-disclosure] TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability
Next by Date: [Full-disclosure] iOS 5 passcode bypass flaw reported
Previous by thread: Re: [Full-disclosure] Circumventing NAT via UDP hole punching.
Next by thread: Re: [Full-disclosure] Circumventing NAT via UDP hole punching.
Index(es):
- Date
- Thread