[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Circumventing NAT via UDP hole punching.

To: Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Circumventing NAT via UDP hole punching.
From: Gaurang Pandya <gaubrig@xxxxxxxxx>
Date: Wed, 22 Feb 2012 22:45:46 -0800 (PST)

I have used reverse shell in such senarios. A logs in to C, and B logs into C 
with reverse shell. Then A connects reverse shell to B on C. I have used it for 
ssh management, but can also be done using nc relay and ssh tunnel..

Gaurang.



________________________________
 From: Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx 
Sent: Wednesday, February 22, 2012 9:06 PM
Subject: [Full-disclosure] Circumventing NAT via UDP hole punching.
 

A new write up at InfoSec Institute on circumventing NAT.  The process works in 
the following way. We assume that both the systems A and B know the IP address 
of C.
 
a) Both A and B send UDP packets to the host C. As the packets pass through 
their NAT’s, the NAT’s rewrite the source IP address to its globally reachable 
IP address. It may also rewrite the source port number, in which case UDP hole 
punching would be almost impossible.
 
b) C notes the IP address and port of the incoming requests from A and B. Let 
the port number for A equal X and the port number for B equal Y.
 
c) C then tells A to send UDP packet to the global IP address of the NAT for B 
at port Y, and similarly tells B to send UDP packet to the global IP address of 
the NAT for A at port X.
 
d) The first packets for both A and B get rejected while entering into each 
other’s NAT’s. However as the packet passes from the NAT of A to the NAT of B 
at port Y, NAT A makes note of it and hence punches a hole in its firewall to 
allow incoming packets from the IP address of the NAT of B, from port Y. The 
same happens with the NAT of B and it makes a rule to allow incoming packets 
from the IP address of the NAT of A from port X.
 
e) Now when A and B send packets to each other, these get accepted and hence a 
P2P connection is established.
 
http://resources.infosecinstitute.com/udp-hole-punching/
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Circumventing NAT via UDP hole punching.
  - From: Adam Behnke

Prev by Date: Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
Next by Date: Re: [Full-disclosure] Trustwave and Mozilla (Resolved)
Previous by thread: Re: [Full-disclosure] Circumventing NAT via UDP hole punching.
Next by thread: [Full-disclosure] Pros and cons of 'Access-Control-Allow-Origin' header?
Index(es):
- Date
- Thread