[p2p-hackers] UDP Hole Punching through Symmetric NATs
David Barrett
dbarrett at quinthar.com
Wed Jun 15 22:10:17 UTC 2005
Sean C. Rhea wrote:
>
> Not a lot of data, but some. (Probably not what you're looking for, but
> just in case.)
>
> http://www.cs.cornell.edu/People/francis/nutss-fdna.pdf
It looks like the key lesson there is that most symmetric NATS use
sequential port assignments, simplifying port-prediction significantly.
However, this only works if the latency between STUN discovery and
session initialization is low, or if the NAT has low load.
So I guess a followup question is:
1) When predicting symmetric UDP ports, how far "ahead" do you probe
past the NAT port pierced by the STUN server? It seems like the longer
duration that has elapsed between the STUN execution, and the higher the
load on the NAT, the further ahead you need to scan. But in reality, is
this like 5-10? Or 50-100? Or 500-1000 ports? Do you do them
sequentially, or in parallel?
2) At one point will routers and firewalls start classifying your
port-prediction as a general port-scan and block you out entirely as a
would-be hacker?
-david
More information about the P2p-hackers
mailing list