[p2p-hackers] Spoofing source address to tunnel through
address-restricted/symmetric NAT
David Barrett
dbarrett at quinthar.com
Mon Jun 20 08:39:04 UTC 2005
I've heard it's possible to spoof the source address of a UDP packet.
And I know address-restricted and symmetric NATs filter/route inbound
UDP traffic based on source address. Has anyone tried combining these
two to pierce these NATs?
For example, client A uses STUN to find its public IP address on a
symmetric NAT. Normally, only the STUN server would be able to reply
through that NAT port -- any UDP packets arriving at that port from a
source other than the STUN server would be filtered.
However, if other clients were able to spoof the source address of their
UDP packets, then anyone could use the STUN server's NAT port just as if
it were a full-cone NAT. Were clients in a P2P network to voluntarily
publish their STUN port-mappings, and always spoof addresses to be from
there, this could obviate the need for hole-punching and port-scanning
entirely.
With this in mind:
1) How do you spoof UDP source identities?
2) Have you heard of anyone using this for NAT piercing?
3) How good is "the internet" (by which I mean current deployed
hardware) at identifying and blocking spoofed UDP packets?
I see a post from Bryan Ford on the IETF-BEHAVE list describing this
very theoretical possibility
(http://list.sipfoundry.org/archive/ietf-behave/msg00667.html), but I
haven't seen any actual attempts to do this in the real world. Bryan,
have you tried this?
-david
More information about the P2p-hackers
mailing list