[Cryptography] Firewall penetration
Jehan Tremback
jehan.tremback at gmail.com
Wed Feb 1 16:18:26 EST 2017
You might want to look into how WebRTC does it. There are several different
strategies and fallbacks.
-Jehan
On Wed, Feb 1, 2017 at 7:42 AM, Jerry Leichter <leichter at lrw.com> wrote:
> > Suppose a server talks to two clients, which are connected to the
> internet by ordinary consumer type connections. Is their any reliable,
> practical, generally useful way whereby it can arrange for the two clients
> to talk directly to each other, or is it more practical for all data to be
> stored on the server by one client, and then collected by the other client?
> >
> > When last I looked at this issue, direct communication was getting
> harder, and workarounds were like bugs that were likely to be fixed.
> I'm not sure what you're referring to. We are not yet at the point where
> "ordinary consumer connections" can't listen for incoming traffic, nor
> where outgoing traffic to such endpoints is blocked. Yes, there are some
> special cases (mainly for mail, to block spam) but it's not a general
> phenomenon.
>
> There are two common issues. First, "ordinary consumer connections" don't
> have static IP's, so finding your target requires something special. Two
> solutions are common: Dynamic DNS, which follows the varying IP address
> around as it changes; and third-party "rendezvous" sites which come down to
> the same thing, just effectively using a private namespace separate from
> DNS. Some of these "rendezvous" sites may act as proxies, allowing both
> ends to have outbound connections and simply forwarding the traffic onward;
> others pass along the needed information and then let the endpoints connect.
>
> The second issue is consumer-level firewalls. But there are
> commonly-implemented protocols allowing hosts behind the firewall to create
> openings through it.
>
> -- Jerry
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170201/0625d060/attachment.html>
More information about the cryptography
mailing list