[Cryptography] UpNP, or peering through NAT

John Levine johnl at iecc.com
Thu May 9 15:35:10 EDT 2019


In article <62fb7735-0a04-b555-e37d-a6a662e12b25 at echeque.com> you write:
>NAT makes it hard to contact a computer behind nat, but Bitcoin core has 
>no problems with most nats, even when behind multiple levels of nats.
>
>It does something to tell the nat to direct incoming messages on port 
>8333 to it, without the end user usually needing to manually set up port 
>forwarding.
>
>What is the protocol to tell a nat to forward incoming messages?

It's part of Universal Plug and Play, UPnP, which was invented by
Microsoft but is now ISO/IEC 29341 and is implemented in most SOHO
routers.

It is a famous security disaster for a variety of reasons.  Needless
to say, if relatively benign Bitcoin software can poke a hole in the
firewall and set up a port forward, so can botnet malware.  I turn it
off in all my routers. if I want port forwards, I configure them
manually.

>What happens if there are two machines both running bitcoin core behind 
>the nat?

I believe that one wins and one loses.

R's,
John


More information about the cryptography mailing list