[Cryptography] peering through NAT

Christian Huitema huitema at huitema.net
Fri May 10 01:00:00 EDT 2019

On 5/9/2019 1:01 PM, Patrick Chkoreff wrote:

> I've often wondered about that.  A few years ago a networking expert
> showed me a technique where the client program running on your own
> computer sends OUT a packet which lingers on the outside of your network
> interface, awaiting a response.  A remote server can reply to it, and
> your client program sees the response.  It's kind of a dummy packet too,
> with no actual content.  At that point I suppose your client program
> sees the remote IP and can initiate a direct connection to it

NAT traversal has been with us since quite a while. Two variants: the
UPNP/IGP or PMP kind, in which a devices inside the network talks to the
local router and opens a port; and the "implicit" one, pioneered for
video games by Dan Kegel at Activision. The technique was standardized
by the IETF in STUN (RFC 5389, 2003). The basic idea is to reverse
engineer how the NAT works with the help of a server behind the NAT, and
"punch a hole". These techniques are widely used by video games, voice
and video over IP, and other P2P systems.

-- Christian Huitema

More information about the cryptography mailing list