DOCSLIB.ORG

An Empirical Investigation Into Peer-To-Peer Network Address Translation (NAT) by Using Internet Protocol Version 4 & 6

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Empirical Investigation Into Peer-To-Peer Network Address Translation (NAT) by Using Internet Protocol Version 4 & 6 Cyber Journals: Multidisciplinary Journals in Science and Technology, Journal of Selected Areas in Telecommunications (JSAT), October Edition, 2011 An Empirical Investigation into Peer-to-Peer Network Address Translation (NAT) by using Internet Protocol Version 4 & 6 MOHAMMAD SADEGHPOUR NAZARI Faculty of Arts, Computing, Engineering and Sciences, Sheffield Hallam University, Sheffield, UK [email protected] Abstract - Although Internet Protocol version 6 (IPv6) rectified Different scaling options such as CIDR (Classless Inter the valid IPv4 shortage, Network Address Translation (NAT) was Domain Routing) and VLSM (Variable Length Subnet Mask) deployed to decrease overwhelming demand for registered IPv4 have been implemented to make IP addresses as usable as addresses. possible. However, by increasing the request for the public IP By using NAT in both client / server and Peer-to-Peer networks, address, the number of available IP addresses is reduced. many problems which effect the rate of data downloading and uploading for users such as network overhead and packet To rectify this problem, two different techniques were discarding were encountered; however, the effecting rate of each deployed. The first method was a next-generation IP address problem relates to the use of TCP and UDP ports. definition, called “IP version 6” (IPv6). This version of IP There are many different methods which are used to rectify P2P address has 128 bits and 2 128 addresses are available for all the NAT problems. One of the best and most basic methods used in users in the world. The second technique, which was defined P2P NAT is Hole Punching. This technique, which has been to slow the depletion of IPv4 addressing, was address discussed in this article, allows clients in private networks to translation. [2] connect together by using TCP and UDP ports. During the next few years, although due to the explosion in use of I.2) Internet Protocol Version 6 IPv6 the request for NAT will decrease, address translation will still be needed by many clients, who use IPv4. Therefore, a new The Internet Protocol Version 6 (IPv6) is defined by RFC protocol, which is called Network Address Translation - Protocol 2460. According to Cisco Networking Academy (2010), by 38 Translation (NAT-PT), is necessary to translate the packet’s using IPv6, 3.4 x 10 usable IP addresses can be allocated to header from IPv4 to IPv6. Replacing IPv4 by IPv6 has the hosts. [3] There are many advantages for deploying IPv6. intensified these problems for the clients and ISPs; hence IPv6 Global reach ability and flexibility; aggregation; auto has not been very popular so far. configuration; end-to-end connection without address The main objectives of this paper is aimed to analyze the NAT translation; renumbering; routing efficiency; no broadcasts; issues as throughput and overhead of the network via using and no checksums are the most important benefits of using different analyzers such as Network Observer by investigating IPv6. into Peer - to - Peer NAT [Protocol Translation] when TCP/UDP ports and IPv4/6 are used. These later results are an important step for research in this field; I.3) Peer-to-Peer Networks However, they also clearly highlight the existing lack of Peer to Peer technology (P2P) is an emerging paradigm that is information in this domain. now viewed as a potential technology to redesign distributed architectures." [4] Keywords : P2P NAT, TCP/UDP Hole Punching Algorithm, One of the most important issues in Peer-to-Peer networks is NAT-PT connecting two or more PCs which are in different networks and have private IP addresses. For connecting these two I. Introduction nodes together and making a Peer-to-Peer network, address I.1) IPv4 Addressing translation is needed. NAT in Peer-to-Peer networks causes The IP address is one of the basic requirements for any device, well-known difficulties, because in P2P NAT the destination which connects to any network. Traditionally, each IP address may not be reachable at any globally valid IP address. has 32 bits and is divided into 4 octets. [1] The Regional Internet Registry (RIR) has defined two different kinds of I.4) Network Address Translation (NAT) IPv4 address: public and private. Public IP addresses are NAT is a process of addresses manipulation in the header of routable, unique and known to all internet users; whilst private packets and is defined by RFC 1631. [4] It is used to translate IP addresses are not permitted to be routed through the private IP addresses to public IP addresses, which are routable internet and organisations and private users can use them as through the internet and vice versa. It is usually used on the much as they need. border of networks, especially “stub networks” (Figure 1). 9 I.5) User Datagram Protocol (UDP) UDP is the simplest protocol and is the only connectionless and unreliable protocol in this layer, which runs up to 40% faster than TCP . [8] It is defined by RFC 768 and has different characteristics such as: No reliability mechanism, No delivery guarantees and No buffering services. I.6) Transmission Control Protocol (TCP) TCP, which is defined by RFC 793, is the most important Figure 1: Schematic showing different NAT names. protocol in the transport layer and serves as the intermediary between application layer programs and network layer processes. [8] An overview of TCP shows that it is a There are three different types of address translation mapping connection-oriented service which has error recovery, on networks. They include: sequencing, end-to-end reliability and flexibility. [9] 1- Static NAT 2- Dynamic NAT I.7) Network Address Translation - Protocol Translation 3- Overloaded NAT (PAT) (NAT-PT) NAT-PT, which is defined by RFC 2765 & 2766, is used to Many different techniques are used to implement P2P NAT establish a connection between IPv4 and IPv6 devices by and to rectify its problems. According to Hu (2005), UPnP translation of IPv4 packet’s header to IPv6 and vice versa. (Universal Plug and Play), STUN (Simple Traversal UDP [10] through Network Address Translation), ALG (Application Level Gateway) and UDP/TCP, Hole Punching is the basic I.8) Synchronisation of NAT with Transport Layer Protocols technique used for Peer-to-Peer NAT. [6] The Hole Punching (Discussion) is widely used in both UDP- and TCP-based applications. Although NAT conserves registered IP addresses and This method is introduced by RFC 3027 and is one of the increases the flexibility and reliability of connection to public simplest methods to make an end-to-end TCP or UDP reliable networks, it loses end-to-end traceability. It, also, supports session between two nodes. [7] (Figure 2) TCP and UDP traffic, which do not carry the IP addresses of sources and destinations. [4] In addition, that it increases the delay between sending and receiving packets, because the router CPU must check the header of each packet and decide whether it has to be translated or not. Therefore, the TTL (Time-to-Live) of some packets, which use TCP or UDP ports, might fall to zero, resulting in the packet being dropped. [11] Ruffi (2006) also believes that this might happen when the connection and translation slots are in idle time. According to him, “the idle times for translation slots in TCP connections are freed approximately every 60 seconds”. After this time, the connection is closed and the packet will be dropped. Blechschmidt (2005) believes that sometimes in P2P Figure 2: Hole Punching peer behind different NATs. networks, the NAT traverse sends unrequested data to the NAT gateway through the UDP port. These packets are UDP and TCP Hole Punching are two different methods of dropped by the firewall or NAT gateway. [12] However, this Hole Punching algorithm. However, although TCP Hole matter does not occur in the ports that use TCP protocol, Punching is more reliable, the UDP Hole Punching method is because before using the TCP protocol a request must be sent faster in sending and receiving data; easier to implement; and to the data sender. Any requests sent through the TCP causes less congestion on the network. Therefore, most of the protocol, which uses three-way handshakes, should be P2P networks that need a greater data transfer speed use UDP received by another peer and then the connection is Hole Punching. established. Therefore, the overhead of the network using TCP ports is more than that using UDP ports. As mentioned earlier, in all kinds of P2P Address Translation According to Ford et al. (2005), by using UDP port in Hole the transport layer protocols have a very important role. Punching Algorithm, the connection becomes unreliable, Therefore, understanding the function of TCP and UDP ports because after 20 seconds the UDP port reverts to idle time and and applications in P2P NAT is vital. the traffic is blocked. Therefore, if the application which uses UDP ports wants to be in an active state, it should send a periodic “keep-alive” message to guarantee that the relevant 10 translation state in the NATs does not disappear. of each private network, to translate the private IP address to Unfortunately this method provides an excessive amount of the Public IP address and vice versa. keep-alive traffic and is another cause of congestion in the network. Guha and Francis (2005) believe that in TCP Hole Punching, both endpoints initiate a connection by sending SYN packets. If, when the SYN packets are delivered, both endpoints respond with SYN ACK packets, a connection is established. [13] According to Hong et al. (2003), using IPv6 as the back bone of the network is more effective than using IPv4. [10] They believe that deploying IPv6 in the access layer, in which some nodes may still use IPv4, is one reason why packet process speed falls.
Load more

Recommended publications
  • Traversing NAT: a Problem
    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Spring 3-2021 Traversing NAT: A Problem Tyler Flaagan Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Information Security Commons, OS and Networks Commons, and the Systems Architecture Commons Recommended Citation Flaagan, Tyler, "Traversing NAT: A Problem" (2021). Masters Theses & Doctoral Dissertations. 365. https://scholar.dsu.edu/theses/365 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. Traversing NAT: A Problem A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Operations March 2021 By Tyler Flaagan Dissertation Committee: Dr. Kyle L. Cronin Dr. Michael J. Ham Dr. Mark L. Hawkes DocuSign Envelope ID: 8BDB3DA0-604E-4AB7-9BFE-F25909CF4FC0 DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Tyler Flaagan Dissertation Title: Traversing NAT: A Problem
    [Show full text]
  • Cablelabs® Ipv6 Roadmap Requirements Document CM-GL
    CableLabs® IPv6 Roadmap Requirements Document CM-GL-IPv6-REQ-V01-120831 ISSUED Notice This CableLabs Requirements document is the result of a cooperative effort undertaken at the direction of Cable Television Laboratories, Inc. for the benefit of the cable industry and its customers. This document may contain references to other documents not owned or controlled by CableLabs. Use and understanding of this document may require access to such other documents. Designing, manufacturing, distributing, using, selling, or servicing products, or providing services, based on this document may require intellectual property licenses from third parties for technology referenced in this document. Neither CableLabs, nor any other entity participating in the creation of this document, is responsible for any liability of any nature whatsoever resulting from or arising out of use or reliance upon this document by any party. This document is furnished on an AS-IS basis and neither CableLabs, nor other participating entity, provides any representation or warranty, express or implied, regarding its accuracy, completeness, or fitness for a particular purpose. Distribution of this document is restricted pursuant to the terms of separate access agreements negotiated with each of the parties to whom this document has been furnished. Cable Television Laboratories, Inc., 2012 Confidential CM-GL-IPv6-REQ-V01-120831 CableLabs® CAUTION This document contains proprietary, confidential information that is the exclusive property of CableLabs®. If you do not have a valid agreement with CableLabs for the use of this document, or have not signed a non-disclosure agreement with CableLabs, then you received this document in an unauthorized manner and are not legally entitled to possess or read it.
    [Show full text]
  • Peer-To-Peer Communication Across Network Address Translators
    Peer-to-Peer Communication Across Network Address Translators Bryan Ford Pyda Srisuresh Massachusetts Institute of Technology Caymas Systems, Inc. [email protected] [email protected] Dan Kegel [email protected] J'fais des trous, des petits trous: : : toujours des petits trous - S. Gainsbourg Abstract Network Address Translation (NAT) causes well-known difficulties for peer-to-peer (P2P) communication, since the peers involved may not be reachable at any globally valid IP address. Several NAT traversal techniques are known, but their documentation is slim, and data about their robustness or relative merits is slimmer. This paper documents and analyzes one of the simplest but most ro- bust and practical NAT traversal techniques, commonly known as “hole punching.” Hole punching is moderately well-understood for UDP communication, but we show how it can be reliably used to set up peer-to-peer TCP streams as well. After gathering data on the reliability of this technique on a wide variety of deployed NATs, we find that about 82% of the NATs tested support hole punching for UDP, and about 64% support hole punching for TCP streams. As NAT vendors become increasingly Figure 1: Public and private IP address domains conscious of the needs of important P2P applications such as Voice over IP and online gaming protocols, support for hole punching is likely to increase in the future. can be easily contacted from anywhere in the network, because only they have unique, globally routable IP ad- 1 Introduction dresses. Nodes on private networks can connect to other The combined pressures of tremendous growth and mas- nodes on the same private network, and they can usually sive security challenges have forced the Internet to evolve open TCP or UDP connections to “well-known” nodes in ways that make life difficult for many applications.
    [Show full text]
  • ICMP Hole Punching, TCP Hole Punching, UDP Hole Punching
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP Hole Punching Ms. Pooja Pemare ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract— Hole punching (or in some cases punch-through) two customers shows the culmination of an opening is a strategy in PC organizing for setting up an immediate punching strategy. association between two gatherings in which one or both are behind firewalls or behind switches that utilization of Examples of Hole punching: network address translation (NAT). To punch an opening, every customer associate with an unlimited outsider server VoIP products, online gaming applications, and P2P that incidentally stores outer and inner location and port networking software all use hole punching. data for every customer. The server at that point transfers every customer's data to the next, and utilizing that data Telephony programming Skype utilizes every customer attempt to build up direct association; opening punching to permit clients to because of the associations utilizing legitimate port speak with at least one clients discernibly. numbers, prohibitive firewalls or switches acknowledge and Fast-paced online multi-player games may forward the approaching parcels on each side. utilize an opening punching method or Hole punching does not require any learning of the system or expect clients to make a lasting firewall network topology to work. ICMP hole punching, UDP hole pinhole so as to diminish arrange idleness. punching and TCP hole punching separately use Internet VPN application Hamachi or Zerotier uses Control Message, User Datagram and Transmission Control gap punching to permit clients to associate Protocols.
    [Show full text]
  • Machine Communication at Resato
    University of Groningen Integration Project Machine communication at Resato Supervisors: Author: 1st supervisor: Dr. ir. A.A. Geertsema Sanne van Kasteel 2nd supervisor: Dr. A.J. Bosch Company supervisor: R.J. Boer Bachelor Thesis Industrial Engineering & Management July 2, 2018 UNIVERSITY OF GRONINGEN Abstract Faculty of Science and Engineering Industrial Engineering & Management Machine communication at Resato by Sanne van Kasteel With the modern technology, many companies use data to predict and anticipate on events. This data has to be transported from one point to another in order to use it. Everything can be connected through the Internet of Things, but the connection is not always easily made due to security in compa- nies, such as a firewall. In order to let the connection run smoothly, methods are developed to bypass the firewall constructions and securely transport the data from one company to another. Resato International BV is a company that develops high pressure and waterjet technology. Resato has machines at customers all over the world but has problems with connecting to those machines. Methods for bypassing the firewall are necessary to allow for an easier connection to these machines. In this research, several methods are evaluated and ranked according to the requirements of Resato. One of the methods is tested to gain insight into the method and provide an example of implementa- tion. This method, STUN, provides the client with an open port and its IP address. From the tests, STUN is capable of communication in most situations. For the cases that STUN is inadequate, the advice for combining methods is given.
    [Show full text]
  • NAT Traversal Techniques and UDP Keep-Alive Interval Optimization
    NAT Traversal Techniques and UDP Keep-Alive Interval Optimization by Christopher Daniel Widmer Bachelor of Science Computer Science Florida Institute of Technology 2009 A thesis submitted to Florida Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Software Engineering Melbourne, Florida July, 2015 c Copyright 2015 Christopher Daniel Widmer All Rights Reserved The author grants permission to make single copies We the undersigned committee hereby recommend that the attached document be accepted as fulfilling in part the requirements for the degree of Master of Science in Software Engineering. \NAT Traversal Techniques and UDP Keep-Alive Interval Optimization" a thesis by Christopher Daniel Widmer Marius C. Silaghi, Ph.D. Associate Professor, Computer Sciences and Cybersecurity Major Advisor Ronaldo Menezes, Ph.D. Associate Professor, Computer Sciences and Cybersecurity Committee Member Syed Murshid, Ph.D. Professor, Electrical and Computer Engineering Committee Member Joerg Denzinger, Ph.D. (University of Calgary) Associate Professor, Computer Sciences Committee Member Richard Newman, Ph.D. Professor and Program Chair, Computer Sciences and Cybersecurity ABSTRACT NAT Traversal Techniques and UDP Keep-Alive Interval Optimization by Christopher Daniel Widmer Thesis Advisor: Marius C. Silaghi, Ph.D. NAT traversal presents a challenge to Peer to Peer (P2P) applications, as in many instances a third party is needed to help initiate communication be- tween two hosts when one is behind one
    [Show full text]
  • A Brief Review on Nat Traversals in Cyber Security Networks
    JOURNAL OF CRITICAL REVIEWS ISSN- 2394-5125 VOL 7, ISSUE 6, 2020 A BRIEF REVIEW ON NAT TRAVERSALS IN CYBER SECURITY NETWORKS Dr.N. Kalyana Sundaram1*, T. Prabahar Godwin James2, K.E. Lakshmiprabha3, M. Anand4, Dr.M. Anbarasan5 1*Assistant Professor, Department of Computer Science and Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai, India. 2Associate Professor, Department of Computer Science and Engineering, Sri Sairam Institute of Technology, Chennai, Tamilnadu, India. E-mail: [email protected] 3Associate Professor, Department of Electrical and Electronics Engineering, Karpaga vinayaga College of Engineering and Technology, Tamilnadu, India. 4Assistant Professor(Sr.G), Department of Computer Science and Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai, India. 5Associate Professor, Department of Computer Science and Engineering, Sri Sairam Institute of Technology, Chennai, Tamilnadu, India. Received: 05.03.2020 Revised: 01.04.2020 Accepted: 25.04.2020 ABSTRACT: Nowadays Cyber security is one of the most competent and inevitable field in the world. Cyber Security is filled with both cyber cases and criminal cases in every part of the world. Most of the cases were solved by the cyber law and IT act. In this paper, we introduce the Network Allocation Translation (NAT) in cyber networks. Network Allocation Translation is the technique where the public IP address is assigned to a computer by a system device. There are various NAT techniques are used in cyber security. One of them is NAT traversals. NAT Traversal is also known as UDP encapsulation which allows traffic to get to specified destination when a device does not have a public address.
    [Show full text]
  • Punching Holes in the Cloud: Direct Communication Between Serverless Functions Using NAT Traversal
    Punching Holes in the Cloud: Direct Communication between Serverless Functions Using NAT Traversal Daniel Moyer Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the degree of Master of Science in Computer Science and Applications Dimitrios S. Nikolopoulos, Chair Godmar V. Back Ali R. Butt May 5, 2021 Blacksburg, Virginia Keywords: Serverless computing, AWS Lambda, NAT traversal, TCP hole punching, communication framework Copyright 2021, Daniel Moyer Punching Holes in the Cloud: Direct Communication between Server- less Functions Using NAT Traversal Daniel Moyer (ABSTRACT) A growing use for serverless computing is large parallel data processing applications that take advantage of its on-demand scalability. Because individual serverless compute nodes, which are called functions, run in isolated containers, a major challenge with this paradigm is transferring temporary computation data between functions. Previous works have performed inter-function communication using object storage, which is slow, or in-memory databases, which are expensive. We evaluate the use of direct network connections between functions to overcome these limitations. Although function containers block incoming connections, we are able to bypass this restriction using standard NAT traversal techniques. By using an external server, we implement TCP hole punching to establish direct TCP connections between functions. In addition, we develop a communications framework to manage NAT traversal and data flow for applications using direct network connections. We evaluate this framework with a reduce-by-key application compared to an equivalent version that uses object storage for communication. For a job with 100+ functions, our TCP implementation runs 4.7 times faster at almost half the cost.
    [Show full text]
  • Network Address Translation
    Network address translation “NAT” redirects here. For other uses, see Nat. As network address translation modifies the IP address in- formation in packets, it has serious consequences on the quality of Internet connectivity and requires careful at- In computer networking, network address translation (NAT) provides a method[1] of modifying network ad- tention to the details of its implementation. NAT imple- mentations vary widely in their specific behavior in vari- dress information in Internet Protocol (IP) datagram packet headers while they are in transit across a traf- ous addressing cases and in their effect on network traffic. Vendors of equipment containing implementations do not fic routing device for the purpose of remapping one [2] IP address space into another. The term NAT44 is commonly document the specifics of NAT behavior. sometimes used to more specifically indicate mapping between two IPv4 addresses; this is the typical case while IPv4 carries the majority of traffic on the Inter- 1 Basic NAT net. NAT64 refers to the mapping of an IPv4 address to an IPv6 address, or vice versa. The simplest type of NAT provides a one-to-one transla- Network administrators originally used network address tion of IP addresses. RFC 2663 refers to this type of NAT translation to map every address of one address space to a as basic NAT; it is often also called a one-to-one NAT. corresponding address in another space, such as when an In this type of NAT, only the IP addresses, IP header organization changed Internet service providers without checksum and any higher level checksums that include having a facility to announce a public route to the net- the IP address are changed.
    [Show full text]
  • Peer-To-Peer Networks 16 Hole Punching
    Peer-to-Peer Networks 16 Hole Punching Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networks NAT, PAT & Firewalls 2 Network Address Translation § Problem - too few (e.g. one) IP addresses for too many hosts in a local network - hide hosts IP addresses from the outer world § Basic NAT (Static NAT) - replace internal IP by an external IP § Hiding NAT - = PAT (Port Address Translation) - = NAPT (Network Address Port Translation) - Socket pair (IP address and port number) are transformed - to a single outside IP address § Hosts in local network cannot be addressed from outside 3 DHCP Dynamic Host Configuration Protocol § DHCP (Dynamic Host Configuration Protocol) - manual binding of MAC address • e.g. for servers - automatic mapping • fixed, yet not pre-configured - dynamic mapping • addresses may be reused § Integration of new hosts without configuration - hosts fetches IP address from DHCP server - sever assigns address dynamically - when the hosts leaves the network the IP address may be reused by other hosts - for dynamic mapping addresses must be refreshed - if a hosts tries to reuse an outdated address the DHCP server denies this request - problem: stealing of IP addresses § P2P - DHCP is good for anonymity • if the DHCP is safe - DHCP is bad for contacting peers in local networks 4 Firewalls § Types of Firewalls § Methods - Host Firewall - Packet Filter - Network Firewall • blocks ports and IP addresses § Network Firewall - Content Filter • filters spam mails, viruses, - differentiates between ActiveX, JavaScript from html • external net pages - Internet, hostile - Proxy • internal net • transparent (accessible and - LAN, trustworthy visible) hots • demilitarized zone • channels the communication - servers reachable from the and attacks to secured hosts external net - Stateful Inspection § Host Firewall • observation of the state of a connection - e.g.
    [Show full text]
  • NAT Traversal Is a Simple and Efficient Approach to Open Firewall
    Beware: NAT Traversal is a Simple and Efficient Approach to Open Firewall Holes∗ Cuidado: Travessia de NAT é uma Abordagem Simples e Eficiente Para Abrir Buracos em Firewall Elias P. Duarte Jr.1 Kleber V. Cardoso2 Micael O. M. C. de Mello3 João G. G. Borges4 Resumo As técnicas de travessia de NAT permitem que processos com endereços IP privados não roteáveis se comuniquem com outros processos fora dos limites de segurança da rede. Téc- nicas como UDP Hole Punching foram padronizadas pelo IETF e, usando túneis baseados nessas técnicas, é fácil permitir que processos de aplicativos em cima de qualquer protocolo de transporte, incluindo TCP, iniciem e recebam pacotes da Internet através de dispositi- vos NAT. No entanto, como efeito colateral, essas técnicas também passam livremente por firewalls. Neste trabalho, descrevemos como é possível configurar qualquer servidor ro- dando em qualquer porta (sem nenhuma configuração especial de firewall) para estabelecer conexões iniciadas em clientes de Internet arbitrários, tornando serviços não autorizados facilmente disponíveis. Mostramos também que o processo é leve, principalmente depois de concluída a configuração inicial, suportando virtualmente qualquer tipo de aplicativo não autorizado. Palavras-chave: Tradução de endereço da rede. Travessia de NAT. Perfuração (de firewall). Travessia de firewall. Transparência de rede. Falhas de segurança. ∗submetido em 05/03/2019 e aceito em 07/08/2020. 1Professor do Departamento de Informática (DInf) da Universidade Federal do Paraná (UFPR), Brasil– [email protected]
    [Show full text]
  • Analysis and Control of Middleboxes in the Internet
    Network Architectures and Services Dissertation NET 2013-07-1 Analysis and Control of Middleboxes in the Internet Andreas Müller Network Architectures and Services Department of Computer Science Technische Universität München TECHNISCHE UNIVERSITAT¨ MUNCHEN¨ Institut fur¨ Informatik Lehrstuhl fur¨ Netzarchitekturen und Netzdienste Analysis and Control of Middleboxes in the Internet Andreas Muller¨ Vollst¨andiger Abdruck der von der Fakult¨at fur¨ Informatik der Technischen Universit¨at Munchen¨ zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. Hans-Arno Jacobsen Prufer¨ der Dissertation: 1. Univ.-Prof. Dr.-Ing. Georg Carle 2. Prof. Dr. Ernst W. Biersack (Institut Eur´ecom,Sophia Antipolis, Frankreich) Die Dissertation wurde am 18.12.2012 bei der Technischen Universit¨at Munchen¨ ein- gereicht und durch die Fakult¨at fur¨ Informatik am 26.04.2013 angenommen. Cataloging-in-Publication Data Andreas Muller¨ Analysis and Control of Middleboxes in the Internet Dissertation, July 2013 Network Architectures and Services, Department of Computer Science Technische Universit¨at Munchen¨ ISBN 3-937201-35-1 ISSN 1868-2634 (print) ISSN 1868-2642 (electronic) DOI 10.2313/NET-2013-07-1 Network Architectures and Services NET 2013-07-01 Series Editor: Georg Carle, Technische Universit¨at Munchen,¨ Germany c 2013, Technische Universit¨at Munchen,¨ Germany ABSTRACT With the growing size and complexity of the Internet several types of middleboxes have been introduced to the network in order to solve a number of urgent problems. Net- work Address Translation devices fight against the Internet address depletion problem, caches and proxies help to efficiently distribute content and firewalls protect networks from potential attackers.
    [Show full text]