Creating TCP connection with both computers behind firewalls

Dan Kaminsky has a presentation at a Blackhat conference detailing how two computers could establish TCP connection through the temporary cooperation of a third party.

Dan provides several techniques. One of them:

A connects to B by explictly routing through Z. However, Z pretends to be B and accepts connection on the behalf of B.
Similarly, B connects to A by routing through Z. Z again, pretends to be A and accepts connection on behalf of A.
The firewalls now thinks that A and B have a direct connection to one another. The route is altered so that A and B no longer route through Z.
A and B now have a direct connection to each other

It appears that UltraVNC’s NAT2NAT uses this principle.

Update 7/01/2006: Also see NAT Traversal Techniques

About this entry

You’re currently reading “ Creating TCP connection with both computers behind firewalls ,” an entry on Chui's Counterpoint

Published:: 11.8.05 / 6pm

Category:: General, Thinking IT

No comments

Jump to comment form | comments rss [?] | trackback uri [?]

Have your say

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About

Recently

Categories

.Net (69)
Books (2)
database (21)
django (4)
Engineering notes (18)
Factor (1)
Flex (5)
General (215)
IronPython (5)
Java (41)
javafx (27)
lisp (16)
Marketing (31)
mobile (5)
MS Access (3)
Netbeans (6)
PHP (5)
Popular essays (3)
Python (95)
scheme (12)
seo (3)
Silverlight (15)
SQL Server (11)
Thinking IT (82)
Uncategorized (5)
Virtualization (8)
Web Services (10)
WinRT (1)
WPF (5)