Creating TCP connection with both computers behind firewalls

Tuesday, 8 November 2005

Dan Kaminsky has a presentation at a Blackhat conference detailing how two computers could establish TCP connection through the temporary cooperation of a third party.

Dan provides several techniques. One of them:

  • A connects to B by explictly routing through Z. However, Z pretends to be B and accepts connection on the behalf of B.
  • Similarly, B connects to A by routing through Z. Z again, pretends to be A and accepts connection on behalf of A.
  • The firewalls now thinks that A and B have a direct connection to one another. The route is altered so that A and B no longer route through Z.
  • A and B now have a direct connection to each other

It appears that UltraVNC’s NAT2NAT uses this principle.

Update 7/01/2006: Also see NAT Traversal Techniques

The entry 'Creating TCP connection with both computers behind firewalls' was posted on November 8th, 2005 at 6:06 pm and last modified on January 7th, 2006 at 9:43 pm, and is filed under General, Thinking IT. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

« Python LDAP Server Part 2
MSDN Visual Studio .NET Express Free »