科技回声

7 条评论

jgeralnik超过 5 年前

The really cool part about this is that the server does not need to know the client's ip address. Instead a new original form of ICMP hole punching is used to allow any client to punch the NAT so that the server can dynamically learn the client ip, and then regular UDP hole punching is used.

评论 #20995248 未加载

noname120超过 5 年前

> This will work behind many NATs and firewalls, but not all.<p>While this is an interesting concept, the hard part in NAT traversal is getting it to work on all the possible NAT types. In particular, I believe that this method doesn't work for symmetric NAT devices[1], which are widespread in corporate environments. It's not a surprise that this idea from 2010 didn't take off, ICE/TURN are still kings.<p>[1] These devices assign a different port for each destination address, and this ICMP method doesn't help predict the port that will be assigned.

评论 #20994282 未加载

评论 #20992637 未加载

armitron超过 5 年前

This is old technique from early 2000 and flawed as others have described. Outgoing ICMP is blocked in every corporate environment I have ever been to and never makes it to the Internet facing gateway.

评论 #20998398 未加载

oriettaxx超过 5 年前

I had a quick test, not working for me many previous comments about this script <a href="https://hn.algolia.com/?q=pwnat" rel="nofollow">https://hn.algolia.com/?q=pwnat</a>

评论 #20994290 未加载

评论 #20993109 未加载

farisjarrah超过 5 年前

So is this a tool or an exploit? Or both? Is this something likely to get patched by the major software/hardware vendors? Would this be a tool that would be safe to use at home if I wanted to connect to a private network on AWS or GCP and did not want to poke a hole through my nat gateway at home?

评论 #20997301 未加载

zerocool2750超过 5 年前

I think you might have a typo in your FAQ.<p>"Does the server have to specify the client host? No!..... The server does need to have any unique prior knowledge about the client. "<p>Should that read, "The server does NOT need to have any unique...." ?

hoppla超过 5 年前

Cool, I used to do this by spoofing udp packets from 3.3.3.3 from the client to the servers public up, but was unreliable due to anti spoofing filter. This way is better

7 条评论

jgeralnik超过 5 年前

评论 #20995248 未加载

noname120超过 5 年前

评论 #20994282 未加载

评论 #20992637 未加载

armitron超过 5 年前

评论 #20998398 未加载

oriettaxx超过 5 年前

I had a quick test, not working for me many previous comments about this script <a href="https://hn.algolia.com/?q=pwnat" rel="nofollow">https://hn.algolia.com/?q=pwnat</a>

评论 #20994290 未加载

评论 #20993109 未加载

farisjarrah超过 5 年前

评论 #20997301 未加载

zerocool2750超过 5 年前

hoppla超过 5 年前

Cool, I used to do this by spoofing udp packets from 3.3.3.3 from the client to the servers public up, but was unreliable due to anti spoofing filter. This way is better

Pwnat – Autonomous Nat Traversal (2010)

7 条评论

Pwnat – Autonomous Nat Traversal (2010)

7 条评论