Beware: NAT Traversal is a Simple and Efficient Approach to Open Firewall Holes

Authors

  • Elias P. Duarte Jr. Departamento de Informática - Universidade Federal do Paraná (UFPR) http://orcid.org/0000-0002-8916-3302
  • Kleber V. Cardoso Universidade Federal de Goiás (UFG)
  • Micael O.M.C. de Mello Universidade Federal de Goiás (UFG)
  • João G.G. Borges Universidade Federal do Paraná (UFPR)

DOI:

https://doi.org/10.5752/P.2316-9451.2020v8n2p29-41

Keywords:

Network address translation. NAT traversal. Hole punching. Firewall traversal. Network transparency. Security holes.

Abstract

NAT traversal techniques allow processes with private, non-routable IP addresses to communicate with other processes outside the network secured limits. Techniques such as UDP Hole Punching have been standardized by the IETF, and using tunnels based on those techniques it is easy to allow application processes on top of any transport protocol, including TCP, to both start and receive packets from the Internet across NAT devices. However, as a side effect those techniques also freely proceed through firewalls. In this work we describe how it is possible to configure any server running on any port (no firewall configuration required) to establish connections initiated at arbitrary Internet clients, making unauthorized services easily available. We also show that the process is lightweight, in particular after the initial setup is concluded, thus virtually supporting any type of unauthorized applications.

Downloads

Download data is not yet available.

Author Biography

Elias P. Duarte Jr., Departamento de Informática - Universidade Federal do Paraná (UFPR)

Elias P. Duarte Jr. is a Full Professor at Federal University of Parana, Curitiba, Brazil, where he is the leader of the Computer Networks and Distributed Systems Lab (LaRSis). His research interests include Computer Networks and Distributed Systems, their Dependability, Management, and Algorithms. He has published more than 200 peer-reviewer papers and has supervised more than 130 students both on the graduate and undergraduate levels. Prof. Duarte is currently Associate Editor of the IEEE Transactions on Dependable and Secure Computing, and has served as chair of more than 20 conferences and workshops in his fields of interest. He received a Ph.D. degree in Computer Science from Tokyo Institute of Technology, Japan, 1997, M.Sc. degree in Telecommunications from the Polytechnical University of Madrid, Spain, 1991, and both BSc and MSc degrees in Computer Science from Federal University of Minas Gerais, Brazil, 1987 and 1991, respectively. He chaired the Special Interest Group on Fault Tolerant Computing of the Brazilian Computing Society (2005-2007); the Graduate Program in Computer Science of UFPR (2006-2008); and the Brazilian National Laboratory on Computer Networks (2012-2016). He is a member of the Brazilian Computing Society and a Senior Member of the IEEE.

Kleber Vieira Cardoso} is an Associate Professor at FederalUniversity of Goias (UFG), Goiânia, Brazil, where he is the leader of the Computer Networks and Distributed Systems LABORAtory (LABORA). Prof. Kleber received the Ph.D. degree in Electrical Engineering from Federal University of Rio de Janeiro, Rio de Janeiro, 2009, the M.Sc. degree also in Electrical Engineering from Federal University of Rio de Janeiro, Rio de Janeiro, 2002, and the B.Sc. in Computer Sciencefrom Federal University of Goi\'as, Brazil, 1997. He has served as member of TCP and organization committees of several conferences and workshops in his fields of interest. He chaired the Graduate Program in Computer Science of UFG (2011-2013). His research interests include Internet, High-Speed Networks, Performance Evaluation, Wireless Networks, Mobility, and Quality of Service. He is a member of the Brazilian Computer Society.


Micael O. M. C. de Mello received the B.Sc. degree in
Computer Science from Federal University of Goi\'as (UFG), Goi\^ania,
Brazil, in 2012, and is currently a Master student at UFG. Research
interests include High-Speed Networks, Performance Evaluation, Wireless Networks, and Mobility. He is a Student Member of the Brazilian Computer Society.

João G. G. Borges received the B.Sc. and M.Sc. degrees
in Computer Science from Federal University of Parana, Brazil, in 2006
and 2008, respectively. He is currently a TI analyst at the Central Bank
of Brazil in Brasilia. Research interests include Software Engineering,
and Internet Security.

Downloads

Published

2020-11-24

How to Cite

DUARTE JR., Elias P.; CARDOSO, Kleber V.; MELLO, Micael O.M.C. de; BORGES, João G.G. Beware: NAT Traversal is a Simple and Efficient Approach to Open Firewall Holes. Abakós, Belo Horizonte, v. 8, n. 2, p. 29–41, 2020. DOI: 10.5752/P.2316-9451.2020v8n2p29-41. Disponível em: https://periodicos.pucminas.br/abakos/article/view/19643. Acesso em: 27 aug. 2025.

Issue

Vol. 8 No. 2 (2020)

Section

Artigos completos / Full papers

License

I  (we) submit the present work, an original and unpublished manuscript, from my (our) authorship, to Abakós - Magazine of Interdisciplinary Studies on Science and Informatics, and  I (we) agree that the copyright related to this work will become property of  PUC Minas Publisher. No partial or full reproduction is allowed, by any means (printed or electronic), dissociated from Abakós. Any reproduction requires prior written authorization granted by the Editor.

I (we) declare there is no type of interest conflict among the subject theme, author(s), organization(s), institution(s) and person(s).

I (we) recognize that Abakós is licensed under CREATIVE COMMONS:

Licença Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported (CC BY-NC-ND 3.0).