[tor-dev] Flashproxy alpha bundles
arma at mit.edu
Thu Dec 13 19:29:42 UTC 2012
On Thu, Dec 13, 2012 at 06:38:03PM +0000, adrelanos wrote:
> Have you considered Hole punching techniques?  TCP, UDP, ICMP hole
> punching... There are many techniques. I don't know if the WebSocket
> protocol would prevent it.
> STUN  like techniques where a third non-firewalled server helps to
> traversal the NAT. (Only NAT, not used a proxy.)
> pwnat  also looks interesting. It doesn't need a third server and
> lets connect two nat'ed machines with each other.
Better nat punching is on the 'future research' list.
The main challenge is that if you're trying to provide a circumvention
system, then relying on a "reliably reachable third party" is exactly
what you can't do.
Whether these various "look, no hands" punching tools and tricks can be
done using only websockets on the remote side is a great question for
somebody to answer.
See also Jake's NAT investigation tech report at
(I'm cc'ing Christian Grothoff, as our resident nat punching expert.)
More information about the tor-dev