[tor-dev] Flashproxy alpha bundles

Roger Dingledine arma at mit.edu
Thu Dec 13 19:29:42 UTC 2012

On Thu, Dec 13, 2012 at 06:38:03PM +0000, adrelanos wrote:
> Have you considered Hole punching techniques? [1] TCP, UDP, ICMP hole
> punching... There are many techniques. I don't know if the WebSocket
> protocol would prevent it.
> STUN [2] like techniques where a third non-firewalled server helps to
> traversal the NAT. (Only NAT, not used a proxy.)
> pwnat [3] also looks interesting. It doesn't need a third server and
> lets connect two nat'ed machines with each other.

Better nat punching is on the 'future research' list.

The main challenge is that if you're trying to provide a circumvention
system, then relying on a "reliably reachable third party" is exactly
what you can't do.

Whether these various "look, no hands" punching tools and tricks can be
done using only websockets on the remote side is a great question for
somebody to answer.

See also Jake's NAT investigation tech report at

(I'm cc'ing Christian Grothoff, as our resident nat punching expert.)


More information about the tor-dev mailing list