[tor-dev] Flashproxy alpha bundles

adrelanos adrelanos at riseup.net
Thu Dec 13 20:14:19 UTC 2012

Roger Dingledine:
> On Thu, Dec 13, 2012 at 06:38:03PM +0000, adrelanos wrote:
>> Have you considered Hole punching techniques? [1] TCP, UDP, ICMP hole
>> punching... There are many techniques. I don't know if the WebSocket
>> protocol would prevent it.
>> STUN [2] like techniques where a third non-firewalled server helps to
>> traversal the NAT. (Only NAT, not used a proxy.)
>> pwnat [3] also looks interesting. It doesn't need a third server and
>> lets connect two nat'ed machines with each other.
> Better nat punching is on the 'future research' list.
> The main challenge is that if you're trying to provide a circumvention
> system, then relying on a "reliably reachable third party" is exactly
> what you can't do.

I agree, the report you linked below gives indeed good reasons against.

> Whether these various "look, no hands" punching tools and tricks can be
> done using only websockets on the remote side is a great question for
> somebody to answer.

I copied the relevant parts about pwnat from the report you linked below
and tried to rephrase it to talk only about pwnat.

> We consider pwnat to be out of scope at this time due because it
requires specialized client software to access services offered behind a
NAT device. The technique implemented by pwnat is much more attractive.
It is generally friendly to privacy and does not rely on NAT router

Is "requires specialized client software" is really a blocker? UPnP and
NAT–PMP are also "requires specialized third party libraries".

> See also Jake's NAT investigation tech report at
> http://research.torproject.org/techreports.html

Great reading!

More information about the tor-dev mailing list