基于STUNT的TCP穿越NAT技术研究
首发时间:2009-02-09
摘要:NAT(Network Address Translation)技术已经被广泛应用,得到了多数防火墙/网关设备的支持。但目前穿越NAT的方法都是大多是基于UDP来实现的。而TCP由于连接的建立需要经过三次握手并且存在状态转换,相比UDP在穿越NAT时存在更大的困难。本文首先研究了NAT技术的基本原理以及分类方法,并对目前基于UDP穿越NAT 技术的实现方法以及TCP 穿越 NAT遇到的困难进行了分析。之后基于STUNT协议提出了一种TCP 穿越NAT的方案,这个方案主要是利用发送一个低生命周期的信号来引发本地NAT返回一个ICMP错误消息,以获得TCP连接序号等信息,然后利用这些信息来伪造一个TCP 连接的方法来实现穿越的。在本文的最后我们部署并测试了这一方案,证实了其可行性。
For information in English, please click here
TCP NAT-Traversal based on STUNT
Abstract:NAT(Network Address Translation) is becoming increasingly prevalent, and supported by many firewall devices. Now most solution implement base on UDP. Unfortunately, compared to UDP, establishing TCP connection is more complicated. Because TCP need a three-way handshake to establish a connection. This paper investigate the rationale and taxonomy of NAT, analyzes the current methods used for UDP Traversal, proposes and implements a TCP Traversal solution based on STUNT. This solution first send a low TTL SYN to get a ICMP error message from local NAT. then fake a TCP connection use the TCP sequence number and other information from that ICMP message. At last,we implement and test this solution. Prove it is feasible.
基金:
论文图表:
引用
No.2861032259712341****
同行评议
勘误表
基于STUNT的TCP穿越NAT技术研究
评论
全部评论0/1000