Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to analyze NAT penetration and drilling. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

NAT penetrate / punch holes

Why are you making holes?

Drilling is mainly due to the depletion of IPv4 resources, resulting in operators not allocating an IP for each user. The detailed reasons are too long to explain one by one. Readers can query them themselves, but since reading this article, I believe most of them know why to drill holes and the problems solved by drilling holes.

Conditions for drilling holes

Drilling is a very troublesome thing, different NAT types of drilling methods are not the same, and even can drill holes also depends on the NAT type, so what are the types of NAT? The following four NAT types are briefly described:

Full Cone

After the NAT internal machine An is connected to the external network machine B, the NAT will open a port to communicate with the external network machine B. at this time, the UDP data sent to this port by any host in the external network will reach A, regardless of whether it is sent by B. Host A will use the open port if it needs to communicate with other hosts later.

Restricted Cone

After the NAT internal machine An is connected to the external network machine B, the NAT will open a port to communicate with the external network machine B. in this case, the host B can use any port to communicate with A through the open port, but the data from any port of other hosts will be blocked. Host A will use the open port if it needs to communicate with other hosts later.

Port Restricted Cone

After the NAT internal machine An is connected to the public network machine B, the NAT will open a port to communicate with the external network machine B. in this case, host B can only communicate with host A through the previous port, and no other port can. Data from any port of other hosts will be intercepted. Host A will use the open port if it needs to communicate with other hosts later.

Symmetic

The NAT is similar to Port Restricted Cone, except that if host An after this NAT type needs to communicate with other hosts, it will not use the original port but will open a new port.

Burrowing principle

Suppose B is the server with public network IP,An and C are the hosts behind two different NAT. When An and C need to communicate directly, you need to do the following:

A sends a request to BMageB to record the port and IP of A.

C sends a request to BMageB to record the port and IP of C.

B sends A's port and IP to C, C's port and IP to A

A sends data to the port and IP of C from B, and the data will be rejected by C, but A's NAT device will record that A has communicated with C.

C does the same operation as A, but the difference is that because A's NAT device records the communication between An and C, A's NAT device will not intercept C's data, so C can communicate with A, and because C has also sent data to A, the NAT device of the next A-to-C data will not be intercepted, so An and C can communicate normally, and a drilling process ends.

The above is the general step of drilling, and the above description of NAT types will find that the basic condition for An and C to communicate is that the ports assigned to An and C by NAT devices when An and C communicate with An and C are the same as those assigned when An and B, C and B communicate, so we can see that NAT of Symmetic type does not meet the conditions, that is to say, Symmetic is almost unable to drill holes, while all Cone types can drill holes normally. At the same time, the above operation can be seen in accordance with the most stringent Port Restricted Cone type to make holes, in fact, if it is the other two types of Cone NAT, there is no need to be so troublesome, the specific reasons and processes you can think about. Why is it that Symmetic-type NAT is almost impossible to make holes, but not necessarily impossible to make holes? The reason is that although devices after NAT of Symmetic type will be assigned different ports when communicating with different hosts, it is still possible to successfully connect through port guessing, but the probability is too low and can be ignored, so this type of NAT can be directly ignored. Fortunately, this type of NAT is not common.

NAT type detection

It can be seen that the success of drilling holes is directly related to the type of NAT, so how to determine the type of NAT device? You can judge according to the characteristics of the NAT type, such as the Full Cone type. You only need the master organization of the external network to create two datagrams with different IP ports and send them to the devices behind the NAT. If both of them can be received, they are of the Full Cone type, otherwise they are not. Other types are similar and can be detected in this way.

Safety problem

Because the hole needs to be UDP, and UDP is connectionless, the Datagram of UDP is easy to camouflage, so it is easy to have security problems. For example, if user A forges a Datagram from user B's address and port, the server will reply to user B's address when it replies with a confirmation message. Malicious user A can use this method to DDoS user B, or if user A wants to connect to user C But malicious user B disguises himself as user C, when user A connects to user B incorrectly, and user B can do some operations on user A. Therefore, security issues need to be fully considered when using UDP.

The above is the editor for you to share how to analyze NAT penetration and drilling, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.