I am developing a P2P application that will make use of UDP hole punch to connect two peers behind NAT.
When dealing with connections between a cone and a symmetric, unpredictable NATs, however, hole punching is not as trivial as it could be with connections between cone NATs. The only way I found to do that is to just try as hard as I can until I manage to find a correct port.
My strategy works as follows:
- Open a large number of ports on the symmetric side, and send packets to the cone NAT port.
- On the cone side, send packets to random ports until the peers manage to connect.
Having a symmetric and a cone NAT at hand, I did the following experiment:
- Opened 32 ports on the symmetric side
- Sent 64 packets every 0.1 seconds from the cone side to the symmetric NAT on random ports
In a couple of seconds I always manage to connect. However, I was wondering if some firewalls and NATs could use some form of blacklisting under these circumstances. For example, is it possible that a NATs that has to drop several packets on different ports from the same source will blacklist the source for a while?
I tried to find out about this around and I found out that sometimes some form of blacklisting can be used if the NAT is under DoS attack. However, this hole punch technique is 4 to 6 orders of magnitude less heavy than a typical DoS attack.
So is this technique feasible under reasonable conditions or am I likely to incur in blacklisting or other problems?
Aucun commentaire:
Enregistrer un commentaire