NAT and NAT Traversal SEng490 Directed Study Haoran Song Supervised by Dr. Jianping Pan.

Slides:

Advertisements

Similar presentations

A New Method for Symmetric NAT Traversal in UDP and TCP

Advertisements

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Traversing symmetric NAT with predictable port allocation function SIN 2014 Dušan Klinec, Vashek Matyáš Faculty of Informatics, Masaryk University.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

P2P and NAT How to traverse NAT Davide Carboni ©

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

STUN Date: Speaker: Hui-Hsiung Chung 1.

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

CS 4700 / CS 5700 Network Fundamentals Lecture 13: Middleboxes and NAT (Duct tape for IPv4) Revised 3/9/2013.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

Addressing the P2P Bootstrap Problem for Small Overlay Networks David Wolinsky, Pierre St. Juste, P. Oscar Boykin, and Renato Figueiredo ACIS P2P Group.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Efficient Network Management (236635) SNMP TCP Backchannel Submitted by: An SNMP agent extension for transferring large files Tsachi Sharfman

Scaling Service Requests Linux: ipvsadm & iptoip.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

© Siemens 2006 All Rights Reserved 1 Challenges and Limitations in a Back-End Controlled SmartHome Thesis Work Presentation Niklas Salmela Supervisor:

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

A Brief Taxonomy of Firewalls

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker ： Wenping Zhang date ：

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Firewall and its working By Mithila Palamakula. Firewall  Sits between two networks  Used to protect one from the other  Places a bottleneck between.

Othman Othman M.M., Koji Okamura Kyushu University 1.

Appear in IEEE TDSC 2008 Presented by Wei-Cheng Xiao.

I-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai Mochinaga**, and Katsushi Kobayashi*** 1 * Waseda University **

1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Firewalls and proxies Unit objectives

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Module 10: Windows Firewall and Caching Fundamentals.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A,

Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj

Could SP-NAT Save the Internet?

TECH TIP – Videoconferencing settings for Apple AirPort Extreme wireless access point. SYMPTOM / ISSUE After connecting a set-top videoconferencing system.

CS 4700 / CS 5700 Network Fundamentals

NAT (Network Address Translation)

Cisco ASA Express Security

改良UDP洞穿技術設計物聯網通訊：以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳楊凱勝指導教授：柯開維.

CS 4700 / CS 5700 Network Fundamentals

Magnus Westerlund / Ericsson Thomas Zeng / PacketVideo

i-Path : Network Transparency Project

NAT Traversal for VoIP Dr. Quincy Wu National Chi Nan University

Transport Layer Systems Firewalls and NAT

Chapter 11: Network Address Translation for IPv4

From ACCEPT to MASQUERADE Tim(othy) Clark (eclipse)

Request for Comments(RFC) 3489

Presentation transcript:

NAT and NAT Traversal SEng490 Directed Study Haoran Song Supervised by Dr. Jianping Pan

Outline Problems of NAT in the real world NAT Traversal in our research Conclusion

Firewalls and NAT

Four Types of NAT 1. Full Cone NAT 2. IP Restricted NAT 3. Port Restricted NAT 4. Symmetric NAT Then let us see how these four NATs work?

Full Cone: not very restricted B

IP Restricted NAT Has restrictions on incoming IP

Port Restricted NAT Not only has restrictions on IP, but also on Port

Symmetric NAT Very restricted. New mapping for each different connection.

Problems caused by NAT So, When we do communication with NAT, outside packets can not come in until inside packets go out first. We need to find a way to overcome this problem and this technique is called NAT Traversal.

NAT Traversal Our plan 1. We need to know what NAT we are behind 2. Do NAT traversal according to the identified NAT Therefore, two main parts in our research 1. NAT Detection 2. NAT Traversal

NAT Detection We get the PolyNAT from Dr. Hoffman. It can emulates four different NATs. Thanks to Dr. Hoffman and his students.

NAT Detection Flow

Example: Full Cone Detection

NAT Traversal coneIP restrictedport restrictedsymmetric cone IP restricted port restricted symmetric A B     ? ?

Full Cone-Full Cone

Full Cone-Full Cone: Scenario

Full cone/restricted-restricted

Full cone/restricted-restricted Scenario

Full cone/IP restricted-symmetric

Full cone/IP restricted-symmetric Scenario

How does clients describe who they are We build our own traversal commands We use XML to describe necessary information and embed these descriptions in our traversal commands. So, other clients get specified information about their peers by learning these XML contents.

An example of a traversal command

Conclusion We have implemented 1. Full Cone – Full Cone 2. Full/Restricted Cone – Restricted Cone 3. Full/IP Restricted Cone – Symmetric The things we will do in the future 1. Port Restricted Cone – Symmetric 2. Symmetric – Symmetric

NAT and NAT Traversal Questions?