Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.

Published byGinger Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala."— Presentation transcript:

1 Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala

2 Company Confidential 2 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials One Motivating Use Case Home Network Home Gateway Internet Remote Network

3 Company Confidential 3 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Problem Statement #1 Restriction how TURN can be used (draft-ietf-behave-turn-05.txt) “A successful Allocate transaction just reserves a transport address on the TURN server. Data does not flow through an allocated transport address until the TURN client asks the TURN server to open a permission, which is done with a Send Indication. While the client can request more than one permission per allocation, it needs to request each permission explicitly and one at a time. This insures that a client can't use a TURN server to run a traditional server, and partially protects the client from DoS attacks. “ Particular problems for home network Home owner cannot know beforehand from which IP address (external IP address) s/he is going to access the home network Even if home owner did magically know all the external IP addresses, most of the home automation and many AV based device would not be able to request such permissions, because there are no mechanisms how home owner could tell the devices what these external IP addresses are

4 Company Confidential 4 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Problem Statement #2 Restriction how ports are allocated (draft-ietf-behave-turn-05.txt) “The server SHOULD only allocate ports in the range 1024-65535. “ The document should not take a stand on how TURN is used. This is a deployment issue and must left up to individual entity to decide whether such restrictions should be enforced

5 Company Confidential 5 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Change proposals 1.Allow TURN client to disable/enable permission functionality in TURN server Add new attribute PERMISSION which can have following values Address dependent Address/port dependent (does someone really need this?) Disabled 2.Change/remove appropriate sections in the spec to reflect the proposed change in 1. E.g. in 7.2.2 (there are other sections too) “If a server receives a UDP packet on an allocated UDP transport address, it checks the permissions associated with that allocation. If the source IP address of the UDP packet matches one of the permissions (the source port is not used), the UDP packet is accepted. Otherwise, it is discarded. If the packet is accepted, it is forwarded to the client as described below.” 3.Remove the following paragraph in 6.2.1.4 “The server SHOULD only allocate ports in the range 1024-65535. This is one of several ways to prohibit relayed transport addresses from being used to attempt to run standard services.”

Download ppt "Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala."

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
DHCP and Network Settings What is DHCP and its function, what is a Gateway and why do we need one, what is DNS? Presentation written by Carol A. Hopkins.

DHCP and Network Settings What is DHCP and its function, what is a Gateway and why do we need one, what is DNS? Presentation written by Carol A. Hopkins.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.

TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Network Layer4-1 NAT: Network Address Translation 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 138.76.29.7 local network (e.g., home network) 10.0.0/24 rest of.

Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Similar presentations

Ads by Google