|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: An Internet IPv6 Transition Plan
On Tue, Jul 31, 2007 at 10:12:28PM +0200, Peter Dambier wrote: > > Scott Francis wrote: > >On 7/29/07, Peter Dambier <[email protected]> wrote: > > > > > >>Ways have been found to drill holes into NAT-routers and firewalls, > >>but they are working only as long as it is only you who wants to break > >>out of the NAT. As soon as the mainstream has only left rfc 1918 addresses > >>p2p will stop. > > > > > >really? > > > >http://samy.pl/chownat/ > > > >NAT stops nothing. The concept in the above script (which has been > >around for several years) would be trivial for any P2P software to > >implement if it detects it is behind a NAT; in fact, this method may > >well be in use already. > > > I have read that is what skype is doing and probably some troyans. > > Still you have to "talk" to your NAT-router and the other party has > to talk to their NAT-router to make those two NAT-routers talk to > each other. When those two router cannot see each other because > they too are living behind NAT then you have got a problem. > > I guess you can solve it but the number of ports is limited and > things get a lot trickier. When you try to get out of the big NAT > (china) then the number of available ports versus the number of > users who want to get out - is the limit. Firstly, all p2p nets use some process to register with the network. It is simple to imagine a way to ensure these superpeers are publically addressed and let them coordinate the NATted hosts. Secondly, there is no big NAT in china. And even if there was, very large private networks should flourish for p2p sharing amongst each other. I think you're trying to demonstrate NAT to be a security mechanism and its long been known that that is not the case. Steve
|