Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ok, so ICMP is easy to turn off. But why couldn't this technique be done over UDP or TCP? The server could send a UDP packet to a known "fake" address and the client could spoof its source address to penetrate the nat.


Because the ICMP message is a case where NATs are already programmed to allow arbitrarily-sourced traffic to pass. The point is that the trick discovers the client's address, so they can establish direct 2-way comms.


Because many/most ISPs block simple outbound src addr spoofing.

pwnat works b/c ISPs don't (currently) inspect deep enough to notice spoofed addresses in the error packet contained inside ICMP.

This is an arms race b/t clever hackers and the ISP's increasingly deep packet inspection gear.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: