NAT traversal techniques allow processes with private, non-routable IP addresses to communicate with other processes outside the network secured limits. Techniques such as UDP Hole Punching have been standardized by the IETF, and using tunnels based on those techniques it is easy to allow application processes on top of any transport protocol, including TCP, to both start and receive packets from the Internet across NAT devices. However, as a side effect those techniques also freely proceed through firewalls. In this work we describe how it is possible to configure any server running on any port (no firewall configuration required) to establish connections initiated at arbitrary Internet clients, making unauthorized services easily available. We also show that the process is lightweight, in particular after the initial setup is concluded, thus virtually supporting any type of unauthorized applications.
Read full abstract