[Zeek] [zeek] udp/tcp nat hole punching
Daniel Guerra
daniel.guerra69 at gmail.com
Thu Feb 7 15:25:30 PST 2019
Hi All,
Has anybody experience on detecting nat hole punching methods ?
It is used by several chat programs that use stun or could be used to
intrude.
The purpose is creating a peer to peer connection thrue multiple NAT
firewalls.
It produces lots off connections with connection_state S0 and history S,
e.g. syn
only packets.
This rfc explains https://tools.ietf.org/html/rfc5128.
More information about the Zeek
mailing list