STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
RFC 3489
Document | Type |
RFC - Proposed Standard
(March 2003; No errata)
Obsoleted by RFC 5389
|
|
---|---|---|---|
Authors | Jonathan Rosenberg , Christian Huitema , Rohan Mahy , Joel Weinberger | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3489 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Scott Bradner | ||
Send notices to | (None) |
Network Working Group J. Rosenberg Request for Comments: 3489 J. Weinberger Category: Standards Track dynamicsoft C. Huitema Microsoft R. Mahy Cisco March 2003 STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) (STUN) is a lightweight protocol that allows applications to discover the presence and types of NATs and firewalls between them and the public Internet. It also provides the ability for applications to determine the public Internet Protocol (IP) addresses allocated to them by the NAT. STUN works with many existing NATs, and does not require any special behavior from them. As a result, it allows a wide variety of applications to work through existing NAT infrastructure. Table of Contents 1. Applicability Statement ................................... 3 2. Introduction .............................................. 3 3. Terminology ............................................... 4 4. Definitions ............................................... 5 5. NAT Variations ............................................ 5 6. Overview of Operation ..................................... 6 7. Message Overview .......................................... 8 8. Server Behavior ........................................... 10 8.1 Binding Requests .................................... 10 Rosenberg, et al. Standards Track [Page 1] RFC 3489 STUN March 2003 8.2 Shared Secret Requests .............................. 13 9. Client Behavior ........................................... 14 9.1 Discovery ........................................... 15 9.2 Obtaining a Shared Secret ........................... 15 9.3 Formulating the Binding Request ..................... 17 9.4 Processing Binding Responses ........................ 17 10. Use Cases ................................................. 19 10.1 Discovery Process ................................... 19 10.2 Binding Lifetime Discovery .......................... 21 10.3 Binding Acquisition ................................. 23 11. Protocol Details .......................................... 24 11.1 Message Header ...................................... 25 11.2 Message Attributes .................................. 26 11.2.1 MAPPED-ADDRESS .............................. 27 11.2.2 RESPONSE-ADDRESS ............................ 27 11.2.3 CHANGED-ADDRESS ............................. 28 11.2.4 CHANGE-REQUEST .............................. 28 11.2.5 SOURCE-ADDRESS .............................. 28 11.2.6 USERNAME .................................... 28 11.2.7 PASSWORD .................................... 29 11.2.8 MESSAGE-INTEGRITY ........................... 29 11.2.9 ERROR-CODE .................................. 29 11.2.10 UNKNOWN-ATTRIBUTES .......................... 31 11.2.11 REFLECTED-FROM .............................. 31 12. Security Considerations ................................... 31 12.1 Attacks on STUN ..................................... 31 12.1.1 Attack I: DDOS Against a Target ............. 32 12.1.2 Attack II: Silencing a Client ............... 32 12.1.3 Attack III: Assuming the Identity of a Client 32 12.1.4 Attack IV: Eavesdropping .................... 33 12.2 Launching the Attacks ............................... 33 12.2.1 Approach I: Compromise a Legitimate STUN Server ................................. 33Show full document text