STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
RFC 3489

Document Type RFC - Proposed Standard (March 2003; No errata)
Obsoleted by RFC 5389
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 3489 (Proposed Standard)
Telechat date
Responsible AD Scott Bradner
Send notices to <mshore@cisco.com>
Network Working Group                                       J. Rosenberg
Request for Comments: 3489                                 J. Weinberger
Category: Standards Track                                    dynamicsoft
                                                              C. Huitema
                                                               Microsoft
                                                                 R. Mahy
                                                                   Cisco
                                                              March 2003

        STUN - Simple Traversal of User Datagram Protocol (UDP)
               Through Network Address Translators (NATs)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   Simple Traversal of User Datagram Protocol (UDP) Through Network
   Address Translators (NATs) (STUN) is a lightweight protocol that
   allows applications to discover the presence and types of NATs and
   firewalls between them and the public Internet.  It also provides the
   ability for applications to determine the public Internet Protocol
   (IP) addresses allocated to them by the NAT.  STUN works with many
   existing NATs, and does not require any special behavior from them.
   As a result, it allows a wide variety of applications to work through
   existing NAT infrastructure.

Table of Contents

   1.   Applicability Statement ...................................    3
   2.   Introduction ..............................................    3
   3.   Terminology ...............................................    4
   4.   Definitions ...............................................    5
   5.   NAT Variations ............................................    5
   6.   Overview of Operation .....................................    6
   7.   Message Overview ..........................................    8
   8.   Server Behavior ...........................................   10
        8.1   Binding Requests ....................................   10

Rosenberg, et al.           Standards Track                     [Page 1]
RFC 3489                          STUN                        March 2003

        8.2   Shared Secret Requests ..............................   13
   9.   Client Behavior ...........................................   14
        9.1   Discovery ...........................................   15
        9.2   Obtaining a Shared Secret ...........................   15
        9.3   Formulating the Binding Request .....................   17
        9.4   Processing Binding Responses ........................   17
   10.  Use Cases .................................................   19
        10.1  Discovery Process ...................................   19
        10.2  Binding Lifetime Discovery ..........................   21
        10.3  Binding Acquisition .................................   23
   11.  Protocol Details ..........................................   24
        11.1  Message Header ......................................   25
        11.2  Message Attributes ..................................   26
              11.2.1  MAPPED-ADDRESS ..............................   27
              11.2.2  RESPONSE-ADDRESS ............................   27
              11.2.3  CHANGED-ADDRESS .............................   28
              11.2.4  CHANGE-REQUEST ..............................   28
              11.2.5  SOURCE-ADDRESS ..............................   28
              11.2.6  USERNAME ....................................   28
              11.2.7  PASSWORD ....................................   29
              11.2.8  MESSAGE-INTEGRITY ...........................   29
              11.2.9  ERROR-CODE ..................................   29
              11.2.10 UNKNOWN-ATTRIBUTES ..........................   31
              11.2.11 REFLECTED-FROM ..............................   31
   12.  Security Considerations ...................................   31
        12.1  Attacks on STUN .....................................   31
              12.1.1  Attack I: DDOS Against a Target .............   32
              12.1.2  Attack II: Silencing a Client ...............   32
              12.1.3  Attack III: Assuming the Identity of a Client   32
              12.1.4  Attack IV: Eavesdropping ....................   33
        12.2  Launching the Attacks ...............................   33
Show full document text