STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
RFC 3489
Document Type RFC - Proposed Standard (March 2003; No errata)
Obsoleted by RFC 5389
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3489 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Scott Bradner
Send notices to (None)
Email authors Email WG IPR 4 References Referenced by Nits 
Network Working Group                                       J. Rosenberg
Request for Comments: 3489                                 J. Weinberger
Category: Standards Track                                    dynamicsoft
                                                              C. Huitema
                                                               Microsoft
                                                                 R. Mahy
                                                                   Cisco
                                                              March 2003

        STUN - Simple Traversal of User Datagram Protocol (UDP)
               Through Network Address Translators (NATs)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   Simple Traversal of User Datagram Protocol (UDP) Through Network
   Address Translators (NATs) (STUN) is a lightweight protocol that
   allows applications to discover the presence and types of NATs and
   firewalls between them and the public Internet.  It also provides the
   ability for applications to determine the public Internet Protocol
   (IP) addresses allocated to them by the NAT.  STUN works with many
   existing NATs, and does not require any special behavior from them.
   As a result, it allows a wide variety of applications to work through
   existing NAT infrastructure.

Table of Contents

   1.   Applicability Statement ...................................    3
   2.   Introduction ..............................................    3
   3.   Terminology ...............................................    4
   4.   Definitions ...............................................    5
   5.   NAT Variations ............................................    5
   6.   Overview of Operation .....................................    6
   7.   Message Overview ..........................................    8
   8.   Server Behavior ...........................................   10
        8.1   Binding Requests ....................................   10

Rosenberg, et al.           Standards Track                     [Page 1]
RFC 3489                          STUN                        March 2003

        8.2   Shared Secret Requests ..............................   13
   9.   Client Behavior ...........................................   14
        9.1   Discovery ...........................................   15
        9.2   Obtaining a Shared Secret ...........................   15
        9.3   Formulating the Binding Request .....................   17
        9.4   Processing Binding Responses ........................   17
   10.  Use Cases .................................................   19
        10.1  Discovery Process ...................................   19
        10.2  Binding Lifetime Discovery ..........................   21
        10.3  Binding Acquisition .................................   23
   11.  Protocol Details ..........................................   24
        11.1  Message Header ......................................   25
        11.2  Message Attributes ..................................   26
              11.2.1  MAPPED-ADDRESS ..............................   27
              11.2.2  RESPONSE-ADDRESS ............................   27
              11.2.3  CHANGED-ADDRESS .............................   28
              11.2.4  CHANGE-REQUEST ..............................   28
              11.2.5  SOURCE-ADDRESS ..............................   28
              11.2.6  USERNAME ....................................   28
              11.2.7  PASSWORD ....................................   29
              11.2.8  MESSAGE-INTEGRITY ...........................   29
              11.2.9  ERROR-CODE ..................................   29
              11.2.10 UNKNOWN-ATTRIBUTES ..........................   31
              11.2.11 REFLECTED-FROM ..............................   31
   12.  Security Considerations ...................................   31
        12.1  Attacks on STUN .....................................   31
              12.1.1  Attack I: DDOS Against a Target .............   32
              12.1.2  Attack II: Silencing a Client ...............   32
              12.1.3  Attack III: Assuming the Identity of a Client   32
              12.1.4  Attack IV: Eavesdropping ....................   33
        12.2  Launching the Attacks ...............................   33
              12.2.1  Approach I: Compromise a Legitimate
                      STUN Server .................................   33
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools