STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
RFC 3489
| Document | Type |
RFC - Proposed Standard
(March 2003; No errata)
Obsoleted by RFC 5389
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 3489 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Scott Bradner | ||
| Send notices to | (None) | ||
Network Working Group J. Rosenberg
Request for Comments: 3489 J. Weinberger
Category: Standards Track dynamicsoft
C. Huitema
Microsoft
R. Mahy
Cisco
March 2003
STUN - Simple Traversal of User Datagram Protocol (UDP)
Through Network Address Translators (NATs)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Simple Traversal of User Datagram Protocol (UDP) Through Network
Address Translators (NATs) (STUN) is a lightweight protocol that
allows applications to discover the presence and types of NATs and
firewalls between them and the public Internet. It also provides the
ability for applications to determine the public Internet Protocol
(IP) addresses allocated to them by the NAT. STUN works with many
existing NATs, and does not require any special behavior from them.
As a result, it allows a wide variety of applications to work through
existing NAT infrastructure.
Table of Contents
1. Applicability Statement ................................... 3
2. Introduction .............................................. 3
3. Terminology ............................................... 4
4. Definitions ............................................... 5
5. NAT Variations ............................................ 5
6. Overview of Operation ..................................... 6
7. Message Overview .......................................... 8
8. Server Behavior ........................................... 10
8.1 Binding Requests .................................... 10
Rosenberg, et al. Standards Track [Page 1]
RFC 3489 STUN March 2003
8.2 Shared Secret Requests .............................. 13
9. Client Behavior ........................................... 14
9.1 Discovery ........................................... 15
9.2 Obtaining a Shared Secret ........................... 15
9.3 Formulating the Binding Request ..................... 17
9.4 Processing Binding Responses ........................ 17
10. Use Cases ................................................. 19
10.1 Discovery Process ................................... 19
10.2 Binding Lifetime Discovery .......................... 21
10.3 Binding Acquisition ................................. 23
11. Protocol Details .......................................... 24
11.1 Message Header ...................................... 25
11.2 Message Attributes .................................. 26
11.2.1 MAPPED-ADDRESS .............................. 27
11.2.2 RESPONSE-ADDRESS ............................ 27
11.2.3 CHANGED-ADDRESS ............................. 28
11.2.4 CHANGE-REQUEST .............................. 28
11.2.5 SOURCE-ADDRESS .............................. 28
11.2.6 USERNAME .................................... 28
11.2.7 PASSWORD .................................... 29
11.2.8 MESSAGE-INTEGRITY ........................... 29
11.2.9 ERROR-CODE .................................. 29
11.2.10 UNKNOWN-ATTRIBUTES .......................... 31
11.2.11 REFLECTED-FROM .............................. 31
12. Security Considerations ................................... 31
12.1 Attacks on STUN ..................................... 31
12.1.1 Attack I: DDOS Against a Target ............. 32
12.1.2 Attack II: Silencing a Client ............... 32
12.1.3 Attack III: Assuming the Identity of a Client 32
12.1.4 Attack IV: Eavesdropping .................... 33
12.2 Launching the Attacks ............................... 33
Show full document text