A Punching Scheme for Crossing NAT in End Hopping
End hopping is one of the good methods to defend against network attack,but has problems with network address translation (NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What”s more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.
network security end hopping network address translation punching scheme
LIN Kai JIA Chunfu
College of Information Technical Science,Nankai University,Tianjin 300071,China
国内会议
福州
英文
539-543
2012-10-27(万方平台首次上网日期,不代表论文的发表时间)