DCAWD.com

DC All Wheel Drive
https://forums.dcawd.com/

pwnat

https://forums.dcawd.com/viewtopic.php?t=9305

Page 1 of 1

pwnat

Posted: Mon Apr 26, 2010 5:03 pm
by Sabre
Site
pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.

Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.

There is no middle man, no proxy, no 3rd party, no UPnP/STUN/ICE required, no spoofing, and no DNS tricks.

More importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server.

pwnat is based off of the UDP tunneling software by Daniel Meekins, udptunnel, and my original chownat.
Yes, it does work :twisted:

Re: pwnat

Posted: Mon Apr 26, 2010 6:55 pm
by Mr Kleen
interesting... sounds like nerd stuff though. :wink:

Re: pwnat

Posted: Mon Apr 26, 2010 7:03 pm
by Sabre
Eh, since it wasn't... let's say official type stuff, I put it in OT, but I suppose this is as good a home :)

Re: pwnat

Posted: Mon Apr 26, 2010 10:19 pm
by schvin
this is an interesting technique...

Re: pwnat

Posted: Thu Apr 29, 2010 2:35 pm
by complacent
does anyone else here think it looks kind of messy with all that UDP traffic? especially with the udp keep alive, i'd think it would be awful easy to spot.

or was the purpose to prove that it could be done?

Re: pwnat

Posted: Thu Apr 29, 2010 3:05 pm
by scheherazade
You can spot TCP just as easily.
Just swap your switch for a hub, and run wire shark. Gives you everything.

What's great about pwnat is that it's so simple.
The gist of it : send crap out, so whatever comes in the NAT thinks is a reply

I can see this being used to help someone behind a NAT run a server.
Security wise, it's pretty benign.

-scheherazade

Re: pwnat

Posted: Thu Apr 29, 2010 6:47 pm
by Sabre
complacent wrote:does anyone else here think it looks kind of messy with all that UDP traffic? especially with the udp keep alive, i'd think it would be awful easy to spot.

or was the purpose to prove that it could be done?
Agreed, this version is messy, but imagine a very targeted version that isn't so messy and you'll see how evil it really is.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited