RFC 3489 (rfc3489) - Page 2 of 47

STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)

Alternative Format: Original Text Document
< Previous
Next >
RFC 3489                          STUN                        March 2003


        8.2   Shared Secret Requests ..............................   13
   9.   Client Behavior ...........................................   14
        9.1   Discovery ...........................................   15
        9.2   Obtaining a Shared Secret ...........................   15
        9.3   Formulating the Binding Request .....................   17
        9.4   Processing Binding Responses ........................   17
   10.  Use Cases .................................................   19
        10.1  Discovery Process ...................................   19
        10.2  Binding Lifetime Discovery ..........................   21
        10.3  Binding Acquisition .................................   23
   11.  Protocol Details ..........................................   24
        11.1  Message Header ......................................   25
        11.2  Message Attributes ..................................   26
              11.2.1  MAPPED-ADDRESS ..............................   27
              11.2.2  RESPONSE-ADDRESS ............................   27
              11.2.3  CHANGED-ADDRESS .............................   28
              11.2.4  CHANGE-REQUEST ..............................   28
              11.2.5  SOURCE-ADDRESS ..............................   28
              11.2.6  USERNAME ....................................   28
              11.2.7  PASSWORD ....................................   29
              11.2.8  MESSAGE-INTEGRITY ...........................   29
              11.2.9  ERROR-CODE ..................................   29
              11.2.10 UNKNOWN-ATTRIBUTES ..........................   31
              11.2.11 REFLECTED-FROM ..............................   31
   12.  Security Considerations ...................................   31
        12.1  Attacks on STUN .....................................   31
              12.1.1  Attack I: DDOS Against a Target .............   32
              12.1.2  Attack II: Silencing a Client ...............   32
              12.1.3  Attack III: Assuming the Identity of a Client   32
              12.1.4  Attack IV: Eavesdropping ....................   33
        12.2  Launching the Attacks ...............................   33
              12.2.1  Approach I: Compromise a Legitimate
                      STUN Server .................................   33
              12.2.2  Approach II: DNS Attacks ....................   34
              12.2.3  Approach III: Rogue Router or NAT ...........   34
              12.2.4  Approach IV: MITM ...........................   35
              12.2.5  Approach V: Response Injection Plus DoS .....   35
              12.2.6  Approach VI: Duplication ....................   35
        12.3  Countermeasures .....................................   36
        12.4  Residual Threats ....................................   37
   13.  IANA Considerations .......................................   38
   14.  IAB Considerations ........................................   38
        14.1  Problem Definition ..................................   38
        14.2  Exit Strategy .......................................   39
        14.3  Brittleness Introduced by STUN ......................   40
        14.4  Requirements for a Long Term Solution ...............   42
        14.5  Issues with Existing NAPT Boxes .....................   43
        14.6  In Closing ..........................................   43



Rosenberg, et al.           Standards Track
< Previous
Next >