RFC 3489 STUN March 2003 8.2 Shared Secret Requests .............................. 13 9. Client Behavior ........................................... 14 9.1 Discovery ........................................... 15 9.2 Obtaining a Shared Secret ........................... 15 9.3 Formulating the Binding Request ..................... 17 9.4 Processing Binding Responses ........................ 17 10. Use Cases ................................................. 19 10.1 Discovery Process ................................... 19 10.2 Binding Lifetime Discovery .......................... 21 10.3 Binding Acquisition ................................. 23 11. Protocol Details .......................................... 24 11.1 Message Header ...................................... 25 11.2 Message Attributes .................................. 26 11.2.1 MAPPED-ADDRESS .............................. 27 11.2.2 RESPONSE-ADDRESS ............................ 27 11.2.3 CHANGED-ADDRESS ............................. 28 11.2.4 CHANGE-REQUEST .............................. 28 11.2.5 SOURCE-ADDRESS .............................. 28 11.2.6 USERNAME .................................... 28 11.2.7 PASSWORD .................................... 29 11.2.8 MESSAGE-INTEGRITY ........................... 29 11.2.9 ERROR-CODE .................................. 29 11.2.10 UNKNOWN-ATTRIBUTES .......................... 31 11.2.11 REFLECTED-FROM .............................. 31 12. Security Considerations ................................... 31 12.1 Attacks on STUN ..................................... 31 12.1.1 Attack I: DDOS Against a Target ............. 32 12.1.2 Attack II: Silencing a Client ............... 32 12.1.3 Attack III: Assuming the Identity of a Client 32 12.1.4 Attack IV: Eavesdropping .................... 33 12.2 Launching the Attacks ............................... 33 12.2.1 Approach I: Compromise a Legitimate STUN Server ................................. 33 12.2.2 Approach II: DNS Attacks .................... 34 12.2.3 Approach III: Rogue Router or NAT ........... 34 12.2.4 Approach IV: MITM ........................... 35 12.2.5 Approach V: Response Injection Plus DoS ..... 35 12.2.6 Approach VI: Duplication .................... 35 12.3 Countermeasures ..................................... 36 12.4 Residual Threats .................................... 37 13. IANA Considerations ....................................... 38 14. IAB Considerations ........................................ 38 14.1 Problem Definition .................................. 38 14.2 Exit Strategy ....................................... 39 14.3 Brittleness Introduced by STUN ...................... 40 14.4 Requirements for a Long Term Solution ............... 42 14.5 Issues with Existing NAPT Boxes ..................... 43 14.6 In Closing .......................................... 43 Rosenberg, et al. Standards Track