A Punching Scheme for Crossing NAT in End Hopping  

作　　者：LIN Kai JIA Chunfu 

机构地区：[1]College of Information Technical Science,Nankai University,Tianjin 300071,China

出　　处：《Wuhan University Journal of Natural Sciences》2012年第6期539-543,共5页武汉大学学报（自然科学英文版）

基　　金：Supported by the National Natural Science Foundation of China (60973141,61272423);the Specialized Research Fund for the Doctoral Program of Higher Education of China (20100031110030);the Funds of Key Lab of Fujian Province University Network Security and Cryptology (2011004)

摘　　要：End hopping is one of the good methods to defend against network attack,but has problems with network address translation（NAT） because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme：a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What＇s more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results：if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.End hopping is one of the good methods to defend against network attack,but has problems with network address translation（NAT） because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme：a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What＇s more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results：if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.

关 键 词：network security end hopping network address translation punching scheme 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]