This is really cool!  What kind of peer connectivity are you able to achieve
in the real world?  How widespread have you been able to test?

-david

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:p2p-hackers-
> [EMAIL PROTECTED] On Behalf Of Jeff Capone
> Sent: Friday, December 15, 2006 1:47 PM
> To: 'theory and practice of decentralized computer networks'
> Subject: RE: [p2p-hackers] A new approach to NAT/Firewall traversal
> 
> Hi Alex,
> 
> We have solved these problems too.
> 
> 1.  We implement our own TCP stack so we do not have the decreased
> performance due to the double-acking problem - I can elaborate on that
> more
> if you like?  If you try it out, you will only see there is only about a
> 6%
> reduction in throughput due to the increased packet size (1 extra TCP
> header).
> 
> 2.  Since we implement our own TCP stack, these attacks should not affect
> us.  We know exactly what we are excepting to receive and firewall the
> rest.
> 
> Hope that helps,
> Jeff
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Alex Pankratov
> Sent: Friday, December 15, 2006 2:30 PM
> To: 'theory and practice of decentralized computer networks'
> Subject: RE: [p2p-hackers] A new approach to NAT/Firewall traversal
> 
> Jeff,
> 
> Building VPN connections over TCP has two known problems -
> 
> * TCP over TCP leading to the problem with retransmissions
>   and resulting in a decreased performance. This is the one
>   you mention below.
> 
> * the lack of protection against trivial DoS attacks. TCP
>   based VPN can be brought down by an active attacker with
>   exactly one packet. That's unless peers authenticate all
>   TCP packets similar to how BGP does with MD5 checksums.
> 
> Second point is why IMO TCP-based tunneling must be the absolutely last
> fall-back option as far as a choice for the transport medium goes.
> 
> Additionally, regarding TCP NAT traversal. In my experience a simple
> symmetrical TCP open works very well for connecting two NATed peers as
> long
> as the port prediction is accurate.
> I am very curious to know why you opted for carrying initial P2P TCP
> signaling OOB.
> 
> Thanks,
> Alex
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Capone
> > Sent: Friday, December 15, 2006 12:15 PM
> > To: [email protected]
> > Subject: [p2p-hackers] A new approach to NAT/Firewall traversal
> >
> > Hi,
> >
> > If anyone is interested, we have developed an alternative approach to
> > firewall/NAT traversal using TCP.
> >
> > If you are interested in how it works, let me know.  If you are
> > interested in trying it out you can download it from
> > http://www.leafnetworks.net
> >
> > Here is a brief overview of what we do...
> >
> > The Leaf 2006 client software uses "Out-of-Band TCP Signaling" to form
> > a TCP connection between two computers running the Leaf 2006 client
> > software. This out-of-band signaling is achieved by creating a control
> > channel that is setup using the Leaf Peer Server and used to broker
> > all the TCP signaling traffic. Once the TCP connection is formed, the
> > control channel is torn down and there is a direct TCP connection
> > between each computer.
> >
> > Once this socket connection is formed, it is used to create a virtual
> > private network (VPN) interface that you see as the Leaf Network
> > Adapter on your computer. Most VPN solutions that tunnel traffic over
> > a TCP socket connection suffer from performance degradation - up to
> > 40% loss in bandwidth. However, we have solved this problem and you
> > will achieve full bandwidth connectivity between two computers
> > connected in a Leaf Network.
> > Once the private network is formed, we protect it with a built in
> > firewall for the Leaf Network Adapter.
> >
> >
> > _______________________________________________
> > p2p-hackers mailing list
> > [email protected]
> > http://lists.zooko.com/mailman/listinfo/p2p-hackers
> 
> _______________________________________________
> p2p-hackers mailing list
> [email protected]
> http://lists.zooko.com/mailman/listinfo/p2p-hackers
> 
> 
> _______________________________________________
> p2p-hackers mailing list
> [email protected]
> http://lists.zooko.com/mailman/listinfo/p2p-hackers

_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers

Reply via email to