This is really cool! What kind of peer connectivity are you able to achieve in the real world? How widespread have you been able to test?
-david > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:p2p-hackers- > [EMAIL PROTECTED] On Behalf Of Jeff Capone > Sent: Friday, December 15, 2006 1:47 PM > To: 'theory and practice of decentralized computer networks' > Subject: RE: [p2p-hackers] A new approach to NAT/Firewall traversal > > Hi Alex, > > We have solved these problems too. > > 1. We implement our own TCP stack so we do not have the decreased > performance due to the double-acking problem - I can elaborate on that > more > if you like? If you try it out, you will only see there is only about a > 6% > reduction in throughput due to the increased packet size (1 extra TCP > header). > > 2. Since we implement our own TCP stack, these attacks should not affect > us. We know exactly what we are excepting to receive and firewall the > rest. > > Hope that helps, > Jeff > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alex Pankratov > Sent: Friday, December 15, 2006 2:30 PM > To: 'theory and practice of decentralized computer networks' > Subject: RE: [p2p-hackers] A new approach to NAT/Firewall traversal > > Jeff, > > Building VPN connections over TCP has two known problems - > > * TCP over TCP leading to the problem with retransmissions > and resulting in a decreased performance. This is the one > you mention below. > > * the lack of protection against trivial DoS attacks. TCP > based VPN can be brought down by an active attacker with > exactly one packet. That's unless peers authenticate all > TCP packets similar to how BGP does with MD5 checksums. > > Second point is why IMO TCP-based tunneling must be the absolutely last > fall-back option as far as a choice for the transport medium goes. > > Additionally, regarding TCP NAT traversal. In my experience a simple > symmetrical TCP open works very well for connecting two NATed peers as > long > as the port prediction is accurate. > I am very curious to know why you opted for carrying initial P2P TCP > signaling OOB. > > Thanks, > Alex > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Capone > > Sent: Friday, December 15, 2006 12:15 PM > > To: [email protected] > > Subject: [p2p-hackers] A new approach to NAT/Firewall traversal > > > > Hi, > > > > If anyone is interested, we have developed an alternative approach to > > firewall/NAT traversal using TCP. > > > > If you are interested in how it works, let me know. If you are > > interested in trying it out you can download it from > > http://www.leafnetworks.net > > > > Here is a brief overview of what we do... > > > > The Leaf 2006 client software uses "Out-of-Band TCP Signaling" to form > > a TCP connection between two computers running the Leaf 2006 client > > software. This out-of-band signaling is achieved by creating a control > > channel that is setup using the Leaf Peer Server and used to broker > > all the TCP signaling traffic. Once the TCP connection is formed, the > > control channel is torn down and there is a direct TCP connection > > between each computer. > > > > Once this socket connection is formed, it is used to create a virtual > > private network (VPN) interface that you see as the Leaf Network > > Adapter on your computer. Most VPN solutions that tunnel traffic over > > a TCP socket connection suffer from performance degradation - up to > > 40% loss in bandwidth. However, we have solved this problem and you > > will achieve full bandwidth connectivity between two computers > > connected in a Leaf Network. > > Once the private network is formed, we protect it with a built in > > firewall for the Leaf Network Adapter. > > > > > > _______________________________________________ > > p2p-hackers mailing list > > [email protected] > > http://lists.zooko.com/mailman/listinfo/p2p-hackers > > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers > > > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
