After reading about the Natblaster report, see earlier email for
details, I realised that with the jpcap library that a Java
implementation could enjoy wide platform support.
Two actual implementations were tested on commercial NAT Firewalls
From the paper:
Both our Case 2 and Case 4 implementations are successful and
able to open direct TCP connections. Case 2 reliably opens connections,
and Case 4 is successful with a high probability (the probability
of success is determined by the number of SYNs and SYN+ACKs
sent, as discussed earlier).
I'm going to have a go at implementing this.
Add TSL and you can call it Dynamic VPN between a client and its
service, to enable services over the internet. This would be scalable.
Probably need a Service that provides Marshalled ServiceItem's (linked
via a hash lookup based on serviceID added by the registrar) as well as
a Codebase Service, the JERI Rendezvous Service (Introductions for
clients and services) and last but not least a DNS-SD Registrar. As
much emphasis as possible would be placed on the client to perform
processing, where it makes sense.
Might need a txt key for DNS-SD that indicates a service is on a private
network, the address provided would be that of the JERI Rendezvous
Service or a JERI Relay
Cheers,
Peter.
