diff options
Diffstat (limited to 'src/usr/local/share/protocols/stun.pat')
| -rw-r--r-- | src/usr/local/share/protocols/stun.pat | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/src/usr/local/share/protocols/stun.pat b/src/usr/local/share/protocols/stun.pat deleted file mode 100644 index 3bfc3ab..0000000 --- a/src/usr/local/share/protocols/stun.pat +++ /dev/null @@ -1,46 +0,0 @@ -# STUN - Simple Traversal of UDP Through NAT - RFC 3489 -# Pattern attributes: ok veryfast fast -# Protocol groups: networking ietf_proposed_standard -# Wiki: http://www.protocolinfo.org/wiki/STUN -# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE -# -# This pattern is untested as far as I know. - -# Wikipedia says: "The STUN server is contacted on UDP port 3478, -# however the server will hint clients to perform tests on alternate IP -# and port number too (STUN servers have two IP addresses). The RFC -# states that this port and IP are arbitrary." - -stun -# \x01 is a Binding Request. \x02 is a Shared Secret Request. Binding -# Requests are, experimentally, exactly 20 Bytes with three NULL Bytes. -# The first NULL is part of the two byte message type field. The other -# two give the message length, zero. I'm guessing that Shared Secret -# Requests are similar, but I have not checked. Please read the RFC and -# do experiments to find out. All other message types are responses, -# and so don't matter. -# -# The .? allows one of the Message Transaction ID Bytes to be \x00. If -# two are \x00, it will fail. This will happen 0.37% of the time, since -# the Message Transaction ID is supposed to be random. If this is -# unacceptable to you, add another ? to reduce this to 0.020%, but be -# aware of the increased possibility of false positives. -^[\x01\x02]................?$ - -# From my post to the mailing list: -# http://sourceforge.net/mailarchive/message.php?msg_id=36787107 -# -# This is a rather permissive pattern, but you can make it a little better -# by combining it with another iptables rule that checks that the packet -# data is exactly 20 Bytes. Of course, the second packet is longer, so -# maybe that introduces more complications than benefits. -# -# If you're willing to wait until the second packet to make the -# identification, you could use this: -# -# ^\x01................?\x01\x01 -# -# or if the Message Length is always \x24 (I'm not sure it is from your -# single example): -# -# ^\x01................?\x01\x01\x24 |
