19 Nov
2005
19 Nov
'05
2:36 a.m.
I'm trying to find some statistics as to what the ratio of Cone vs
Symmetric NAT solutions deployed in the world are, has anyone done some
research into this?
I'm curious what percentage of users in certain demographics (broadband
clients, for example) i can expect to be serviced using STUN alone, so i
can come up with some figure to help me build out my network
Even just some anecdotal information of peoples experiences would be
very useful
Tavis
20 Nov
20 Nov
4:46 p.m.
From what I have seen, the companies are protected mainly by symmetric
NAT (more secure). In residential premises, it is hard to detect, there
are a lot of devices. Sometimes the STUN implementation in the clients
is broken, and do not help at all to label a NAT from SIP server side.
Cheers,
Daniel
On 11/19/05 01:36, Tavis P wrote:
I'm trying to find some statistics as to what the
ratio of Cone vs
Symmetric NAT solutions deployed in the world are, has anyone done some
research into this?
I'm curious what percentage of users in certain demographics (broadband
clients, for example) i can expect to be serviced using STUN alone, so i
can come up with some figure to help me build out my network
Even just some anecdotal information of peoples experiences would be
very useful
Tavis
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
5:48 p.m.
New subject: [Serusers] Re: [Users] How Effective is STUN?
Many of the commercial, symmetric NATs have some form or fashion of SIP
awareness (granted, some of them are broken... like Checkpoint's) --
Checkpoint, Cisco, Astaro, etc.
Older Netgear boxes tend to be symmetric, but the more recent ones are not.
Linksys boxes are asymmetric, usually port-restricted cone. As for the rest, I
don't know for certain, but for my clients, I've run into FAR more asymmetric
home clients than not. Asymmetric NATs are far easier to implement and, done
correctly (prt-restricted cone), provide actually more security than symmetric
because it masks the identification of multiple servers behind a firewall, as
not all requests come from the same IP/port combination.
Ideally, a good UA would be able to have a STUN server put in, check for
whether or not VoIP would work with STUN, and default to that if necessary,
but not if NOT necessary. Some UAs simply aren't that intelligent, and some
UAs have broken STUN implementations (SJ Labs, for instance).
Of course, in the truly ideal world, all firewalls will become SIP aware...
N.
On Sun, 20 Nov 2005 15:46:26 +0200, Daniel-Constantin Mierla wrote
From what I have seen, the companies are protected
mainly by
symmetric NAT (more secure). In residential premises, it is hard to
detect, there are a lot of devices. Sometimes the STUN
implementation in the clients is broken, and do not help at all to
label a NAT from SIP server side.
Cheers,
Daniel
On 11/19/05 01:36, Tavis P wrote:
I'm trying to find some statistics as to what
the ratio of Cone vs
Symmetric NAT solutions deployed in the world are, has anyone done some
research into this?
I'm curious what percentage of users in certain demographics (broadband
clients, for example) i can expect to be serviced using STUN alone, so i
can come up with some figure to help me build out my network
Even just some anecdotal information of peoples experiences would be
very useful
Tavis
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers
6928
days inactive
6930
days old
2 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
sip -
Tavis P