
Pwnat: NAT to NAT client-server communication - j_s
https://samy.pl/pwnat/
======
vxxzy
Wow. This is awesome. So essentially the client pretends to be a "hop" with a
specifically crafted ICMP packet. The NAT simply forwards it along as if it
were expecting it. Neat!

The only thing stopping this would be flooding these ICMP packets to pwnat
servers. The server would get the wrong IP and do extra work. In practice, it
would be difficult to figure out if pwnat is running since it probably isn't
meant to be a long running process.

Also: I know that some providers prevent UDP forging on the "source" address.
Do they do this also at the ICMP level? If so, I guess this is another set
back.

