The programmer behind the Samy MySpace worm has turned his mind to a potentially more useful - although just as as controversial - endeavor, resulting in the creation of a tool to connect two devices on separate networks without any port forwarding.
utility is designed to create a tunnel between two computers on separate private networks over the Internet without the need to reconfigure the router for port forwarding - in other words, allowing end users to bypass restrictions that might be in place without needed administrative access to the router itself.
Samy Kamkar, a programmer with something of a checkered past following his creation of a cross-site scripting worm attacking MySpace and subsequent arrest for the same, describes
the utility as "a proxy server that works behind a NAT [router], even when the client is [also] behind a NAT, without any third party,
" and explains that pwnat
means that "both sides are fully communicating over UDP, allowing protocols that run over TCP to tunnel through.
utility is based on the updtunnel
tool created by Daniel Meekins, along with Kamkar's previous software chownat
While the tool certainly has legitimate uses, it's something that will give those who rely on NAT 'firewalls' for protection pause for thought - if a router configured to block all incoming traffic is transparent to the pwnat
tool, how much other traffic could be transmitted without the owner's knowledge?
explains that the utility could be used to improve the speed of BitTorrent-style peer-to-peer systems without needing any knowledge of configuring their routers for port forwarding.
For those curious as to how the utility works - or who are a trifle concerned about blindly trusting code from the creator of a worm - Kamkar has made his source code fully available.
Can you see a wealth of possibilities for the pwnat
tool, or does it seem a trifle worrying that it is so easy to bypass the protections NAT offers? Share your thoughts over in the forums