Do NAT-routers block UDP packets? - Routers

This is a discussion on Do NAT-routers block UDP packets? - Routers ; Given a standard residential NAT router that has all ports closed or blocked, and does not have a DMZ configured - would such a router pass, or block, unsolicited UDP packets to PC's connected to it's LAN ports?...

+ Reply to Thread
Results 1 to 11 of 11

Thread: Do NAT-routers block UDP packets?

  1. Do NAT-routers block UDP packets?


    Given a standard residential NAT router that has all ports closed or
    blocked, and does not have a DMZ configured - would such a router
    pass, or block, unsolicited UDP packets to PC's connected to it's LAN
    ports?

  2. Re: Do NAT-routers block UDP packets?

    Router Man said

    > Given a standard residential NAT router that has all ports closed or
    > blocked,


    Say this line to youeself again ...and then think what it will do with
    unsolicited traffic.

    L.

    --
    Want to help to keep the best free usenet servers running ?
    http://www.readfreenews.com


  3. Re: Do NAT-routers block UDP packets?

    Lenny_Nero wrote:

    > > Given a standard residential NAT router that has all ports
    > > closed or blocked,

    >
    > Say this line to youeself again ...and then think what it will
    > do with unsolicited traffic.


    Just answer the question.

    Is there something *different* about UDP packets (vs TCP) that would
    allow a router to pass them even if the owner thinks the router is
    properly set up to block all unsolicited packets?

    Should be an easy question for this newsgroup to answer...

  4. Re: Do NAT-routers block UDP packets?

    You stated all ports are Blocked or Closed so NOTHING is getting through.
    Restate your question.



    "Router Man" wrote in message
    news:46A2129A.8FC19941@Man.com...
    > Lenny_Nero wrote:
    >
    >> > Given a standard residential NAT router that has all ports
    >> > closed or blocked,

    >>
    >> Say this line to youeself again ...and then think what it will
    >> do with unsolicited traffic.

    >
    > Just answer the question.
    >
    > Is there something *different* about UDP packets (vs TCP) that would
    > allow a router to pass them even if the owner thinks the router is
    > properly set up to block all unsolicited packets?
    >
    > Should be an easy question for this newsgroup to answer...




  5. Re: Do NAT-routers block UDP packets?

    Nethawg wrote:

    > You stated all ports are Blocked or Closed so NOTHING is getting
    > through. Restate your question.


    In another newsgroup, person A mentioned seeing this:

    > > Kerio Firewall has begun a series of messages such as these,
    > > coming once a minute or so, every so often
    > >
    > > Someone from 24.64.9.177, port 3222 wants to send UDP
    > > datagram to port 1027 owned by 'Distributed COM Services'
    > > on your computer.


    There were similar attempts to port 1027 from different IP's:

    > > Someone from 24.64.8.158, port 32089 wants to send UDP ...
    > > Someone from 24.64.85.35, port 34996 wants to send UDP ...
    > > Someone from 24.64.210.84, port 28111 wants to send UDP ...
    > > Someone from 24.64.180.130, port 4241 wants to send UDP ...


    There were two theories about the intent of those attempts:

    1) They were attempts by downloaders trying to make contact with a p2p
    seeder that was not longer operating at the last know IP address

    2) A Windows Messenger spam attempt

    There was a comment (or question) from person B if the OP had a NAT
    router (how would their Kerio firewall see these attempts if they
    did?)

    There was another comment from person C along the lines of "they're
    UDP packets, so a router wouldn't stop it".

    Hence my question about routers and UDP packets.

    Is person C right - that regardless of how a conventional router is
    configured, that a NAT router is incapable of blocking unsolicited UDP
    packets?

  6. It's a simple question: Re: Do NAT-routers block UDP packets?

    It's a simple question people.

    Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
    external/in-bound packets, regardless of the type of packet?

    Or are unsolicited UDP packets allowed to get through?

  7. Re: It's a simple question: Re: Do NAT-routers block UDP packets?

    Router Man wrote:

    > It's a simple question people.
    >
    > Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
    > external/in-bound packets, regardless of the type of packet?
    >
    > Or are unsolicited UDP packets allowed to get through?


    Sorry.

    I thought there were router "Experts" here who could answer a simple
    question.

  8. Re: It's a simple question: Re: Do NAT-routers block UDP packets?

    Router Man wrote:
    > Router Man wrote:
    >
    >> It's a simple question people.
    >>
    >> Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
    >> external/in-bound packets, regardless of the type of packet?
    >>
    >> Or are unsolicited UDP packets allowed to get through?

    >
    > Sorry.
    >
    > I thought there were router "Experts" here who could answer a simple
    > question.


    I'm not an expert, I'm going to take NA classes at the local JC in the
    fall, so - while this is interesting - I apologize if my answers aren't
    applicable.

    http://help.soft32.com/questions/31/...ss-Translation)

    With symmetric NAT all requests from the same internal IP address and
    port to a specific destination IP address and port are mapped to a
    unique external source IP address and port. If the same internal host
    sends a packet with the same source address and port to a different
    destination, a different mapping is used. Only an external host that
    receives a packet can send a UDP packet back to the internal host.

    http://en.wikipedia.org/wiki/Network...ss_translation

    Symmetric NAT

    * Each request from the same internal IP address and port to a
    specific destination IP address and port is mapped to a unique external
    source IP address and port. If the same internal host sends a packet
    even with the same source address and port but to a different
    destination, a different mapping is used.

    * Only an external host that receives a packet from an internal
    host can send a packet back.

    Mike

  9. Re: Do NAT-routers block UDP packets?

    On Sat, 21 Jul 2007 10:05:14 -0400, Router Man wrote:

    > Lenny_Nero wrote:
    >
    >> > Given a standard residential NAT router that has all ports
    >> > closed or blocked,

    >>
    >> Say this line to youeself again ...and then think what it will
    >> do with unsolicited traffic.

    >
    > Just answer the question.
    >
    > Is there something *different* about UDP packets (vs TCP) that would
    > allow a router to pass them even if the owner thinks the router is
    > properly set up to block all unsolicited packets?
    >
    > Should be an easy question for this newsgroup to answer...


    Well, I guess it depends on the router. I have used Netgear, Linksys, and
    D-Link. If memory serves, they generally block all ports (UDP and TCP),
    allow specific ports to be forwarded to specific systems and allow one
    to specify UDP, TCP, or both.

    Bob

  10. Re: It's a simple question: Re: Do NAT-routers block UDP packets?

    Router Man prattled ceaselessly in
    news:46A807A6.A94F2CA@Man.com:

    > Router Man wrote:
    >
    >> It's a simple question people.
    >>
    >> Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
    >> external/in-bound packets, regardless of the type of packet?
    >>
    >> Or are unsolicited UDP packets allowed to get through?

    >
    > Sorry.
    >
    > I thought there were router "Experts" here who could answer a simple
    > question.


    This is Usenet. There is no test to take to be allowed to read or post
    to a Usenet public newsgroup. Your question was answered. The ports are
    blocked and the packets are dropped. The difference between UDP and TCP
    is packet size and error correction. Not sneakiness.

    --
    Catwalker
    MCNGP #43
    www.mcngp.com
    "Definitely not wearing any underwear."

  11. Re: Do NAT-routers block UDP packets?

    Router Man prattled ceaselessly in
    news:46A2B127.84B3A266@Man.com:

    > Nethawg wrote:
    >
    >> You stated all ports are Blocked or Closed so NOTHING is getting
    >> through. Restate your question.

    >
    > In another newsgroup, person A mentioned seeing this:
    >
    >> > Kerio Firewall has begun a series of messages such as these,
    >> > coming once a minute or so, every so often
    >> >
    >> > Someone from 24.64.9.177, port 3222 wants to send UDP
    >> > datagram to port 1027 owned by 'Distributed COM Services'
    >> > on your computer.

    >
    > There were similar attempts to port 1027 from different IP's:
    >
    >> > Someone from 24.64.8.158, port 32089 wants to send UDP ...
    >> > Someone from 24.64.85.35, port 34996 wants to send UDP ...
    >> > Someone from 24.64.210.84, port 28111 wants to send UDP ...
    >> > Someone from 24.64.180.130, port 4241 wants to send UDP ...

    >
    > There were two theories about the intent of those attempts:
    >
    > 1) They were attempts by downloaders trying to make contact with a p2p
    > seeder that was not longer operating at the last know IP address
    >
    > 2) A Windows Messenger spam attempt
    >
    > There was a comment (or question) from person B if the OP had a NAT
    > router (how would their Kerio firewall see these attempts if they
    > did?)
    >
    > There was another comment from person C along the lines of "they're
    > UDP packets, so a router wouldn't stop it".
    >
    > Hence my question about routers and UDP packets.
    >
    > Is person C right - that regardless of how a conventional router is
    > configured, that a NAT router is incapable of blocking unsolicited UDP
    > packets?


    Just 'cause someone wants to send something, doesn't mean they can. The
    router logs all attempts, not just successful connections.

    --
    Catwalker
    MCNGP #43
    www.mcngp.com
    "Definitely not wearing any underwear."

+ Reply to Thread