Analysing the google attack


Yes I remember reading about this on Quora. Very exciting! Can you share any links about this? I would love to understand more about how it works. I am mostly an architect and app/platform developer but I don’t know that much about networking protocols, firewalls, NAT etc.


Do a search on “hole punching”. It has been an item of development in recent times and subject to change from whatever has been written in the past.

NAT - is Network address translation.

So when your router has a single “outside” IP address the router enables multiple PCs behind it to use that one IP address to the internet by assigning each PC a local IP address (eg and when the PC wants to send a packet the router routes it out on the internet and remembers the address/port and when a packet is received from that IP address (that was sent the packet) with the port# the router then routes that packet to the PC. If a packet comes in from the internet that the router does not have info for then it drops that packet.

Essentially hole punching utilises outgoing connections so that NATs know how to route the responses and this would apply to those ISPs you talk of. The trick is how to do this and still connect to other nodes. It has been somewhat explained somewhere but I don’t remember where. So the proof will be in the baking and eating in the upcoming alpha 3 where this gets put to the test.


It would be great if you have some public facing documentation put together for how this actually works. Maybe generate some docs from docblock comments?


I am sure it will happen. And I am sure many will be asking how its done when we are testing it.


@GregMagarshak re hole punching vet al…

There’s a paper, a few years old now, jointly authored by Maidsafe and an academic (also an Irvine IIRC) from Edinburgh Uni I think.

I know that Maidsafe have made advances in this area since the paper, but if its rigour you want I’d start there and then search the forum, but really, you would need to look at the Rust crate to get the state of the art here.

There’s one paper here (see DHT Based NAT Traversal), probably the one I was thinking of - the Edinburgh one was probably a different topic.


This part, not really Kademlia by default is iterative and not recursive, so it assumes making lots and lots of connections. That is a nightmare for private users and is prob with kad etc. they work in academia, or for public-facing devices, but NAT is a disaster for these protocols.

Just a small point, hope it helps.