ICMP hole punching

ICMP hole punching establishes connectivity between two hosts communicating across one or more network address translators in either a peer-to-peer or client–server model.

Typically, third party hosts on the public transit network are used to establish UDP or TCP port states that may be used for direct communications between the communicating hosts, however ICMP hole punching requires no third party involvement to pass information between one or more NATs by exploiting a NAT's loose acceptance of inbound ICMP Time Exceeded packets.

Currently the only method of ICMP hole punching or hole punching without third party involvement (autonomous NAT traversal) was developed by Samy Kamkar on January 22, 2010 and released in the open source software pwnat,[2] and the method was later published in the IEEE.

According to the paper:[3] The proposed technique assumes that the client has somehow learned the current external (globally routable) IP address of the server's NAT.

Such a message could legitimately be transmitted by any Internet router and the sender address would not be expected to match the server's target IP.