Do NAT-routers block UDP packets?

Given a standard residential NAT router that has all ports closed or
blocked, and does not have a DMZ configured - would such a router
pass, or block, unsolicited UDP packets to PC's connected to it's LAN
ports?

Router Man said

> Given a standard residential NAT router that has all ports closed or
> blocked,

Say this line to youeself again ...and then think what it will do with
unsolicited traffic.

L.

--
Want to help to keep the best free usenet servers running ?
http://www.readfreenews.com

Lenny_Nero wrote:

> > Given a standard residential NAT router that has all ports
> > closed or blocked,
>
> Say this line to youeself again ...and then think what it will
> do with unsolicited traffic.

Just answer the question.

Is there something *different* about UDP packets (vs TCP) that would
allow a router to pass them even if the owner thinks the router is
properly set up to block all unsolicited packets?

Should be an easy question for this newsgroup to answer...

You stated all ports are Blocked or Closed so NOTHING is getting through.
Restate your question.



"Router Man" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Lenny_Nero wrote:
>
>> > Given a standard residential NAT router that has all ports
>> > closed or blocked,
>>
>> Say this line to youeself again ...and then think what it will
>> do with unsolicited traffic.
>
> Just answer the question.
>
> Is there something *different* about UDP packets (vs TCP) that would
> allow a router to pass them even if the owner thinks the router is
> properly set up to block all unsolicited packets?
>
> Should be an easy question for this newsgroup to answer...

Nethawg wrote:

> You stated all ports are Blocked or Closed so NOTHING is getting
> through. Restate your question.

In another newsgroup, person A mentioned seeing this:

> > Kerio Firewall has begun a series of messages such as these,
> > coming once a minute or so, every so often
> >
> > Someone from 24.64.9.177, port 3222 wants to send UDP
> > datagram to port 1027 owned by 'Distributed COM Services'
> > on your computer.

There were similar attempts to port 1027 from different IP's:

> > Someone from 24.64.8.158, port 32089 wants to send UDP ...
> > Someone from 24.64.85.35, port 34996 wants to send UDP ...
> > Someone from 24.64.210.84, port 28111 wants to send UDP ...
> > Someone from 24.64.180.130, port 4241 wants to send UDP ...

There were two theories about the intent of those attempts:

1) They were attempts by downloaders trying to make contact with a p2p
seeder that was not longer operating at the last know IP address

2) A Windows Messenger spam attempt

There was a comment (or question) from person B if the OP had a NAT
router (how would their Kerio firewall see these attempts if they
did?)

There was another comment from person C along the lines of "they're
UDP packets, so a router wouldn't stop it".

Hence my question about routers and UDP packets.

Is person C right - that regardless of how a conventional router is
configured, that a NAT router is incapable of blocking unsolicited UDP
packets?

It's a simple question people.

Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
external/in-bound packets, regardless of the type of packet?

Or are unsolicited UDP packets allowed to get through?

Router Man wrote:

> It's a simple question people.
>
> Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
> external/in-bound packets, regardless of the type of packet?
>
> Or are unsolicited UDP packets allowed to get through?

Sorry.

I thought there were router "Experts" here who could answer a simple
question.

Router Man wrote:
> Router Man wrote:
>
>> It's a simple question people.
>>
>> Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
>> external/in-bound packets, regardless of the type of packet?
>>
>> Or are unsolicited UDP packets allowed to get through?
>
> Sorry.
>
> I thought there were router "Experts" here who could answer a simple
> question.

I'm not an expert, I'm going to take NA classes at the local JC in the
fall, so - while this is interesting - I apologize if my answers aren't
applicable.

http://help.soft32.com/questions/31/...ss-Translation)

With symmetric NAT all requests from the same internal IP address and
port to a specific destination IP address and port are mapped to a
unique external source IP address and port. If the same internal host
sends a packet with the same source address and port to a different
destination, a different mapping is used. Only an external host that
receives a packet can send a UDP packet back to the internal host.

http://en.wikipedia.org/wiki/Network...ss_translation

Symmetric NAT

* Each request from the same internal IP address and port to a
specific destination IP address and port is mapped to a unique external
source IP address and port. If the same internal host sends a packet
even with the same source address and port but to a different
destination, a different mapping is used.

* Only an external host that receives a packet from an internal
host can send a packet back.

Mike

On Sat, 21 Jul 2007 10:05:14 -0400, Router Man wrote:

> Lenny_Nero wrote:
>
>> > Given a standard residential NAT router that has all ports
>> > closed or blocked,
>>
>> Say this line to youeself again ...and then think what it will
>> do with unsolicited traffic.
>
> Just answer the question.
>
> Is there something *different* about UDP packets (vs TCP) that would
> allow a router to pass them even if the owner thinks the router is
> properly set up to block all unsolicited packets?
>
> Should be an easy question for this newsgroup to answer...

Well, I guess it depends on the router. I have used Netgear, Linksys, and
D-Link. If memory serves, they generally block all ports (UDP and TCP),
allow specific ports to be forwarded to specific systems and allow one
to specify UDP, TCP, or both.

Bob

Router Man <(E-Mail Removed)> prattled ceaselessly in
news:(E-Mail Removed):

> Router Man wrote:
>
>> It's a simple question people.
>>
>> Do symetric (One-to-Many) NAT-Routers block/drop all unsolicited
>> external/in-bound packets, regardless of the type of packet?
>>
>> Or are unsolicited UDP packets allowed to get through?
>
> Sorry.
>
> I thought there were router "Experts" here who could answer a simple
> question.

This is Usenet. There is no test to take to be allowed to read or post
to a Usenet public newsgroup. Your question was answered. The ports are
blocked and the packets are dropped. The difference between UDP and TCP
is packet size and error correction. Not sneakiness.

--
Catwalker
MCNGP #43
www.mcngp.com
"Definitely not wearing any underwear."