Hello everyone. I was reading about UDP hole punching and peer to peer connections and I was wondering about methods to block them.
It's more of an educational approach to test my understanding of the concept rather than an actual implementation.
I do get that if the peers know the addresses they want to connect to, you cannot do much to block the traffic (maybe some L7 packet matching)
But what about the case they use a rendezvous server?
Here is my thought process about this:
Client A send a UDP packet to the rendezvous server (src-address: a.a.a.a, dst-address:b.b.b.b)
Client B send a UDP packet to the rendezvous server (src-address: c.c.c.c, dst-address:b.b.b.b)
Rendezvous server sends the details to each client.
So at this point, NAT in client As router has opened a UDP port and is communicating with the server, but instead is getting a connection from client B for the IP c.c.c.c
Is it somehow possible to restrict the incoming connection just to the IP address the specific connection was made to (b.b.b.b)?
Am I correct to assume that this way, the direct connections from other clients would be blocked?
I know that someone would be able to use the rendezvous server as a relay, but at this stage you can always block the rendezvous server itself.
This approach should also allow skype blocking etc.
I 'd love to read your thoughts on the matter.
P.S. I know this is not 100% Mikrotik/RouterOS territory, but I am using exclusively Mikrotik routers and I 'd like to know how this can be implemented in RouterOS