Information Security Asked on December 17, 2021
My firewall reports outgoing connection attempts via com.apple.WebKit.Networking to a number of STUN servers (namely, stun.nas.net, stun.node4.co.uk, stun.voxox.com and stun.wwdl.net). This is requested by the Safari (Apple’s browser) process. From what I can see STUN servers are required for VoIP connections. I found a brief run-down on STUN here, with more detail on the relevant Wikipedia page.
I don’t run any VoIP services from my iMac (at least not knowingly). The only app that’d come to mind are maybe some conferencing software I once installed and Skype.
So far, I have not accepted the connections and haven’t discovered any detrimental effects, but I’m wondering what might have been the initial trigger for the connection attempt.
OLD thread; new information.
BAD news for stun servers. I just located this website.
while searching for an answer to whether I should allows some of the STUN NAT TRAVERSAL hits snort is getting. Currently all blocked. After reviewing the website I decided that the odd issue cause when my wife and I are BOTH using our cell providers VoIP service while at home was something we could put up with.
Answered by user238940 on December 17, 2021
STUN (Session Traversal Utilities for NAT) is a mean for a device which sits behind a NAT firewall to learn the public IP address of the Internet connections which is beding natted. I.e. your laptop may have been assigned a "private" IP address as per RFC 1918, for example 192.168.1.123. Any software on your laptop asking the operating system "What is my IP address" will get 192.168.1.123 as an answer, which isn't helpful for applications which try to use protocols that were simply made without NAT in mind.
The NAT unfriendliness of protocols usually kicks in whenever a client connects to a server and is supposed to tell the server its own IP address in order for the server to be able to initiate connections to the client (as opposed to just sending answer packets on the same IP connection; this is handled by NAT routers.
STUN is a means for a client to learn the public IP address of the NAT router through which the connection is natted in order to use that information when registering with a server that wants to call back now or later.
The 95% use case indeed is VoIP telephony, especially SIP.
If you found that the STUN requests originate from the Safari process, it cannot be either Skype or any other conferencing software, as that would typically spawn a separate process.
STUN (and TURN) might be used by Safari for WebRTC connections; though that should only happen while you are using any such sites, i.e. video chats in the browser.
Otherwise - to answer your original question - there is
no reason to allow those connections unless you intentially use any services which need them and
I would want to find out what piece of code (browser plugins?) try and make those connections
It may turn out it's something you just did not think about. But it may also turn out to be something harmful.
Answered by TorstenS on December 17, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP