STUN

STUN (Session Traversal Utilities for NAT) is a protocol that assists devices behind a NAT or firewall in discovering their public IP address and port. This is crucial for enabling peer-to-peer communication in applications like VoIP and video conferencing. STUN operates on port 3478 and is often used in conjunction with other protocols like ICE and TURN.

What is STUN

STUN, or Session Traversal Utilities for NAT, is a protocol designed to help devices behind a Network Address Translator (NAT) or firewall discover their public IP address and port. This is essential for enabling peer-to-peer communication, which is commonly used in applications such as Voice over IP (VoIP), video conferencing, and online gaming.

STUN works by sending a request from the client to a STUN server, which then responds with the public IP address and port. This information allows the client to establish a direct connection with another peer, bypassing the NAT or firewall restrictions. STUN is often used in conjunction with other protocols like ICE (Interactive Connectivity Establishment) and TURN (Traversal Using Relays around NAT) to enhance connectivity and reliability.

The protocol was standardized by the IETF and is widely implemented in various communication services. Its primary advantage is its simplicity and efficiency in enabling NAT traversal, making it a popular choice for real-time communication applications. However, it has limitations in certain NAT scenarios, which is why it is often paired with more robust solutions like TURN.

STUN runs on TCP and UDP port 3478 and is official IANA port.

Security risk

If port 3478 is open and the STUN service is running, it could potentially expose the network to unauthorized access attempts. Attackers could exploit this to discover internal network details, which could be used for further attacks. Proper firewall rules and monitoring are essential to mitigate these risks.

In our UFW tutorial you can follow instructions how you can configure UFW to close port 3478. Use StackChanges to monitor if the STUN port is closed and stays closed. StackChanges will send an alert if port 3478 is open again.