TURN over TCP

TURN (Traversal Using Relays around NAT) is a protocol that assists in relaying network traffic to enable communication through NAT and firewalls. It is commonly used in real-time communication applications like VoIP and video conferencing. TURN ensures that data packets can traverse NAT devices and firewalls, which often block direct peer-to-peer connections.

What is TURN over TCP

TURN (Traversal Using Relays around NAT) is a protocol designed to facilitate the traversal of network traffic through NAT (Network Address Translation) and firewalls. It is particularly useful in real-time communication applications such as VoIP (Voice over IP), video conferencing, and online gaming, where direct peer-to-peer connections are often blocked by NAT devices and firewalls.

TURN works by relaying data packets through a server, which acts as an intermediary between the communicating peers. This relaying process allows the data to bypass the restrictions imposed by NAT and firewalls, ensuring that the communication can proceed smoothly. TURN is often used in conjunction with other protocols like STUN (Session Traversal Utilities for NAT) and ICE (Interactive Connectivity Establishment) to provide a comprehensive solution for NAT traversal.

The development of TURN was driven by the need to overcome the limitations of NAT and firewalls in real-time communication scenarios. As more devices and applications rely on the internet for communication, the importance of protocols like TURN has grown. TURN servers are typically deployed by service providers to ensure that their users can establish reliable connections, regardless of the network environment.

TURN over TCP runs on TCP and UDP port 3478 and is official IANA port.

Security risk

If port 3478 is open and the TURN service is running, it could be exploited by attackers to relay malicious traffic, potentially bypassing network security measures. This could lead to unauthorized access, data breaches, or other security incidents. It is essential to secure TURN servers and monitor their usage to mitigate these risks.

In our UFW tutorial you can follow instructions how you can configure UFW to close port 3478. Use StackChanges to monitor if the TURN over TCP port is closed and stays closed. StackChanges will send an alert if port 3478 is open again.