ReDAN: An Empirical Study on Remote DoS Attacks against NAT Networks
Xuewei Feng
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Network Security 2
This article delves into "ReDAN: An Empirical Study on Remote DoS Attacks against NAT Networks," a pivotal talk delivered by Xuewei Feng at the NDSS Symposium. The presentation uncovers a series of novel vulnerabilities within **Network Address Translation (NAT)** devices and proposes a sophisticated, low-traffic denial-of-service (DoS) attack that can remotely terminate TCP connections for clients operating behind NAT. The research highlights critical flaws in how real-world NAT implementations handle TCP reset packets and interact with **Path MTU Discovery (PMTUD)** mechanisms, exposing a widespread security risk across various network environments, including Wi-Fi, 4G/5G, IoT, and cloud networks.
AI review
Solid, empirically grounded protocol security research that demonstrates a novel multi-stage attack against NAT infrastructure by chaining a PMTUD side channel with weak TCP RST validation. The 92% real-world vulnerability rate across 180 networks and four CVEs give this genuine weight — this isn't a toy lab result. Minor docking for the fact that IP spoofing as a prerequisite limits real-world attacker population somewhat, and the RST sequence-number weakness has adjacent precedent in BGP RST attacks, but the NAT-specific exploitation path and the PMTUD identification primitive are…