Many computer hosts are connected within a local network to certain entry points to that local network, such as a network address translation (NAT) device or a firewall application or device positioned at an “edge” of the local network. Certain edge traversal technologies have emerged to allow legitimate unsolicited inbound traffic to traverse such edge entities. One particular implementation of such technology is an edge traversal service designed to send UDP (uniform data packet) “bubbles” from the host to artificially maintain address mapping states on edge devices in order to allow the unsolicited UDP traffic to traverse back through said edge devices. Without the bubbles, the address mapping state on the edge device may time out or close, thereby disabling the edge traversal feature until the mapping state is reinitialized or re-opened at some later point in time. Note that the host is generally unable to receive unsolicited external traffic when the edge traversal feature is disabled. In summary, an edge traversal service allows a host to receive unsolicited, inbound traffic through its local network edge.
In one implementation, UDP bubbles are transmitted from a host in the local network to maintain an open state on one or more edge devices. However, the UDP bubbles sent from such hosts inside the local network act as beacons that notify both legitimate and illegitimate entities outside the local network of the host's existence, and importantly, of the host's ability to received unsolicited traffic, even when no application or service in the host is actively accepting unsolicited traffic. As such, the UDP bubbles can expose the host, and therefore the local network, to undesirable security risks, even when the host is not actively accepting unsolicited traffic. Furthermore, the bubbles can also create unnecessary traffic on a network and present privacy concerns.