Security is becoming a more and more important issue in communication networks. Accordingly, more and more computers are secured by a firewall. A firewall controls, for instance, the operation of computer ports and filters the information coming through the Internet connection into the computer. When a so-called stateful inspection is used in a firewall, the contents of each data packet is not examined but instead the firewall compares certain key parts of the data packet to a database of trusted information. Outbound information is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through the firewall; otherwise it is discarded.
Even though firewalls improve the security of communication networks, they simultaneously pose more difficulties in establishing a direct connection between two end-user hosts, because nowadays more often computers of both end-users are protected by a firewall. Thus, the parties cannot establish, for instance, a direct TCP connection between each other, since this would currently require that at least one of the hosts of the parties must not have a firewall, whereby the firewalled host may set up connections to the non-firewalled host.
Another solution would be using application-aware firewalls, which has the disadvantage that the configuration of the firewall becomes more complicated since the firewall needs to be aware of all possible applications. A further solution would be using a control protocol, like UPnP (Universal Plug and Play), for controlling the operation of both the firewalls and the host computers. However, a control protocol increases the complexity of the implementation and vulnerability to errors as well. Furthermore, it is typically required that both end-user hosts and their firewalls support the control protocol.
WO02/071717 discloses a method for traversing firewalls, wherein an each end-user communicates to a server proxy and opens a TCP channel. The proxy, in turn, communicates to each party the other parties source address and TCP port. Then the parties start to send packets directly to each other using the source address and port of the proxy, while the proxy is only used for maintaining the TCP state in order to spoof the firewalls. However, the solution of WO02/071717 is not very viable, since most of the network operators have an anti-spoofing setting in their networks, preventing the use of the above-described method. Accordingly, there is a need for an alternative method for traversing firewalls.