udp/tcp nat hole punching

Hi All,

Has anybody experience on detecting nat hole punching methods ?

It is used by several chat programs that use stun or could be used to
intrude.

The purpose is creating a peer to peer connection thrue multiple NAT
firewalls.

It produces lots off connections with connection_state S0 and history S,
e.g. syn

only packets.

This rfc explains https://tools.ietf.org/html/rfc5128.