Security News > 2020 > November > New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service

"NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse," Kamkar said in an analysis.

NAT Slipstreaming works by taking advantage of TCP and IP packet segmentation to remotely adjust the packet boundaries and using it to create a TCP/UDP packet starting with a SIP method such as REGISTER or INVITE. SIP is a communications protocol used for initiating, maintaining, and terminating real-time multimedia sessions for voice, video, and messaging applications.

The idea, in a nutshell, is to overflow a TCP or UDP packet by padding and force it to split into two so that the SIP data packet is at the very start of the second packet boundary.

Just as the packets reach the attack server and it's determined that the SIP packet isn't rewritten with the public IP address, an automatic message is sent back to the client, asking it to adjust its packet size to a new boundary based on the data previously gleaned from the sniffer.

Armed with the right packet boundary, the NAT is deceived into thinking, "This is a legitimate SIP registration and from a SIP client on the victim's machine," eventually causing the NAT to open up the port in the original packet sent by the victim.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/P8N5EKhmrZs/new-natfirewall-bypass-attack-lets.html