Security News > 2020 > November > NAT Slipstreaming: Visiting Malicious Site Can Expose Local Network Services to Remote Attacks
A newly identified attack method can bypass Network Address Translation and firewalls, allowing the attacker to remotely access TCP/UDP services on the victim's internal network, security researcher Samy Kamkar explains.
According to the researcher, the attack chains "Internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse."
Kamkar says, starts with the victim visiting a malicious website or being served a malicious ad and continues with the victim's internal IP address being extracted and sent to the server.
Once the packet is in the expected boundary, the NAT is tricked that the SIP registration is legitimate and coming from a SIP client on the victim's machine.
The SIP response from the server is hidden within an HTTP response to ensure it doesn't trigger browser protections, deceiving the NAT into opening the port in the original packet sent by the victim, and tricking the router into forwarding the attacker-defined ports back to the internal victim.