Security News > 2020 > November > New Slipstream NAT bypass attacks to be blocked by browsers

New Slipstream NAT bypass attacks to be blocked by browsers
2020-11-09 16:09

Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim's NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices.

To expose hosted services, the attack abuses certain NAT devices scanning port 5060 to create port forwarding rules when detecting maliciously-crafted HTTP requests camouflaged as valid SIP requests.

"This attack takes advantage of arbitrary control of the data portion of some TCP and UDP packets without including HTTP or other headers; the attack performs this new packet injection technique across all major modern browsers, and is a modernized version to my original NAT Pinning technique from 2010. Additionally, new techniques for local IP address discovery are included," Kamkar explained.

"As a workaround for the 'Slipstream' NAT bypass attack, we will be blocking HTTP and HTTPS connections to the SIP ports 5060 and 5061," Chromium developer Adam Rice says.

At the moment, development teams behind Firefox, Safari, and Blink have expressed their intent in implementing the mitigation needed to block NAT Slipstreaming attacks.


News URL

https://www.bleepingcomputer.com/news/security/new-slipstream-nat-bypass-attacks-to-be-blocked-by-browsers/