A security researcher, Samy Kamkar has recently revealed a technique capable enough to bypass firewall protection & access any TCP /UDP services of the victim’s machine.
The technique Network Address Translation (NAT) Slipstreaming provides a way for attackers to victim users with the use of a single link.
The user accessing a malevolent link or a viable link filled with malicious ads causes this.
The technique surpasses any Network Address Translation or firewall security controls in place & gaining control of their TCP/UDP service. How this happens is that whenever the victim visits the malicious link, a gateway is prompted to open any TCP/UDP port on the victim’s machine. This helps in evading all browser-based port restrictions.
What does NAT Slipstreaming require to succeed?
Almost any modern browser can fall victim to this NAT Slipstreaming hacking technique. But there are certain conditions that need to be fulfilled for this hack to succeed. These include:
- The targeted NAT or firewall supports Application Level Gateways (ALG)
- File Transfer Protocol (FTP)
- Technology supportive of multiple-port requiring protocols, etc.
How does Network Address Translation Slipstreaming work?
Kamkar has explained the nuances of this hacking technique in thorough detail in his blog that came out in October. SAT Slipstream makes use of the arbitrary control on TCP & UDP data portion, without any reference to headers like HTTP. The victim’s browser is exploited in conjunction with the ALG tracking mechanism.
This mechanism is built into the Network Address Translation (NAT), routers and firewalls. This happens by changing the internal IP extraction by WebRTC, IP fragmentation discovery, automated remote MTU, TCP packet size massaging, misuse of TURN authentication, boundary control, protocol confusion and more.
By using the NAT Slipstreaming technique, the attacker can gain access to your TCP/UDP packets. This happens when the attacker exploits a certain flaw in your routers ALG implementation process. This helps it bypass any & all NAT protocols. This gives the attacker access to the victim’s TCP/UDP port.
The attacker cons the NAT to believe that it is seeing a legitimate SIP registration. This leads the NAT into opening up the port in the primary victim-sent packet. Thus, the attacker can now easily choose any post & it will be forwarded by the router to forward it to the internal victim.
Kamkar has named these vulnerabilities as security shortcomings & rightfully so. If these shortcomings aren’t dealt with in due time, they can prove harmful to the users. By discovering & patching such techniques at the right time, organizations can stay a step ahead of the attackers & deal with problems before they become substantial or cause too much damage.