It seems to exploit behavior of the application layer gateway. That
allows stuff like RTP and FTP which use dynamic ports to operate through
NAT. The script tricks the gateway into forwarding an arbitrary port
number to the target device. Presumably you then attack a vulnerable
service on the target device, or DOS him, or what have you.
He's specifically doing this with a Netgear R7000. It's not clear to me
whether it was a Netgear bug, or a bug in the kernel, or with ALG's in
general.
On 11/1/2020 10:47 AM, Ken Hohhof wrote:
I didn't have time to read all the comments (or the brain cells to digest
them), but there's a discussion here:
https://news.ycombinator.com/item?id=24955891
-----Original Message-----
From: AF <af-boun...@af.afmug.com> On Behalf Of fiber...@mail.com
Sent: Sunday, November 1, 2020 9:23 AM
To: af@af.afmug.com
Subject: Re: [AFMUG] NAT Slipstreaming - or how to attack any internal host
behind NAT
The URL points to the security researcher's writeup on the attack and the
page contains a link to proof of concept source code on github.
Sent: Sunday, November 01, 2020
From: "Robert" <i...@avantwireless.com>
To: af@af.afmug.com
Subject: Re: [AFMUG] NAT Slipstreaming - or how to attack any internal
host behind NAT
Was that site a source of the "evil javascript"?
On 11/1/20 5:39 AM, fiber...@mail.com wrote:
Synopsis: NAT Slipstreaming allows an attacker to remotely access any
TCP/UDP service bound to a victim machine, bypassing the victim's
NAT/firewall (arbitrary firewall pinhole control), just by the victim
visiting a website.
https://samy.pl/slipstream/
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
