Re: [AFMUG] NAT Slipstreaming - or how to attack any internal host behind NAT

Mon, 02 Nov 2020 06:23:28 -0800 

Wouldn’t there be a short window of opportunity like 5 or 10 minutes before the 
TCP connection ages out in the NAT connections table?  Or does this also rely 
on a flaw in some ALG?

 

I worry more about UPnP which can program permanent port forwards in the 
router.  There are even flawed routers that expose UPnP on the WAN side.

 

 

From: AF <af-boun...@af.afmug.com> On Behalf Of Steven Kenney
Sent: Monday, November 2, 2020 8:03 AM
To: af <af@af.afmug.com>
Subject: Re: [AFMUG] NAT Slipstreaming - or how to attack any internal host 
behind NAT

 

I wondered when someone would exploit this.  I knew the possibility existed 
because most firewalls and nat base their packet forwarding on the origin.  If 
it is a new connection and it wasn't established internally it drops it.  So 
when we establish a connection outside we open an arbitrary source port and the 
router holds this port open.   This is where the clever javascript comes into 
play where the browser can be exploited and malformed packets can do their 
little dance.  

 

Quite a cool concept actually.  

 


 <https://www.wavedirect.net/> 

 <https://www.facebook.com/ruralhighspeed>    
<https://www.instagram.com/wave.direct/>    
<https://www.linkedin.com/company/wavedirect-telecommunication/>    
<https://twitter.com/wavedirect1>    <https://www.youtube.com/user/WaveDirect>  

STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org <mailto:st...@wavedirect.org>  | P: 519-737-9283
W: www.wavedirect.net <http://www.wavedirect.net> 

 

  _____  

From: fiber...@mail.com <mailto:fiber...@mail.com> 
To: "af" <af@af.afmug.com <mailto:af@af.afmug.com> >
Sent: Sunday, November 1, 2020 8:39:30 AM
Subject: [AFMUG] NAT Slipstreaming - or how to attack any internal host behind 
NAT

 

Synopsis: NAT Slipstreaming allows an attacker to remotely access any TCP/UDP 
service bound to a victim machine, bypassing the victim's NAT/firewall 
(arbitrary firewall pinhole control), just by the victim visiting a website.

https://samy.pl/slipstream/


-- 
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com> 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Reply via email to