A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine.
Called NAT Slipstreaming, the method involves sending the target a link to a malicious site (or a legitimate site loaded with malicious ads) that, when visited, ultimately triggers the gateway to open any TCP/UDP port on the victim, thereby circumventing browser-based port restrictions.
The findings were revealed by privacy and security researcher Samy Kamkar over the weekend.
"NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse," Kamkar said in an analysis.
The technique was carried out using a NetGear Nighthawk R7000 router running Linux kernel version 2.6.36.4.
Determining Packet Boundaries
Network address translation (NAT) is the process where a network device, such as a firewall, remaps an IP address space into another by modifying network address information in the IP header of packets while they are in transit.
The main advantage is that it limits the number of public IP addresses used in an organization's internal network and improves security by letting a single public IP address to be shared among multiple systems.
Support the originator by clicking the read the rest link below.
