New way to slip past firewalls disclosed
This week, privacy and security researcher Samy Kamkar has disclosed a new hacking technique which allows an attacker to trick Network Address Translation (NAT) devices such as routers / firewalls to provide remote access to services on victim machines not normally accessible via the internet.
What is Network Address Translation (NAT)?
Network Address Translation (NAT) is the process where a network device, such as a firewall, remaps an internal IP (Internet Protocol) address to an external IP address by modifying the network address information in the IP header of packets while they are in transit across a traffic routing device.
How can this be exploited?
The technique, nicknamed NAT Slipstreaming exploits how an affected device’s ALG (Application Level Gateway) handles connection tracking, just by visiting a website (either malicious or legitimate loaded with malicious ads) the exploit will trick the gateway into opening a connection to any TCP / UDP (Transmission Control Protocol / User Datagram Protocol) port on the victim's machine.
How does it work?
NAT Slipstreaming works by taking advantage of how TCP and IP packet segmentation works to create manipulated TCP/UDP packets. By calculating the correct packet sizes the attacker can craft a custom packet that contains no HTTP headers and will be seen by the ALG as a SIP (Session Initiation Protocol) packet. The SIP packet is seen by the ALG as a request to expose an internal port so that it can communicate with another device on the internet.
To read more about the research and technical details behind this technique, visit the original article here.
How Can Secora Consulting Help?
As this hacking technique is newly released, it means there is no one size fits all solution in terms of remediation. It is expected that browser and router vendors will implement additional safeguards to protect against this vulnerability, however, ensuring these safeguards work for your organisation may take specialist expertise.
Partner with us today, our experienced consultants will go the extra mile to ensure your organisation remains secure from vulnerabilities like this one.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.