NAT Slipstream v2 is firewalls’ worst nightmare

by | January 27, 2021 | Cybersecurity News

An updated slipstream technique spells danger for vulnerable firewalls.

Security researchers at Armis enhanced the old 2020 attack by leveraging protocols that evade port blocks. Previously, the initial attack could have been triggered by a malicious JavaScript code that first found the victim’s computer’s IP address and then tried to initiate a SIP video-conference session. This way, every connected device on the target’s network got exposed to the internet.

Researchers warned last year that protocols like WebRTC TURN could be used for attacks, and they managed to prove it with NAT Slipstream v2.

“The new variant to the NAT Slipstreaming attack is comprised of two primitives, the first explores the H.323 ALG, and the second expands the attack surface of the various NAT ALGs reachable from a browser, by abusing the WebRTC TURN server API via JavaScript,”

Ben Seri and Gregory Vishnepolsky, threat researchers at Armis

On a positive note, researchers disclosed the vulnerability to browser vendors back in November 2020, and most major browsers have been patched.

A demonstration of the attack can be found in the video bellow.

Check the source.


Read More

by Dan Florian

Product owner and co-founder of ATTACK Simulator. Dan likes to code, is passionate about design, and loves running and swimming.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.