![]() "Everything is working as expected it's simply the combination of various protocols and features that can have complex interactions and unintended side-effects when chained together," he said. He added this isn't so much a vulnerability as an unforeseen series of consequences. They're simply doing what they're supposed to." ![]() "Granted, it's not really the browser's fault, and it's not the router's fault. "Broader weaponization just requires some cleanup of the code but the fundamental vulnerability is possible across browsers and routers," he said. However, if the browser won't give up the victim's internal network IP address, he suggested that a web-based TCP timing attack represents an alternative option. Kamkar said his proof-of-concept exploit code works on some routers and some browsers, the latter of which he said are in the process changing the way WebRTC handles local IP determination as a mitigation. Such services could include applications like Dropbox and Spotify, local databases, and various system applications, to name a few possibilities. If the services running on those ports have little or no security, they can be easily commandeered. PoisonTap fools your PC into thinking the whole internet lives in an rPi READ MOREĪ successfully executed attack provides access to any port on the victim's machine. Browsers block JavaScript code from accessing services on certain ports, a limitation this slipstreaming overcomes. The technique is non-obvious, though Kamkar provides technical details and code demonstrating how it operates.įor the attack to work, the victim needs to visit a website containing malicious JavaScript, and be behind a vulnerable Application Level/Layer Gateway (ALG), which acts as an intermediary by intercepting incoming and outgoing packets. This slipstreaming can be exploited by remote miscreants to reach TCP/UDP services on a victim's PC that normally would not be accessible to outsiders. ![]() It allows a remote attacker to punch through gateway and browser defenses to access services running on computers within a network, depending on the victim's configuration.Īs the name suggests, NAT Slipstreaming abuses Network Address Translation (NAT), used by routers and firewalls to thread connections between systems on a local network and the outside world. Coinciding with Halloween over the weekend, security researcher Samy Kamkar published details of a spooky firewall-busting technique he calls NAT Slipstreaming.
0 Comments
Leave a Reply. |