Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service

November 3, 2020
in Internet Privacy
New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine.

Called NAT Slipstreaming, the method involves sending the target a link to a malicious site (or a legitimate site loaded with malicious ads) that, when visited, ultimately triggers the gateway to open any TCP/UDP port on the victim, thereby circumventing browser-based port restrictions.

You might also like

BRATA Malware Poses as Android Security Scanners on Google Play Store

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

What Does It Take To Be a Cybersecurity Researcher?

The findings were revealed by privacy and security researcher Samy Kamkar over the weekend.

“NAT Slipstreaming exploits the user’s browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse,” Kamkar said in an analysis.

The technique was carried out using a NetGear Nighthawk R7000 router running Linux kernel version 2.6.36.4.

Determining Packet Boundaries

Network address translation (NAT) is the process where a network device, such as a firewall, remaps an IP address space into another by modifying network address information in the IP header of packets while they are in transit.

The main advantage is that it limits the number of public IP addresses used in an organization’s internal network and improves security by letting a single public IP address to be shared among multiple systems.

NAT Slipstreaming works by taking advantage of TCP and IP packet segmentation to remotely adjust the packet boundaries and using it to create a TCP/UDP packet starting with a SIP method such as REGISTER or INVITE.

firewall bypass

SIP (short for Session Initiation Protocol) is a communications protocol used for initiating, maintaining, and terminating real-time multimedia sessions for voice, video, and messaging applications.

In other words, a mix of packet segmentation and smuggling SIP requests in HTTP can be used to trick the NAT ALG into opening arbitrary ports for inbound connections to the client.

To achieve this, a large HTTP POST request is sent with an ID and a hidden web form that points to an attack server running a packet sniffer, which is used to capture the MTU size, data packet size, TCP and IP header sizes, among others, and subsequently transmitting the size data back to the victim client over a separate POST message.

What’s more, it also abuses an authentication function in TURN (Traversal Using Relays around NAT) — a protocol that’s used in conjunction with NATs to relay media from any peer to another client in the network — to carry out a packet overflow and cause IP packets to fragment.

The idea, in a nutshell, is to overflow a TCP or UDP packet by padding (with “^” characters) and force it to split into two so that the SIP data packet is at the very start of the second packet boundary.

Connect to TCP/UDP via Packet Alteration

In the next stage, the victim’s internal IP address is extracted using WebRTC ICE on modern browsers such as Chrome or Firefox or by executing a timing attack on common gateways (192.168.*.1, 10.0.0.1, and local networks).

“Once the client gets the packet sizes and internal IP address, it constructs a specially crafted web form that pads the POST data up until we believe the packet will become fragmented, at which point our SIP REGISTER containing internal IP address is appended,” Kamkar noted. “The form is submitted via Javascript with no consent from the victim.”

Just as the packets reach the attack server and it’s determined that the SIP packet isn’t rewritten with the public IP address, an automatic message is sent back to the client, asking it to adjust its packet size to a new boundary based on the data previously gleaned from the sniffer.

Armed with the right packet boundary, the NAT is deceived into thinking, “this is a legitimate SIP registration and from a SIP client on the victim’s machine,” eventually causing the NAT to open up the port in the original packet sent by the victim.

“The router will now forward any port the attacker chooses back to the internal victim, all from simply browsing to a website,” Kamkar said.

The whole proof-of-concept code for NAT Slipstreaming can be found here.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Machine learning that predicts anti-cancer drug efficacy

Next Post

How Barnes & Noble is coping with COVID

Related Posts

BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
What Does It Take To Be a Cybersecurity Researcher?
Internet Privacy

What Does It Take To Be a Cybersecurity Researcher?

April 12, 2021
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
Internet Privacy

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

April 12, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
Next Post
How Barnes & Noble is coping with COVID

How Barnes & Noble is coping with COVID

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning Approach In Fantasy Sports: Cricket
Machine Learning

Machine Learning Approach In Fantasy Sports: Cricket

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
ANZ Bank: We’ve been using machine learning for 20 years
Machine Learning

ANZ Bank: We’ve been using machine learning for 20 years

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning Approach In Fantasy Sports: Cricket April 13, 2021
  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021
  • BRATA Malware Poses as Android Security Scanners on Google Play Store April 13, 2021
  • 6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates