NAT Slipstream attack has been found recently and they would be a new method that makes uses the Network Address Translation(NAT) and firewalls which the attacker will take advantages of remote access to the service on the victim’s device that unreachable by the internet connection.


Credit: Samy Kamkar website

Let take a step backwards and learn on what is NAT that resides within the device. NAT is implemented in the device where it will be used to share a single public internet protocol address on multiple systems that will connect to an internal network (Normally it unreachable from the outside world)

Normally, NAT can be considered twice harder for the attacker to exploit any vulnerable system within the internal networks. However, it would be possible to vulnerable using this NAT Slipstream method which it will exploit via protected or hidden service.

Another way to exploit this, the attacker will exploit the NAT via WebRTC like Apple’s Safari and Microsoft Internet Explorer 11 which the browser doesn’t expose any IP address. This can be performed by mapping to the internal network of the victim.

While waiting for a proper patch and workaround for the attack, the only way to prevent Remote NAT Slipstream attack would be the device need to disable ALG on the internal network. This recommendation would be prevent the attack to establish malicious two-way communications within the internal network

Reference: NAT Slipstreaming (Samy Kamkar)

By Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *