Last year's slipstream technique revived to pierce vulnerable firewalls – browsers patched to thwart bypass attempts
Share
Copy
Video Ben Seri and Gregory Vishnepolsky, threat researchers at Armis, have found a way to expand upon the NAT Slipstream attack disclosed last year by Samy Kamkar, CSO of Openpath Security.
The original NAT Slipstream potentially allowed a miscreant to access any TCP/UDP service tied to a victim's machine by bypassing the victim's NAT (Network Address Translation) and firewall defenses. It can be triggered via JavaScript code on a malicious website.
NAT Slipstream v2 takes the technique further by allowing a hacker to penetrate a vulnerable NAT/firewall and reach any internal IP on the network, rather than just the IP address of the victim's device.