Slipstreaming : NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services

From kalilinuxtutorials.com

Slipstreaming : NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services

NAT Slipstreaming exploits the user’s browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse. As it’s the NAT or firewall that opens the destination port, this bypasses any browser-based port restrictions.

Read more…