NAT Slipstreaming attack

NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall just by the victim visiting a website.

You should disable SIP ALG to protect your environment from this attack.

A security researcher, Samy Kamkar, has updated a technique he devised a decade ago to create a browser-based attack that tricks NAT devices and firewalls to provide remote access to hidden internal network services.

Assuming you don’t need it (e.g. for VoIP phones), disable ALG to protect your environment from this attack.

Should I reconfigure my Peplink routers?

At the moment it is not clear if Peplink routers have an inbuilt mechanism to protect LAN clients from this attack.

WE HAVE ASKED THE PEPLINK TEAM FOR COMMENT AND WILL UPDATE THIS POST WHEN WE HAVE MORE INFORMATION.

Peplink supports SIP ALG (Application Layer Gateway) across the entire product family; this feature is enabled by default.

If you want to disable SIP ALG (and you should if you do not need it) , you can select the Compatibility Mode under Network > Service Passthrough Support > SIP in Balance Web Admin.

SIP ALG is disabled in compatibility mode, enabled in standard mode

Do I need  SIP ALG?

SIP ALG was built as a tool when Hosted PBX’s didn’t have a solution to handle NAT traffic.
To this day, some hosted PBX’s still do not handle NAT traffic properly.
SIP ALG solved problems with NAT traffic by inspecting SIP messages and transforming the Private IP addresses and Ports to Public Addresses and Ports.

IF PBX’s do not handle NAT traffic properly you might encounter issues like:

  • One-way or No audio, intermittently or consistently.
  • Outbound or Inbound Call Fails to Connect.
  • Audio cuts out completely while on a call and doesn’t return.

For more information read Samy Kamkar’s Twitter post:

Erik de Bie
Erik de Bie joined Slingshot6 in 2020 after working for Peplink as a Technical Consultant. Over the years he has supported network engineers working for big global brands as well as every shape and size and type of managed service provider, reseller and end user.

More from author

Related posts

Advertisment

Latest posts

It’s all about antennas

In his latest webinar Peter West (West networks) talks all about antennas with Chris Talbert from Mobile Mark, a US based antenna...

Key fundamentals of underground mining and tunnelling communication

Sign up for Poynting Antenna’s webinar to learn more about underground communication systems. The...

When unbreakable connectivity is vital

Richard Koenders, managing director of Frontier BV explains how unbreakable connectivity can be implemented in crucial situations using Peplink equipment.

Want to stay up to date with the latest Peplink news?

Get all the very latest news and regular Peplink SDWAN updates.

Top