NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall just by the victim visiting a website.
You should disable SIP ALG to protect your environment from this attack.
A security researcher, Samy Kamkar, has updated a technique he devised a decade ago to create a browser-based attack that tricks NAT devices and firewalls to provide remote access to hidden internal network services.
Assuming you don’t need it (e.g. for VoIP phones), disable ALG to protect your environment from this attack.
Should I reconfigure my Peplink routers?
At the moment it is not clear if Peplink routers have an inbuilt mechanism to protect LAN clients from this attack.
WE HAVE ASKED THE PEPLINK TEAM FOR COMMENT AND WILL UPDATE THIS POST WHEN WE HAVE MORE INFORMATION.
Peplink supports SIP ALG (Application Layer Gateway) across the entire product family; this feature is enabled by default.
If you want to disable SIP ALG (and you should if you do not need it) , you can select the Compatibility Mode under Network > Service Passthrough Support > SIP in Balance Web Admin.
SIP ALG is disabled in compatibility mode, enabled in standard mode
Do I need SIP ALG?
SIP ALG was built as a tool when Hosted PBX’s didn’t have a solution to handle NAT traffic.
To this day, some hosted PBX’s still do not handle NAT traffic properly.
SIP ALG solved problems with NAT traffic by inspecting SIP messages and transforming the Private IP addresses and Ports to Public Addresses and Ports.
IF PBX’s do not handle NAT traffic properly you might encounter issues like:
- One-way or No audio, intermittently or consistently.
- Outbound or Inbound Call Fails to Connect.
- Audio cuts out completely while on a call and doesn’t return.
For more information read Samy Kamkar’s Twitter post:
