Saturday, October 16, 2021

Google Chrome blocks eight ports against new NAT Slipstreaming attack

Must Read

Singapore will soon roll out new tools to strengthen government IT systems

Singapore will soon roll out tools and measures to connect the many "IT vulnerabilities" highlighted in the report, including...

Smart Doorbells Are Open to Various Security Flaws

A consumer rights group has discovered security vulnerabilities from 11 popular smart doorbell products on just two of the...

Months after cyber-attack, Stolen Data from London Council Published Online By hackers

The Information that was stolen has been published on the darknet.Sensitive data stolen from Hackney Council in the UK...

Following the discovery of the NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on ports 69, 137, 161, 1719, 1720, 1723, 6566, and 10080.

Google has blocked eight ports within the Chrome web browser to stop a new version of the attack called NAT Slipstreaming, the company’s engineers announced today.

The initial attack on NAT Slipstreaming was first disclosed on October 31, 2020, by Samy Kamkar, a well-known security detective.

This attack has been used to lure users to a malicious website where the JavaScript code will directly connect the victim’s device, exceeding the protections provided by firefighters and address translation tables (NAT).

An attacker can abuse this connection on the user’s system to launch an attack on devices that are available on the victim’s internal network.

The first type of NAT Slipstreaming attack violated the Session Initiation Protocol (SIP) protocol to establish this pinhole connection to devices in internal networks through ports 5060 and 5061.

Two weeks after the attack went public, Google responded to Kamkar’s discovery by blocking the two Channel 87 ports to prevent attackers from abusing the method, which the browser maker saw as a serious threat and easy to abuse.

Apple and Mozilla also sent similar blocks within Safari and Firefox weeks later.

But earlier this week, security researchers from the IoT security company announced that they were working with Kamkar to escalate the initial attacks with a new version they named NAT Slipstreaming 2.0.

This new version replaces SIP and hogs in the H.323 multimedia protocol to open similar channels within internal networks and bypassing logs and tables in NAT.

Google Chrome blocks eight ports against new NAT Slipstreaming attack
Image:Samy Kamkar

Armis investigators said the 2.0 variant of NAT Slipstreaming attacks was as powerful as ever and would allow the same phase of online-based attacks on devices commonly found only on internal LANs.

Ports 69, 137, 161, 1719, 1720, 1723, 6566, 10080 TO BE BLOCKED For Prevention

Earlier today, Google said it would block communications with port 1720, which uses the H.323 protocol, but seven other ports believed it could be similarly affected by similar NAT Slipstreaming attacks.

The other seven ports were 69, 137, 161, 1719, 1723, 6566, and 10080.

Any HTTP, HTTPS, or FTP connection through these ports will now fail, Google said today.

According to the Chrome feature status report, the block is already available to any user using the Chrome version 87.0.4280.117 and beyond.

It looks like updating the block list is done on a server case without bringing a separate Chrome update to end-users.

The Firefox and Microsoft Edge browsers also used NAT Slipstreaming 2.0 attack fixes as well. The Firefox version was shipped to Firefox 85 earlier this week as CVE-2021-23961, while Edge fixes are being exported as CVE-2020-16043 fixes.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This