Friday, July 23, 2021

Google Chrome blocks eight ports against new NAT Slipstreaming attack

Must Read

Cyberattack on the US govt may have started earlier than initially thought

The unprecedented cyber attack on U.S. government bureaus reported that this month might have begun sooner than last spring...

Botnets have been Silently mass-scanning the Web for unsecured ENV Documents

Threat Actors are searching for API tokens, passwords, and database logins generally stored in ENV documents. Drawing little focus on...

Centreon says only 15 organizations have been targeted in Russia’s latest hacking spree

Today, French software company Centreon said that none of its paid customers were victims of a years-long hacking campaign...

Following the discovery of the NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on ports 69, 137, 161, 1719, 1720, 1723, 6566, and 10080.

Google has blocked eight ports within the Chrome web browser to stop a new version of the attack called NAT Slipstreaming, the company’s engineers announced today.

The initial attack on NAT Slipstreaming was first disclosed on October 31, 2020, by Samy Kamkar, a well-known security detective.

This attack has been used to lure users to a malicious website where the JavaScript code will directly connect the victim’s device, exceeding the protections provided by firefighters and address translation tables (NAT).

An attacker can abuse this connection on the user’s system to launch an attack on devices that are available on the victim’s internal network.

The first type of NAT Slipstreaming attack violated the Session Initiation Protocol (SIP) protocol to establish this pinhole connection to devices in internal networks through ports 5060 and 5061.

Two weeks after the attack went public, Google responded to Kamkar’s discovery by blocking the two Channel 87 ports to prevent attackers from abusing the method, which the browser maker saw as a serious threat and easy to abuse.

Apple and Mozilla also sent similar blocks within Safari and Firefox weeks later.

But earlier this week, security researchers from the IoT security company announced that they were working with Kamkar to escalate the initial attacks with a new version they named NAT Slipstreaming 2.0.

This new version replaces SIP and hogs in the H.323 multimedia protocol to open similar channels within internal networks and bypassing logs and tables in NAT.

Google Chrome blocks eight ports against new NAT Slipstreaming attack
Image:Samy Kamkar

Armis investigators said the 2.0 variant of NAT Slipstreaming attacks was as powerful as ever and would allow the same phase of online-based attacks on devices commonly found only on internal LANs.

Ports 69, 137, 161, 1719, 1720, 1723, 6566, 10080 TO BE BLOCKED For Prevention

Earlier today, Google said it would block communications with port 1720, which uses the H.323 protocol, but seven other ports believed it could be similarly affected by similar NAT Slipstreaming attacks.

The other seven ports were 69, 137, 161, 1719, 1723, 6566, and 10080.

Any HTTP, HTTPS, or FTP connection through these ports will now fail, Google said today.

According to the Chrome feature status report, the block is already available to any user using the Chrome version 87.0.4280.117 and beyond.

It looks like updating the block list is done on a server case without bringing a separate Chrome update to end-users.

The Firefox and Microsoft Edge browsers also used NAT Slipstreaming 2.0 attack fixes as well. The Firefox version was shipped to Firefox 85 earlier this week as CVE-2021-23961, while Edge fixes are being exported as CVE-2020-16043 fixes.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This