NAT Slipstream allows an attacker outside the firewall to remotely access any TCP or UDP services running on a local machine, behind a NAT firewall, simply by tricking the victim into visiting a malicious website.

Yes, you read that correctly- by using the NAT Slipstream attack, an attacker is able to send arbitrary traffic to any open TCP/IP port on your PC simply by getting you to run Javascript in your browser, for example by visiting a website serving a malicious advert controlled by the attacker.  By using this technique, the attacker is able to open any port on your NAT router and map it to their choice of port on your local PC – and then send traffic over that link.

To understand how this is possible, we first need to understand how NAT routers work.

How do NAT routers work?

NAT stands for Network Address Translation, which is a mechanism for mapping between two different ranges of IP addresses – such as those on the public internet and those on a private network in your office.  The NAT function is provided by a router or firewall that sits on the perimeter of the network and it protects the private network by blocking, by default, all unexpected incoming traffic.  The NAT router modifies the TCP/IP packets as they pass through the router so that all traffic appears to originate from the router itself when it is forwarded onto the Internet.  When a response is received to a transmitted request, the NAT router maps the response back to the original internal TCP/IP address and port that made the request and forwards it to that  device on the internal network.

For some protocols, such as FTP, SIP or IRC – there are two ports open – one outbound and one inbound. This presents a problem for the NAT router as incoming traffic is blocked because the router has no idea which internal IP address and port the incoming data should be forwarded to.  This problem is solved with the Application Layer Gateway (ALG) which is a logical function added to all NAT routers.

The ALG monitors outbound traffic and when it spots an attempt to establish a connection using a protocol that requires an inbound port as well, it adjust the contents of the TCP/IP request header so that the remote server makes the connection back to the IP address of NAT router itself.  When this expected incoming connection is then received, the NAT router can forward the traffic to the IP address and port on the internal network that made the original request.  This occurs automatically and transparently to both ends of the communication.

NAT Slipstream works by abusing the ALG to trick it into opening ports and mapping them to internal IP addresses and ports which the external attacker can then use to target that device.

How does NAT Slipstream work?

The NAT Slipstream attack uses Javascript running in the browser of the target machine to send specially crafted HTTP requests which trick the Application Layer Gateway to open a firewall port and map it back to the target device.  It does this by crafting a fake SIP request as if a VOIP session were being started and the ALG opens a port on the NAT router and maps it back to the source device in order to complete the incoming VOIP call.  However, the open port is then abused by the attacker to send arbitrary network traffic to the victim device – potentially targeting other vulnerabilities in order to secure a foothold on that device and so breach the network.

A web browser is designed to open HTTP(S) ports and send HTTP(S) packets.  In order to trick it into sending a valid SIP request, a specially crafted large HTTP request is created which is so large it will be segmented into several packets before transmission.  The SIP request is embedded within the data body of the HTTP request. By noticing where the packet boundaries fall, the HTTP data can be constructed so that one of the segmented packets starts exactly with the SIP request.  The ALG code is not smart enough to realise the SIP request is actually a part of a larger segmented HTTP message – it simply sees a packet which starts with a byte-stream that matches what it is looking for and processes it accordingly as an outbound SIP request.

The malicious Javascript that is doing all this work is loaded into the victims browser simply by visiting a specially crafted webpage or even through a malicious advert served on an otherwise trusted site.

For now, the NAT Slipstream attacks works across almost all NAT routers that support SIP (and almost all do) and all modern web browsers.

In order to prevent widespread exploitation of this technique, the browser vendors have indicated they will add the well-known SIP ports 5060 and 5061 to the browsers restricted list – this will stop JavaScript being able to initiate any HTTP or HTTPS connections using those port numbers.  This could, however, have some unintended consequences as any test web applications that happen to be published to those port numbers (for example https://testapp.com:5061) will suddenly become inaccessible as the browsers roll out the change to the restricted port list.

The NAT Slipstream technique was developed by security researcher Samy Kamkar who summarises it like this in his detailed GitHub project documentation:

Once the SIP packet lands on the packet boundary, the NAT will be deceived, believing this is a legitimate SIP registration and from a SIP client on the victim’s machine. Once our server responds with a proper SIP response (nested inside of a proper HTTP response to allow the browser to not detect anything fishy), the NAT will open up the port in the original packet we had the victim send and the router will now forward any port the attacker chooses back to the internal victim, all from simply browsing to a website.