Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New NAT Slipstream attack vector

    Scheduled Pinned Locked Moved NAT
    7 Posts 4 Posters 981 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • aaronsshA
      aaronssh
      last edited by aaronssh

      Does anyone know if pfSense is vulnerable to this type of attack? In their example they attacked a linux based router but it seems general enough that FreeBSD might be affected too.

      https://samy.pl/slipstream/
      

      It was released just a few days ago on Oct 31.

      1 Reply Last reply Reply Quote 0
      • M
        Myster_fr
        last edited by

        Hi,

        Can you share more info about this attack ? (CVE, etc. ) ?

        Thanks

        1 Reply Last reply Reply Quote 0
        • aaronsshA
          aaronssh
          last edited by

          The only info that I have is at the URL in my original post. It is HIGHLY detailed and informative. I do not know if it has been assigned a CVE yet.

          1 Reply Last reply Reply Quote 0
          • M
            Myster_fr
            last edited by

            I started reading it.
            Sounds more like (one more) WebRTC issue than actually pure NAT problem.
            I'll keep reading. šŸ˜‰

            1 Reply Last reply Reply Quote 0
            • bingo600B
              bingo600
              last edited by

              Note the mentioning of ALG's

              Afaik std pfSense doesn't use them.
              Well you could install a few (FTP springs to mind)

              I'll be following this one

              /Bingo

              If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

              pfSense+ 23.05.1 (ZFS)

              QOTOM-Q355G4 Quad Lan.
              CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

              1 Reply Last reply Reply Quote 2
              • bingo600B
                bingo600
                last edited by bingo600

                I would expect someone from Netgate to comment soon.
                But this is "Hot off the press" , they might have to look at the github stuff first.

                /Bingo

                If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                pfSense+ 23.05.1 (ZFS)

                QOTOM-Q355G4 Quad Lan.
                CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Seems to only affect things with ALGs, and pfSense doesn't really have any ALGs except for the FTP proxy and siproxd but those are more like proxies than ALGs.

                  Too soon to tell 100% but likely irrelevant to pfSense. If you're worried, remove the FTP Proxy/siproxd which you probably don't need anyhow.

                  Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 2
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.