[vox] "NAT Pinning"
Bill Kendrick
nbs at sonic.net
Wed Jan 6 17:03:27 PST 2010
Huh, this sounds... interesting:
http://samy.pl/natpin/
"Here is a proof of concept in what I'm calling NAT Pinning ("hacking
gibsons" was already taken). The idea is an attacker lures a victim to
a web page. The web page forces the user's router or firewall,
unbeknownst to them, to port forward any port number back to the
user's machine. If the user had FTP/ssh/etc open but it was blocked
from the router, it can now be forwarded for anyone to access (read:
attack) from the outside world. No XSS or CSRF required."
*shudder*
--
-bill!
Sent from my computer
More information about the vox
mailing list