[vox] "NAT Pinning"

Bill Kendrick nbs at sonic.net
Wed Jan 6 17:03:27 PST 2010


Huh, this sounds... interesting:

  http://samy.pl/natpin/

"Here is a proof of concept in what I'm calling NAT Pinning ("hacking
gibsons" was already taken). The idea is an attacker lures a victim to
a web page. The web page forces the user's router or firewall,
unbeknownst to them, to port forward any port number back to the
user's machine. If the user had FTP/ssh/etc open but it was blocked
from the router, it can now be forwarded for anyone to access (read:
attack) from the outside world. No XSS or CSRF required."


*shudder*

-- 
-bill!
Sent from my computer


More information about the vox mailing list