Reply to post: What's this? I know, I'll plug it in...

We did NAT see that coming: How malicious JavaScript can open holes in your firewall for miscreants to slip through

Notas Badoff

What's this? I know, I'll plug it in...

"The third chunk is designed so that it appears to contain a SIP packet used to initiate video-conferencing sessions and the like. This is parsed by the ALG, which is fooled into thinking a SIP session is starting, and opens an external port that's routed through to the victim's PC."

So this is the ALG (Application Level/Layer Gateway) picking up a 'lost' thumb drive in the parking lot and plugging it in to a USB port to see what's on it? Who knew that was a bad idea...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021