NAT Slipstreaming Attack on Firewalls and NAT routers

16th February 2021

An attack has been demonstrated on Firewalls that have an H323 VoIP helper to trick it into connecting to any TCP port and not just the ports used by VoIP.

Fortinet support says the H323 helper can be disabled thusly

My current question to Fortigate support is if a firewall rule can filter connections to TCP1720 to only allow your VoIP provider OR if that will essentially disable VoIP due to its peer-to-peer nature.

More into here https://portswigger.net/daily-swig/nat-slipstreaming-hack-tricks-firewalls-and-routers