Hundreds of thousands of routers, firewalls and gateways used by small offices and homes are said to be vulnerable to hijacking due to bungled NAT settings.
The networking devices are, we're told, commonly misconfigured to allow remote attackers to reprogram how network traffic flows to PCs, servers, tablets and other machines.
The at-risk hardware acts as a gateway between a local network and the wider internet, and uses NAT-PMP (Network Address Translation Port Mapping Protocol) to configure how traffic from the outside world reaches machines on the LAN. For example, a computer on the local network can send a NAT-PMP request to map HTTP traffic from the internet to a web server on the LAN.
But it turns out these gateways typically accept NAT-PMP commands from the public internet as well, without authentication, due to configuration blunders.
This allows miscreants to redirect packets passing through the NAT device to their eavesdropping systems, as well as opening up public access to internal hosts and services on the private side of the NAT device, and so on.
These findings are according to security biz Rapid7, which says it's found 1.2 million publicly accessible devices that have insecure NAT-PMP settings. There's no solid evidence that these are being widely exploited.
Even so, action needs to be taken by the gateways' owners sooner rather than later – not least because exploitation only requires only a "basic knowledge of the protocol," according to Rapid7.
Anyone who has a NAT-PMP-capable device on their network should ensure that all NAT-PMP traffic is "prohibited on untrusted network interfaces/" ISPs also have a responsibility in supplying kit that is free from NAT-PMP flaws, added Rapid7 – which is best known for the Metasploit penetration testing tool.
Jon Hart, a senior security researcher at Rapid7, has put together a blog, complete with diagrams and code snippets, explaining the issue in more depth, here. ®