-
slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting a website
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
> Use a SIP Application Layer Gateway. This is a horrible feature offered by some routers. Basically, it deep-packet-inspects your SIP traffic, rewrites the headers, and creates port forwards on-the-fly to make sure the inbound audio stream makes its way to your device. SIP ALGs are a total hack and notoriously buggy.
Yes, these hacky ALG features also allowed internet users to access internal IPs on arbitrary services (!); named “remote arbitrary firewall pinhole control”. The attack was published in 2020 and named NAT slipstreaming [1].
[1] https://samy.pl/slipstream/
Which clients do you use? And how do you connect to a SIP trunk / DID without Asterisk?
I use WebRTC with Asterisk, and Browser Phone for the client (https://github.com/InnovateAsterisk/Browser-Phone). I don't use it much, but good enough for the rare times I have to use the phone.