Symptoms
Cause
The attack involves several vectors - Local IP disclosure, max MTU (UDP and TCP) calculation and leveraging a SIP parser weakness in fragmented HTTP packets which enables to βSlipstreamβ a legitimate SIP connection in an HTTP POST request generated by the victimβs browser.
The full description of the attack can be read at: <https://samy.pl/slipstream/>
Solution
Check Point Security Gateways (as well as the rest of Check Point products) are not vulnerable to the NAT Slipstreaming attack.
Check Point gateways handle the traffic as a whole and therefore this would result with an invalid SIP packet. This, of course, we block as we expect a specific format that does not apply to this injection technique.
You can use Check Point IPS protection to protect vulnerable NAT devices behind Check Point Security Gateway.