Are slipstream attacks possible through an OpenWRT router with the default configuration?
It seems the NAT slipstream attack was announced the day before yesterday. In short, it is described as an attack on web browsers behind Application-level Gateway (ALG) capable routers. I do not fully understand whether that applies to OpenWRT or not.
What I did learn and understand is that according to Wikipedia, ALG is in netfilter on Linux. Unfortunately I could not detuct the answer to my question from reading OpenWRT's netfilter documentation. Skimming through upstream's netfilter docs gave me the impression protocol specific parts of conntracking should likely end up as separate kernel modules when enabled. Thus my belief is that an attack it is unlikely to succeed unless such modules are loaded.
Would it be safe to assume no slipstream mitigation needs to be taken on OpenWRT when
find /lib/modules -name "*nf_conntrack_*" only returns ipv4, ipv6 and rtcache; i.e. nothing like e.g. ftp, h323 or sip?