DNS rebinding: prevention?
Mordechai T. Abzug
morty+bind at frakir.org
Wed Aug 8 18:00:24 UTC 2007
On Wed, Aug 08, 2007 at 11:56:12AM -0500, Pete Ehlke wrote:
> And every decent security roadmap ever written tells you to use IP
> addresses for libwrap/ssh/allow-from/etc for precisely this reason:
> using DNS as an identity service is inherently insecure.
Every good security document tells you not to trust IP auth, either.
We're all supposed to use strong crypto (i.e. RSA keys for SSH, SSL
client certs for SSL/TLS) and/or two-factor auth instead. Which is
idealistic, but doesn't relfect the real-world reality of a whole lot
of named-based (and IP-based) auth that isn't going anywhere.
I can't change the apps on the network, I can just try to make the
network as secure as possible.
There are apps on many large networks that are horrifically insecure,
but they meet a critical business need, and hey, "we have a firewall",
so someone high up signs off on the risk. The job of the firewall and
infrastructure services to protect such apps from themselves as much
as possible. I can't fix the app, but I might be able to fix DNS.
- Morty
More information about the bind-users
mailing list