DNS Rebinding Prevention for the Weak Host Model Attacks
Phil Mayers
p.mayers at imperial.ac.uk
Tue Aug 17 15:35:16 UTC 2010
On 08/17/2010 04:31 PM, Florian Weimer wrote:
> * Bradley Falzon:
>
>> Craig Heffner's version of the DNS Rebinding attack, similar to all
>> DNS Rebinding attacks, requires the DNS Servers to respond with an
>> Attackers IP Address as well as the Victims IP Address, in a typical
>> Round Robin fashion. Previous attacks would normally have the Victims
>> IP Address to be their Private IP.
>
> For which protocols is this supposed to work? Why would a
> security-minded web application serve content under a name it knows
> cannot be its own?
>
You're assuming it's an HTTP attack. You can trick flash, java and other
plugins to circumvent the browsers same-origin policy, and do much more
subtle things like sending SMTP email.
More information about the bind-users
mailing list