DNS Rebinding Prevention for the Weak Host Model Attacks
Barry Margolin
barmar at alum.mit.edu
Wed Aug 18 03:59:50 UTC 2010
In article <mailman.352.1282059097.15649.bind-users at lists.isc.org>,
Florian Weimer <fweimer at bfk.de> wrote:
> * Bradley Falzon:
>
> > Craig Heffner's version of the DNS Rebinding attack, similar to all
> > DNS Rebinding attacks, requires the DNS Servers to respond with an
> > Attackers IP Address as well as the Victims IP Address, in a typical
> > Round Robin fashion. Previous attacks would normally have the Victims
> > IP Address to be their Private IP.
>
> For which protocols is this supposed to work? Why would a
> security-minded web application serve content under a name it knows
> cannot be its own?
Home routers generally don't have names, and they don't implement
virtual hosting, so the programmers of the configuration interface
presumably didn't see the need to use the Host header.
In fact, one of the recommendations in the paper that was referenced is
that routers should check the Host header. It should either be the
router's hostname (if it has one) or the router's IP.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list