DNS rebinding attack
Home > Security Definitions - DNS rebinding attack
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

DNS rebinding attack

Show me everything on Emerging Information Security Threats


Word of the Day


DEFINITION - DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router. The attack works on widely-used routers such as D-Link and Linksys and could, in fact, target any device that uses a default password and Web-based administration.

Dan Kaminsky, director of penetration testing at IOActive, demonstrated the DNS rebinding technique at an RSA conference in April 2008. Kaminsky spent a year researching ways that attackers could exploit aspects of the DNS (domain name system) to circumvent a firewall. Prior to Kaminsky's demonstration, DNS rebinding was considered only theoretically possible. According to Kaminsky, the problem is not with the routers themselves; it is enabled by a "core browser bug." DNS rebinding attacks can also exploit browser plug-ins, such as Flash, Java and Silverlight, that permit direct socket access back to their origins.

Here's a simplified example of how a DNS rebinding exploit might work:
The user is lured to or accidentally visits the attacker's Web site. When a default password is detected and determined, JavaScript coding tricks the user's browser into altering details on the router administration page. Changes made might enable the attacker to administer the device remotely and, as a result, control the owner's Internet communications. Among other possibilities, the attacker could access sensitive data on the network or use the connection to send spam.

As of early April 2008, there have been no reports of actual DNS rebinding attacks. However, the potential for such an attack to occur soon is considerable because very few home users change the default passwords on their routers.

Learn more about Emerging Information Security Threats
Security book giveaway: Under-the-radar information security threats: Which enterprise security threat do you think has gone under the radar? Give us your thoughts. Our favorite response will win some great free security training books.
Quiz: The threat landscape for 2008 -- Protecting your organization against next-generation threats: Take this five-question quiz to evaluate your knowledge of the material presented by expert Lenny Zeltser in this Intrusion Defense School lesson.
Enterprise Security 2008 Learning Guide: SearchSecurity.com's panel of experts look back at last year's threats and make predictions about emerging enterprise security concerns for 2008.
Virtual Honeypots: From Botnet Tracking to Intrusion Detection: In Chapter 11 of Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Niels Provos and Thorsten Holz get inside the botnet and reveal some interesting conclusions.
Malware: The ever-evolving threat: The first tip in our series, "How to assess and mitigate information security threats".

LAST UPDATED: 14 Apr 2008

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- Robert McMillan reports on DNS rebinding.
- Stanford University offers a document about preventing DNS rebinding attacks. (PDF)
- Hackszine.com describes how DNS rebinding works in greater detail.
- Immike.net offers more information about DNS rebinding and preventative measures.
- Dan Goodlin discusses Kaminsky's demo of a DNS rebinding attack.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
RSA security conference 2010: news, interviews and updates
The RSA Security Conference is valuable resource in staying educated on the information security industry. Here you will find news on the upcoming RSA...
Hackers to sharpen malware, malicious software in 2010
Symantec researchers predict an increase in attacks using social network architectures, third-party applications and URL shortening services.
Modern malware, stealthy botnets, adapt quickly, expert says
As network intrusion detection systems evolve so does the malware they're designed to detect, continuing the cat and mouse game between security...

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
drive-by pharming  (SearchSecurity.com)
Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain...
JavaScript hijacking  (SearchSecurity.com)
JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax...




Get More DNS rebinding attack Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts