DNS rebinding attack

Dan Kaminsky, director of penetration testing at IOActive, demonstrated the DNS rebinding technique at an RSA conference in April 2008. Kaminsky spent a year researching ways that attackers could exploit aspects of the DNS (domain name system) to circumvent a firewall. Prior to Kaminsky's demonstration, DNS rebinding was considered only theoretically possible. According to Kaminsky, the problem is not with the routers themselves; it is enabled by a "core browser bug." DNS rebinding attacks can also exploit browser plug-ins, such as Flash, Java and Silverlight, that permit direct socket access back to their origins.

Here's a simplified example of how a DNS rebinding exploit might work:
The user is lured to or accidentally visits the attacker's Web site. When a default password is detected and determined, JavaScript coding tricks the user's browser into altering details on the router administration page. Changes made might enable the attacker to administer the device remotely and, as a result, control the owner's Internet communications. Among other possibilities, the attacker could access sensitive data on the network or use the connection to send spam.

As of early April 2008, there have been no reports of actual DNS rebinding attacks. However, the potential for such an attack to occur soon is considerable because very few home users change the default passwords on their routers.

Read more about DNS rebinding attack: - Robert McMillan reports on DNS rebinding. - Stanford University offers a document about preventing DNS rebinding attacks. (PDF) - Hackszine.com describes how DNS rebinding works in greater detail. - Immike.net offers more information about DNS rebinding and preventative measures. - Dan Goodlin discusses Kaminsky's demo of a DNS rebinding attack.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT New media Trojan on the prowl Researchers at Secure Computing have detected a Trojan infecting MP3 and Windows media (WMV) audio files as well as WMV videos. DNS rebinding defenses still necessary, thanks to Web 2.0 Security Corner's Ken Harthun explains the new types of DNS vulnerabilities and how to keep them from compromising your router and exposing sensitive... Vendors rally to repair dangerous DNS flaw Microsoft, Cisco, ISC BIND and others have issued a coordinated release of patches to correct a DNS error that could lead to DNS cache poisoning.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by pharming  (SearchSecurity.com) Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain... JavaScript hijacking  (SearchSecurity.com) JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax...