Dan Kaminsky, director of penetration testing at IOActive, demonstrated the DNS rebinding technique at an RSA conference in April 2008. Kaminsky spent a year researching ways that attackers could exploit aspects of the DNS (domain name system) to circumvent a firewall. Prior to Kaminsky's demonstration, DNS rebinding was considered only theoretically possible. According to Kaminsky, the problem is not with the routers themselves; it is enabled by a "core browser bug." DNS rebinding attacks can also exploit browser plug-ins, such as Flash, Java and Silverlight, that permit direct socket access back to their origins.
Here's a simplified example of how a DNS rebinding exploit might work:
As of early April 2008, there have been no reports of actual DNS rebinding attacks. However, the potential for such an attack to occur soon is considerable because very few home users change the default passwords on their routers.