Debate Magazine

What is a DNS Rebinding Attack?

Posted on the 29 January 2018 by Darkwebnews @darkwebnews

DNS rebinding is a Domain Name System-based attack on the codes embedded in a webpage.

Through DNS rebinding, an attacker can compromise unpatched internal systems, exfiltrate sensitive data and circumvent firewalls to spider corporate intranets.

It is for this reason that you need to understand what a DNS rebinding is, how it works and how to protect yourself against this computer attack.

What is DNS Rebinding?

DNS rebinding is a computer exploit that has been known for a long time as a useful tool for hackers looking to subvert a browser's same-origin policy.

The attacker uses JavaScript in a corrupted webpage to access and gain control of their victim's router. This is done by substituting the target IP address to a hostname that the attacker controls.

This attack works on widely-used routers like Linksys and D-link. It can also target any device that uses a web-based administrative panel and a default password.

A DNS rebinding attack can have adverse effects on a number of web applications. Such an attack may convert browsers into open proxies and get through firewalls to access internal documents and services.

The hacker may also use the DNS rebinding to hijack IP addresses of their victims to perform click fraud or send spam emails.

How Does a DNS Rebinding Exploit Work?

A hacker only needs to register a domain name and generate web traffic to their page to launch a DNS rebinding attack.

The hacker may lure their victims to the page through advertisements. The victim may also accidentally visit the attacker's website.

Once the victim lands on the hacker's webpage, the hacker can detect and determine their default password. The hacker responds to DNS queries with the IP address of their server which has a short time to live (TTL) that prevents the results from being cached, serving the victim malicious JavaScript codes.

The JavaScript coding misleads the user's browser into changing details on the router of the victim's administration page. Once these changes are active, the hacker can run the hacked device remotely and control the victim's internet communications.

The attacker can access sensitive information on the network or use it to send spam.

During this attack, the hacker doesn't gain access to DNS servers. They simply provide valid responses to their domain, making the browser act as if the two servers belong to the same origin since they share a hostname.

How to Defend Your Network from a DNS Rebinding Attack

There have been various suggestions made on how to defend your network against this type of computer attack, including:

  • Using a private firewall to limit browser access.
  • Disabling the Flash plugin.
  • Ensure all your websites have a valid host header instead of a default virtual host.
  • Disabling access to your router's admin console from all external networks.
  • Using a strong password for your router. Preferably, change it to something other
    than the factory default.
  • Make sure your computer software programs are patched at all times. Update to a new version whenever it's available.
  • Do not use IP address-based authentications.

Ultimately, the secret to defending your network from DNS rebinding is to avoid being lured into using un-addressable IPs and firewall programs as your defense mechanism.

Since this attack involves the use of corrupted JavaScript codes, it's smart to install the NoScript plugin for Firefox.


You need to enable JavaScript to vote

Back to Featured Articles on Logo Paperblog