<http://www.theregister.co.uk/2008/04/09/dns_rebinding_attack/>:
RSA Showing how the web's underpinnings can be abused to attack
assets presumed to be secure, a researcher unveiled a website that
can log into a home router and change key settings, such as
administrator passwords and servers used to access trusted web
destinations.
Rather than creating a trojan or other piece of specialized malware
to access servers or other devices behind a firewall, researcher Dan
Kaminsky, a director of penetration testing firm IOActive, showed how
a web browser can do much the same thing. His demo uses so-called DNS
rebinding, an attack technique that uses fraudulent IP addresses to
breach a network's security.
DNS rebinding can be used to subvert the same origin policy, which
prevents pages or data loaded by one site from being modified by
pages or data loaded by a different site. Because a single
destination can have more than one IP address associated with it -
and because nothing prevents one site from associating itself with
anyone else's IP - DNS rebinding attacks fool a browser into letting
one site tamper with a server or other resource that normally would
be off limits.
"It kind of sort of breaks the entire security model of the web,"
Kaminsky said of the technique. ...
....
... IT administrators need to consider the vulnerability carefully
when deciding how to attach various devices to their network, and
home users should make sure their routers have robust passwords. To
that end. Open DNS, a company that provides a safer alternative to
ISP-provided DNS lookup, today unveiled a new option that allows
users to block suspicious responses, such as those from the outside
that provide a URL with an IP address for a router or other internal
device.
Beyond that, learn to live with DNS rebinding, Kaminsky said. "This
bug is not going away anytime soon."
[MORE @ URL above]
|
Similar Threads
Linear Mode
