DNS Rebinding - Protection

Protection

The following techniques attempt to prevent DNS rebinding attacks:

  • Web browsers can implement DNS pinning: the IP address is locked to the value received in the first DNS response. This technique may block some legitimate uses of Dynamic DNS, and may not work against all attacks.
  • Private IP addresses can be filtered out of DNS responses.
    • External public DNS servers with this filtering e.g. OpenDNS.
    • Local sysadmins can configure the organization's local nameservers to block the resolution of external names into internal IP addresses.
    • DNS filtering in a firewall or daemon e.g. dnswall.
  • Web servers can reject HTTP requests with an unrecognized Host header.
  • The Firefox NoScript extension provides partial protection (for private networks) using its ABE feature, which blocks web traffic from external addresses to local addresses.

Read more about this topic:  DNS Rebinding

Famous quotes containing the word protection:

    We cannot spare our children the influence of harmful values by turning off the television any more than we can keep them home forever or revamp the world before they get there. Merely keeping them in the dark is no protection and, in fact, can make them vulnerable and immature.
    Polly Berrien Berends (20th century)

    Take away from the courts, if it could be taken away, the power to issue injunctions in labor disputes, and it would create a privileged class among the laborers and save the lawless among their number from a most needful remedy available to all men for the protection of their business interests against unlawful invasion.... The secondary boycott is an instrument of tyranny, and ought not to be made legitimate.
    William Howard Taft (1857–1930)

    Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.
    James Madison (1751–1836)