Protection
The following techniques attempt to prevent DNS rebinding attacks:
- Web browsers can implement DNS pinning: the IP address is locked to the value received in the first DNS response. This technique may block some legitimate uses of Dynamic DNS, and may not work against all attacks.
- Private IP addresses can be filtered out of DNS responses.
- External public DNS servers with this filtering e.g. OpenDNS.
- Local sysadmins can configure the organization's local nameservers to block the resolution of external names into internal IP addresses.
- DNS filtering in a firewall or daemon e.g. dnswall.
- Web servers can reject HTTP requests with an unrecognized Host header.
- The Firefox NoScript extension provides partial protection (for private networks) using its ABE feature, which blocks web traffic from external addresses to local addresses.
Read more about this topic: DNS Rebinding
Famous quotes containing the word protection:
“We all cry out that the world is corrupt,—and I fear too justly,—but we never reflect, what we have to thank for it, and that it is our open countenance of vice, which gives the lye to our private censures of it, which is its chief protection and encouragement.”
—Laurence Sterne (1713–1768)
“No: until I want the protection of Massachusetts to be extended to me in some distant Southern port, where my liberty is endangered, or until I am bent solely on building up an estate at home by peaceful enterprise, I can afford to refuse allegiance to Massachusetts, and her right to my property and life. It costs me less in every sense to incur the penalty of disobedience to the State than it would to obey. I should feel as if I were worth less in that case.”
—Henry David Thoreau (1817–1862)
“We’re for statehood. We want statehood because statehood means the protection of our farms and our fences; and it means schools for our children; and it means progress for the future.”
—Willis Goldbeck (1900–1979)