Protection
The following techniques attempt to prevent DNS rebinding attacks:
- Web browsers can implement DNS pinning: the IP address is locked to the value received in the first DNS response. This technique may block some legitimate uses of Dynamic DNS, and may not work against all attacks.
- Private IP addresses can be filtered out of DNS responses.
- External public DNS servers with this filtering e.g. OpenDNS.
- Local sysadmins can configure the organization's local nameservers to block the resolution of external names into internal IP addresses.
- DNS filtering in a firewall or daemon e.g. dnswall.
- Web servers can reject HTTP requests with an unrecognized Host header.
- The Firefox NoScript extension provides partial protection (for private networks) using its ABE feature, which blocks web traffic from external addresses to local addresses.
Read more about this topic: DNS Rebinding
Famous quotes containing the word protection:
“Guns have metamorphosed into cameras in this earnest comedy, the ecology safari, because nature has ceased to be what it always had been—what people needed protection from. Now nature tamed, endangered, mortal—needs to be protected from people.”
—Susan Sontag (b. 1933)
“We cannot spare our children the influence of harmful values by turning off the television any more than we can keep them home forever or revamp the world before they get there. Merely keeping them in the dark is no protection and, in fact, can make them vulnerable and immature.”
—Polly Berrien Berends (20th century)
“The diversity in the faculties of men, from which the rights of property originate, is not less an insuperable obstacle to a uniformity of interests. The protection of these faculties is the first object of government.”
—James Madison (1751–1836)