Protection
The following techniques attempt to prevent DNS rebinding attacks:
- Web browsers can implement DNS pinning: the IP address is locked to the value received in the first DNS response. This technique may block some legitimate uses of Dynamic DNS, and may not work against all attacks.
- Private IP addresses can be filtered out of DNS responses.
- External public DNS servers with this filtering e.g. OpenDNS.
- Local sysadmins can configure the organization's local nameservers to block the resolution of external names into internal IP addresses.
- DNS filtering in a firewall or daemon e.g. dnswall.
- Web servers can reject HTTP requests with an unrecognized Host header.
- The Firefox NoScript extension provides partial protection (for private networks) using its ABE feature, which blocks web traffic from external addresses to local addresses.
Read more about this topic: DNS Rebinding
Famous quotes containing the word protection:
“What is marriage, is marriage protection or religion, is marriage renunciation or abundance, is marriage a stepping-stone or an end. What is marriage.”
—Gertrude Stein (18741946)
“A man with convictions finds an answer for everything. Convictions are the best form of protection against the living truth.”
—Max Frisch (19111991)
“As Jerome expanded, its chances for the title, the toughest little town in the West, increased and when it was incorporated in 1899 the citizens were able to support the claim by pointing to the number of thick stone shutters on the fronts of all saloons, gambling halls, and other places of business for protection against gunfire.”
—Administration in the State of Ariz, U.S. public relief program (1935-1943)