[nSLUG] firewalls that can prevent DNS rebinding attack

D G Teed donald.teed at gmail.com
Wed Aug 8 10:08:03 ADT 2007


On slashdot the other day, there was a reference to a Stanford University
paper on security threats from DNS rebinding, with proof of concept.

http://crypto.stanford.edu.nyud.net/dns/dns-rebinding.pdf

Essentially, a malicious DNS server and web site can be set up
with short TTLs so that it can alter the resolved IP periodically
and use your web browser as a network client behind your firewall
or within your VPN to their liking.

I've also googled this topic and it is being discussed all over the place,
but with no specific solutions.  Historically, a disclosure like this,
with proof of concept, is followed by the appearance of real malicious
threats.

The conclusion at the end of the article mentions:

  firewalls should block circumvention by preventing external
  DNS names from resolving to internal IP addresses

Has anyone knowledge of a firewall product (or a rule in iptables) which
can do this blocking?

--Donald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20070808/10e6c99c/attachment-0001.html>


More information about the nSLUG mailing list