DNS rebinding attacks
09Sep_Kokkinopoulos.pdf (2.402Mb)Abstract
A Domain Name System (DNS) Rebinding attack compromises the integrity of name resolution in DNS with the goal of controlling the IP address of the host to which the victim ultimately connects. The same origin policy and DNS Pinning techniques were introduced to protect Web browsers from DNS rebinding attacks, but their effectiveness has been undermined by vulnerabilities introduced by plug-ins such as JavaScript and Adobe Flash Player. The new attacks fall into two broad categories: firewall circumvention and IP hijacking, depending on the consequences of each attack. Using a realistic network testbed, this research has enacted two firewall circumvention attack scenarios, with JavaScript and Adobe Flash Player respectively. Also confirmed is the effectiveness of several published countermeasures, including configuration options for DNS and Web servers, and security updates released by plug-in vendors. Finally, the research analyzes the defense-readiness of the DNS server and client configuration guidelines used by the U.S. Department of Defense (DoD), including the Defense Information Systems Agency (DISA) DNS Security Technical Implementation Guidance (STIG), the Windows Vista Client Specialized Security Limited Functionality (SSLF) Guidance, and the split-DNS architecture.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Related items
Showing items related by title, author, creator and subject.
-
A Review of Alternative Methods to Inventory Contracted Services in the Department of Defense
(Monterey, California. Naval Postgraduate School, 2018-04-30); SYM-AM-18-053Title 10, Section 2330a, of the U.S. Code requires the Secretary of Defense to "submit to Congress an annual inventory of the activities performed during the preceding fiscal year pursuant to contracts for services."Persistent ... -
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ... -
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ...
