DNS rebinding attacks

Loading...
Thumbnail Image
Authors
Kokkinopoulos, Georgios
Subjects
Advisors
Xie, Geoffrey G.
Gibson, John H.
Date of Issue
2009-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
A Domain Name System (DNS) Rebinding attack compromises the integrity of name resolution in DNS with the goal of controlling the IP address of the host to which the victim ultimately connects. The same origin policy and DNS Pinning techniques were introduced to protect Web browsers from DNS rebinding attacks, but their effectiveness has been undermined by vulnerabilities introduced by plug-ins such as JavaScript and Adobe Flash Player. The new attacks fall into two broad categories: firewall circumvention and IP hijacking, depending on the consequences of each attack. Using a realistic network testbed, this research has enacted two firewall circumvention attack scenarios, with JavaScript and Adobe Flash Player respectively. Also confirmed is the effectiveness of several published countermeasures, including configuration options for DNS and Web servers, and security updates released by plug-in vendors. Finally, the research analyzes the defense-readiness of the DNS server and client configuration guidelines used by the U.S. Department of Defense (DoD), including the Defense Information Systems Agency (DISA) DNS Security Technical Implementation Guidance (STIG), the Windows Vista Client Specialized Security Limited Functionality (SSLF) Guidance, and the split-DNS architecture.
Type
Thesis
Description
Department
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xvi, 111 p. : col. ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections