Accession Number:

ADA508892

Title:

DNS Rebinding Attacks

Descriptive Note:

Master's thesis

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s):

Report Date:

2009-09-01

Pagination or Media Count:

129.0

Abstract:

See Report A Domain Name System DNS Rebinding attack compromises the integrity of name resolution in DNS with the goal of controlling the IP address of the host to which the victim ultimately connects. The same origin policy and DNS Pinning techniques were introduced to protect Web browsers from DNS rebinding attacks, but their effectiveness has been undermined by vulnerabilities introduced by plug-ins such as JavaScript and Adobe Flash Player. The new attacks fall into two broad categories firewall circumvention and IP hijacking, depending on the consequences of each attack. Using a realistic network testbed, this research has enacted two firewall circumvention attack scenarios, with JavaScript and Adobe Flash Player respectively. Also confirmed is the effectiveness of several published countermeasures, including configuration options for DNS and Web servers, and security updates released by plug-in vendors. Finally, the research analyzes the defense-readiness of the DNS server and client configuration guidelines used by the U.S. Department of Defense DoD, including the Defense Information Systems Agency DISA DNS Security Technical Implementation Guidance STIG, the Windows Vista Client Specialized Security Limited Functionality SSLF Guidance, and the split-DNS architecture.

Subject Categories:

  • Computer Systems Management and Standards
  • Voice Communications

Distribution Statement:

APPROVED FOR PUBLIC RELEASE