DNS Rebinding Attacks

Kokkinopoulos, Georgios

DNS Rebinding Attacks

Active / Technical Report | Accession Number: ADA508892 |

Open PDF

Abstract:

See Report A Domain Name System DNS Rebinding attack compromises the integrity of name resolution in DNS with the goal of controlling the IP address of the host to which the victim ultimately connects. The same origin policy and DNS Pinning techniques were introduced to protect Web browsers from DNS rebinding attacks, but their effectiveness has been undermined by vulnerabilities introduced by plug-ins such as JavaScript and Adobe Flash Player. The new attacks fall into two broad categories firewall circumvention and IP hijacking, depending on the consequences of each attack. Using a realistic network testbed, this research has enacted two firewall circumvention attack scenarios, with JavaScript and Adobe Flash Player respectively. Also confirmed is the effectiveness of several published countermeasures, including configuration options for DNS and Web servers, and security updates released by plug-in vendors. Finally, the research analyzes the defense-readiness of the DNS server and client configuration guidelines used by the U.S. Department of Defense DoD, including the Defense Information Systems Agency DISA DNS Security Technical Implementation Guidance STIG, the Windows Vista Client Specialized Security Limited Functionality SSLF Guidance, and the split-DNS architecture.

Author(s):

Kokkinopoulos, Georgios

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Descriptive Note:

Master's thesis

Supplementary Note:

The original document contains color images.

Pagination:

0129

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NPS

Subject Terms

Joint Capability Areas:

JCA_7_Protection; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_6_Net Centric; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_6.4.1_Secure Information Exchange; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_5_Command and Control; JCA_1.2.7_Experimentation; JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_5.3_Planning; JCA_6.2.3_Core Enterprise Services; JCA_3.2_Engagement; JCA_3_Force Application

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*INFORMATION SYSTEMS, *COMMUNICATIONS NETWORKS, TEST BEDS, DEFENSE SYSTEMS, PLUG IN UNITS, COUNTERMEASURES, VENDORS, DEPARTMENT OF DEFENSE, SCENARIOS

Field(s)/Group(s):

Computer Systems Management and Standards, Voice Communications

Keyword(s):

*NETWORK SECURITY, *DOMAIN NAME SYSTEM, DNS REBINDING, DNS PINNING, SAME ORIGIN POLICY, ANTI DNS PINNING, ADOBE SECURITY UPDATES, DNS STIG, WINDOWS VISTA SECURITY, SPLIT DNSP, DNS(DOMAIN NAME SYSTEM)

Report Date:

2009 Sep 01

Creation Date:

2009 Nov 25