On Wed, Aug 18, 2010 at 1:01 AM, Florian Weimer <fwei...@bfk.de> wrote: > * Bradley Falzon: > >> Craig Heffner's version of the DNS Rebinding attack, similar to all >> DNS Rebinding attacks, requires the DNS Servers to respond with an >> Attackers IP Address as well as the Victims IP Address, in a typical >> Round Robin fashion. Previous attacks would normally have the Victims >> IP Address to be their Private IP. > > For which protocols is this supposed to work? Why would a > security-minded web application serve content under a name it knows > cannot be its own? >
My concern about the attack is in regards to common NAT routers. I am no expert on this subject matter and do completely agree, these kind of routers need better security checking (such as Host Header checks), but conversely, HTTP daemons available on embedded platforms, in my limited experience, have been mostly HTTP 1.0 compliant only as such do not support the Host header. But you are completely correct is saying the devices themselves should offer protection, the fact is though, many devices do not (even if they are HTTP 1.1 compliant, many are simply ignoring the unknown Host Header) and in order to upgrade these would require common people to upgrade their modems firmware - or the ISP assisting them. Addressing the attack as a patch in bind would allow an ISP to patch their DNS Caches as opposed to upgrading all customers firmware. The long term solution being as you've outlined - these NAT routers need to offer more forms of robust protection. -- Bradley Falzon b...@teambrad.net _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users