Re: DNS Rebinding Prevention for the Weak Host Model Attacks

deny-answer-addresses { %source%; }; deny-answer-aliases { %source%; }; Maybe? - Kevin On 8/17/2010 12:22 AM, Bradley Falzon wrote: bind-users, In light of Craig Heffner's

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

I am looking at the deny-answer-* section for this, but we just need to ensure we minimally affect legitimate applications. This is why I was proposing we only action when the source is apart of the answer AS WELL as another answer. Blocking based on just the source would affect dyn-dns type

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

* Bradley Falzon: Craig Heffner's version of the DNS Rebinding attack, similar to all DNS Rebinding attacks, requires the DNS Servers to respond with an Attackers IP Address as well as the Victims IP Address, in a typical Round Robin fashion. Previous attacks would normally have the Victims

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

On 08/17/2010 04:31 PM, Florian Weimer wrote: * Bradley Falzon: Craig Heffner's version of the DNS Rebinding attack, similar to all DNS Rebinding attacks, requires the DNS Servers to respond with an Attackers IP Address as well as the Victims IP Address, in a typical Round Robin fashion.

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

On Wed, Aug 18, 2010 at 1:01 AM, Florian Weimer fwei...@bfk.de wrote: * Bradley Falzon: Craig Heffner's version of the DNS Rebinding attack, similar to all DNS Rebinding attacks, requires the DNS Servers to respond with an Attackers IP Address as well as the Victims IP Address, in a typical

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

On Wed, Aug 18, 2010 at 1:05 AM, Phil Mayers p.may...@imperial.ac.uk wrote: On 08/17/2010 04:31 PM, Florian Weimer wrote: * Bradley Falzon: Craig Heffner's version of the DNS Rebinding attack, similar to all DNS Rebinding attacks, requires the DNS Servers to respond with an Attackers IP

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

In article mailman.352.1282059097.15649.bind-us...@lists.isc.org, Florian Weimer fwei...@bfk.de wrote: * Bradley Falzon: Craig Heffner's version of the DNS Rebinding attack, similar to all DNS Rebinding attacks, requires the DNS Servers to respond with an Attackers IP Address as well as

DNS Rebinding Prevention for the Weak Host Model Attacks

bind-users, In light of Craig Heffner's recent Black Hat talk (here: https://media.blackhat.com/bh-us-10/whitepapers/Heffner/BlackHat-USA-2010-Heffner-How-to-Hack-Millions-of-Routers-wp.pdf and here: http://rebind.googlecode.com) I would like to propose a possible solution in line with the 'DNS