This attack is at once more nefarious and less nefarious than article
documents.
It is more nefarious because many 'single site' schemes based on DNS
trust *.somedomain.tld as IP resources belonging to somedomain.tld. You
don't have to rebind even. The site www.attacker.com gives a script
th
Pekka Savola (pekkas) writes:
>
> Thanks for the interesting link. This certainly shows that "use hostnames
> everywhere" idiom that the IETF has been repeating doesn't quite work as
> intended in the real life :-)
Yes it does, it's not a bug, it's a feature. It does exactly the right
On Wed, 8 Aug 2007, Stephane Bortzmeyer wrote:
I'm afraid that we will be sollicited one day or the other to write a
RFC about DNS practices to limit rebinding? It seems trendy.
Do note that many advices in "Protecting Browsers from DNS Rebinding
Attacks" (http://crypto.stanford.edu/dns/dns-rebi
I'm afraid that we will be sollicited one day or the other to write a
RFC about DNS practices to limit rebinding? It seems trendy.
Do note that many advices in "Protecting Browsers from DNS Rebinding
Attacks" (http://crypto.stanford.edu/dns/dns-rebinding.pdf) belong in
our perimeter (some remind m