Protecting Browsers from DNS Rebinding Attacks
Authors: C. Jackson, A. Barth, A. Bortz, W. Shao, and D. Boneh
Abstract:
DNS rebinding attacks subvert the same-origin policy of
browsers and convert them into open network proxies. We
survey new DNS rebinding attacks that exploit the interaction
between browsers and their plug-ins, such as Flash
and Java. These attacks can be used to circumvent firewalls
and are highly cost-effective for sending spam e-mail
and defrauding pay-per-click advertisers, requiring less than
$100 to temporarily hijack 100,000 IP addresses. We show
that the classic defense against these attacks, called "DNS
pinning," is ineffective in modern browsers. The primary
focus of this work, however, is the design of strong defenses
against DNS rebinding attacks that protect modern
browsers: we suggest easy-to-deploy patches for plug-ins
that prevent large-scale exploitation, provide a defense tool,
dnswall, that prevents firewall circumvention, and detail
two defense options, policy-based pinning and host name
authorization.
Reference:
ACM Transactions on the Web (TWEB), Vol. 3(1), 2009,
extended abstract in proceedings of the 14'th ACM conference on Computer and
Communications Security (CCS), pp. 421-431, 2007
Full paper: pdf