Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: DNS Spoofing/Pinning
Posted by: Kanatoko
Date: August 09, 2007 05:32AM

It seems that this kind of attack is now called as "DNS Rebinding".
I like this term because it represents the issue correctly.

And, just FYI
"Protecting Browsers from DNS Rebinding Attacks" by Stanford University
http://crypto.stanford.edu/dns/

--
Kanatoko
http://www.jumperz.net/

Options: ReplyQuote
Re: DNS Spoofing/Pinning
Posted by: ma1
Date: August 09, 2007 06:28AM

That paper has been posted here by christ1an some days ago, and it's very interesting indeed.

FYI, I'm currently implementing its "same subnet" anti-rebinding policy (both in IPV4 and IPV6) as a new NoScript feature that I call "DNS Nailing".

--
*hackademix.net*

There's a browser safer than Firefox... Firefox, with NoScript

Options: ReplyQuote
Re: DNS Spoofing/Pinning
Posted by: Kanatoko
Date: August 09, 2007 10:31AM

mal

>That paper has been posted here by christ1an some days ago

I didn't know that. thanks.
In that paper, my web site is called as "black-hat community". lol

>FYI, I'm currently implementing its "same subnet" anti-rebinding
> policy (both in IPV4 and IPV6) as a new NoScript feature that I call "DNS Nailing".

Wow, you are Mr.NoScript! Great.
I have used NoScript for months and it really works well. Thanks.
I'll buy you a drink when you come to Tokyo :)

--
Kanatoko
http://www.jumperz.net/

Options: ReplyQuote
Re: DNS Spoofing/Pinning
Posted by: Kanatoko
Date: August 10, 2007 09:43AM

I read the paper carefully and found that they( Stanford guys ) point that "Multi-Pin Vulnerability" is used( or needed ) to control the browser as a proxy.

But I don't think so. The malicious code on the browser can communicate with the attackers another host using cross domain access technique like JSONP, FLASH with valid crossdomain.xml ( or policy-server ).

So we don't need Multi-Pin. Single-pin ( to the target host ) is enough.

--
Kanatoko
http://www.jumperz.net/

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.