DNS rebinding
DNS-välgatus
olemus
kaaperdusrünne:
ründaja registreerib endale domeeninime
ja vastendab sellele nimele
enda kontrolli all olevas DNS-serveris
lühikese elueaga (50-4000 ms) IP-aadressi;
selle aadressi poole pöördunud brauserisse
kirjutatakse kahjurskript ning
IP-aadressiks paneb DNS nüüd ründe sihtkoha aadressi
(näiteks tulemüüri taga sisevõrgus oleva serveri oma)
=
an attack that manipulates resolution of domain names and a malicious web page causes visitors to run a client-side script that attacks machines elsewhere on the network
ülevaateid
https://en.wikipedia.org/wiki/DNS_rebinding
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://www.ptsecurity.com/upload/corporate/ww-en/download/DNS-rebinding.pdf
https://abiusx.com/archive/document/DNS%20Hijacking%20via%20DNS%20Rebinding.pdf
demo
https://www.youtube.com/watch?v=RJHTr3g-zbg
tõrje
http://crypto.stanford.edu/dns/dns-rebinding.pdf
http://www.adambarth.com/papers/2009/jackson-barth-bortz-shao-boneh-tweb.pdf
https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Gerald-Doussot-Roger-Meyer-State-of-DNS-Rebinding-Attack-and-Prevention-Techniques-and-the-Singularity-of-Origin.pdf
https://www.cs.umd.edu/class/spring2017/cmsc818O/papers/dns-rebinding-sop.pdf