[dns-operations] Use of Views/ACLs to defeat DNS rebinding/pinning attacks?
Roland Dobbins
rdobbins at cisco.com
Tue Aug 7 09:51:11 UTC 2007
On Aug 7, 2007, at 1:08 AM, Simon Waters wrote:
> Of course it can't, this is a problem that is a result of design
> decisions for
> browsers and browser plugins (mostly plugins), in most (all?) cases
> the DNS
> is functioning as designed.
I understand that it's not a DNS problem; I was wondering whether or
not one could simply manually filter/rewrite answers for FQDNS which
are outside one's SOA scope, yet are answered by the attacker as
being within one's own IP address ranges, as something of a defensive
measure.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
More information about the dns-operations
mailing list