[dns-operations] Use of Views/ACLs to defeat DNS rebinding/pinning attacks?

David Ulevitch davidu at everydns.net
Tue Aug 7 21:28:50 UTC 2007

Simon Waters wrote:
>> Lots of folks such as broadband SPs don't insert firewalls into their  
>> topologies.
> Such folk generally can't rewrite the answers for their customers, since they 
> don't know what the customers private IPs are, or whether they are 
> deliberately using those IP addresses in public DNS zones hosted elsewhere 
> (i.e. Extranets, Intranets, VPNs and such like).
The attack doesn't require rewriting answers into RFC1918 space.  In 
fact, more potent attacks (at least from where we sit as the DNS 
operations community) relate to the fact that browsers can now be 
anti-pinned to cause outbound connections to third-party sites/hosts 
without the user being aware or directly involved in the process.

The "internal host access" is an important point, but it's not required 
for the attack, nor is it what folks should be focused on, it's just a 
symptom of the problem.


More information about the dns-operations mailing list