Abstract
In this paper the focus is on the detection and prevention of DNS rebinding attack. DNS rebinding attack circumvents the access control of browser’s same origin policy (SOP) and converts them into open network proxies to access the information of target systems. It works by sending in genuine IP address for the DNS response and infects the victim browser with malicious Javascript or other active content which then exploits the name-based SOP. This leads to the successful launch of the attack in spite of the existence of strong authentication schemes. The existing counter mechanisms are not able to prevent all types of DNS rebinding attacks. We propose two level based solution, level-I is based on the comparison of the hostname of canonical NAME of each reverse DNS lookup of IP address returned by DNS response with the original domain name and level-II compares the HTTP response content of the each IP addresses returned by DNS response. The SSE network testbed was used for testing the proposed solution and the experimental results show that the proposed solutions are able to detect and prevent all subsequent DNS rebinding attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
mancalanetworks.com/files/mancalanetworks.dns_attacks.pdf
TrendMicro, "Protecting Your Router against Possible DNS Rebinding Attacks", www.trendmicro.com/protecting-your-router-gainstpossibl-dns-rebinding-attacks.
TechRepublic,"Public IP DNS rebinding: Another reason not to use default passwords", www.techrepublic.com.
Default Passwords for routers http://www.phenoelit-us.org/dpl/dpl.html.
References
Heffner C (2010) Remote attacks against SOHO routers. www.nsai.it/2010/10/18/remoteattacks-against-soho-routers. Accessed May 2009
Jackson C, Barth A, Bortz A, Shao W, Boneh D (2007) Protecting browsers from DNS rebinding attacks. Paper presented at the 14th ACM conference on computer and communications security 2007
Karlof C, Shankar U, Tygar JD, Wagner D (2007) Dynamic pharming attacks and locked same-origin policies for web browsers. In Proceedings of the 14th ACM conference on computer and communications security, pp 5–17
Kokkinopoulos G, Xie GG, Gison JH (2009) Thesis on DNS rebinding attacks. Naval Postgraduate School, Monterey
Radha B, Selva Kumar S (2011) DEEPAV2: a DNS monitor tool for prevention of public IP DNS rebinding attack 3rd international conference on advances in recent technologies in communication and computing Bangalore, India 2011
Ruderman (2008) Same origin policy for JavaScript. https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript. Accessed May 2009
Acknowledgments
The authors are grateful for the sponsorship of this research work provided by the Government of India, New Delhi, under the Collaborative Directed Basic Research (CDBR) Project.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Brahmasani, S., Sivasankar, E. Two level verification for detection of DNS rebinding attacks. Int J Syst Assur Eng Manag 4, 138–145 (2013). https://doi.org/10.1007/s13198-013-0153-x
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-013-0153-x