DNS Rebinding

I want to know more about DNS Rebinding. I first learned about this topic when reading the Node.js documentation.

Date Created:
1 24

References

DNS Rebinding


Notes

DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script that attacks machines elsewhere on the network. DNS rebinding establishes communication between the attacker's server and a web application on an internet network through a browser.

Web browsers use same-origin policy as a defense mechanism to restrict how websites from one origin can interact with other origins. The origin of a website is defined by the protocol (http:.//), domain (frankmbrown.net) and port (:80). Websites with the same-origin policy restrict cross-policy interactions.

In a DNS system, time to live (TTL) defines the amount of time in seconds that a record can be cached before a web server will re-query the DNS name server for a response. After the TTL expires, the records become stale and will not be used. TTL is usually set by the authoritative name server of a domain.

The goal of the DNS rebinding attack is to bypass the restrictions of the Same-Origin-Policy.

The attackers register the domain http://www[.]badactor[.]com and delegate it to a DNS server they control. Company Yourname Inc. hosts its intranet behind a firewall. Employees of Yourname Inc. can access an application on a company’s web server, whose IP is 60.6.6.60. Let’s assume an employee of Yourname Inc. is surfing the internet from a laptop or tablet inside the company’s network and clicks on www[.]badactor[.]com. The DNS server controlled by the bad actor sends the correct IP address to the employee’s request but with a very short TTL to prevent the response from being cached. Remember, it’s the DNS server that sets the TTL policy. The employee’s browser downloads the page containing malicious code that binds the local IP address to the attacker’s DNS server. The domain www[.]badactor[.]com now points to 60.6.6.60, and because this IP is of the same origin, the attacker’s code can exfiltrate the company’s information and sensitive data.

The best mitigation against DNS rebinding attacks is at the DNS layer.

DNS rebinding is a type of cyberattack that leverages Domain Name System (DNS) to run malicious JavaScript and attack devices on a user's private network.

Comments

You have to be logged in to add a comment

User Comments

Insert Math Markup

ESC
About Inserting Math Content
Display Style:

Embed News Content

ESC
About Embedding News Content

Embed Youtube Video

ESC
Embedding Youtube Videos

Embed TikTok Video

ESC
Embedding TikTok Videos

Embed X Post

ESC
Embedding X Posts

Embed Instagram Post

ESC
Embedding Instagram Posts

Insert Details Element

ESC

Example Output:

Summary Title
You will be able to insert content here after confirming the title of the <details> element.

Insert Table

ESC
Customization
Align:
Preview:

Insert Horizontal Rule

#000000

Preview:

View Content At Different Sizes

ESC

Edit Style of Block Nodes

ESC

Edit the background color, default text color, margin, padding, and border of block nodes. Editable block nodes include paragraphs, headers, and lists.

#ffffff
#000000

Edit Selected Cells

Change the background color, vertical align, and borders of the cells in the current selection.

#ffffff
Vertical Align:
Border
#000000
Border Style:

Edit Table

ESC
Customization:
Align:

Upload Lexical State

ESC

Upload a .lexical file. If the file type matches the type of the current editor, then a preview will be shown below the file input.

Upload 3D Object

ESC

Upload Jupyter Notebook

ESC

Upload a Jupyter notebook and embed the resulting HTML in the text editor.

Insert Custom HTML

ESC

Edit Image Background Color

ESC
#ffffff

Insert Columns Layout

ESC
Column Type:

Select Code Language

ESC
Select Coding Language

Insert Chart

ESC

Use the search box below

Upload Previous Version of Article State

ESC