RSnake's 2nd Take On DNS Rebinding

Robert Hansen aka RSnake the father of Xss is back with a bang. With his latest research on DNS rebinding hacking which he also explained with a Video but he is all set to remove this DNS rebinding from the world.

 

RSnake released a new podcast on DNS Rebinding after his previous release of video on it. Its a pretty good news that somebody is caring about the DNS hacking techniques as one we saw a couple of days ago Twitter was hacked, with some DNS resolution problems.

 

 

Dennis Fisher talks with security researcher Robert “Rsnake” Hansen about his recent work on DNS rebinding attacks, the poor state of browser security and his new book “Detecting Malice.”..

 

*Podcast audio courtesy of sykboy65

Subscribe to the Digital Underground podcast on

 

How DNS Rebinding Works

The attacker registers a domain which is delegated to a DNS server he controls. The server is configured to respond with a very short TTL parameter, which prevents the response from being cached.

 

The first response contains the IP address of the server hosting the malicious code. Subsequent responses contain spoofed private network IP addresses (RFC1918), presumably behind a firewall, being target of the attacker.

 

Because both are fully valid DNS responses, they authorize the sandboxed script to access hosts inside the private network. By returning multiple short-lived IP addresses, the DNS server enables the script to scan the local network or perform other malicious activities.

*source Wikipedia