Security Corner

Aug 11 2010   6:58PM GMT

Why DNS Rebinding Is in the News Again



Posted by: Ken Harthun
Tags:
Black Hat conference
DNS Rebinding Attack
Routers
Security
Security Now!
Figure 1

Linksys Router

As old as this issue is, you’d think it would be solved by now; in fact, everyone thought it was. Many browsers and plug-ins protect against it. But it showed up in a different form that no one had considered until it was  revealed at Black Hat. The hacker discovered that not only can you browse to your router’s web browser using the private gateway IP (192.168.xxx.xxx or whatever), you can also get there using its public IP–the address on WAN IP–even if you have disabled remote administration from the WAN side. Steve Gibson, in his usual, thorough manner, analyzed the matter in Security Now! episode 260.

And so the next-generation attack that was revealed last week, which I’m sure all of the various firmwares are in the process of scrambling around to fix right now, solves, well, what it does is it gets around the blocks against internal LAN access IPs by using your public IP. And of course the remote DNS server gets your public IP because that’s the IP from which the request comes to it. It’s emitted by your computer, asking for the IP address of attacker.com. Well, that comes from your public IP. So it’s able to return the public IP to the [attacker] script running in a plug-in, which then knows how to get around the use of private IPs on the LAN to access your router.

Everyone should immediately check this list to see if your router is vulnerable. If it is, then you should go to the manufacturer’s website to check for firmware updates to your router.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: