What is a DNS Rebinding Attack?
DNS Rebinding Attacks are where the attacker tricks the user into binding with malicious websites and then making the user browser or device access unintended domains. Such attacks are normally used to compromise the system and exploit it as proxy for attacking the internal network.
How DNS Rebinding Attacks work?
The malicious client-side code makes additional accesses to the original domain name (such as attacker.com). These are permitted by the same-origin policy. However, when the victim’s browser runs the script it makes a new DNS request for the domain, and the attacker replies with a new IP address. For instance, they could reply with an internal IP address or the IP address of a target somewhere else on the Internet.
Experts from Armis claim that nearly all types of smart devices are vulnerable to DNS Rebinding Attacks, including smarts TVs, routers, printers, CCTV Cameras and smart phones.
How to avoid DNS Rebinding Attacks?
- Enabling HTTPS console only and turning off HTTP console.
- For routers, disable access to admin console from any external network.
- For web browsers, DNS pinning can be implemented. This will lock the IP address which is received in the first DNS response.
- Implement private DNS filtering in the firewall.
- For devices, always change the default names and password.