Affiliation:
1. Stanford University, Stanford, CA
Abstract
DNS rebinding attacks subvert the same-origin policy of browsers, converting them into open network proxies. Using DNS rebinding, an attacker can circumvent organizational and personal firewalls, send spam email, and defraud pay-per-click advertisers. We evaluate the cost effectiveness of mounting DNS rebinding attacks, finding that an attacker requires less than $100 to hijack 100,000 IP addresses. We analyze defenses to DNS rebinding attacks, including improvements to the classic “DNS pinning,” and recommend changes to browser plug-ins, firewalls, and Web servers. Our defenses have been adopted by plug-in vendors and by a number of open-source firewall implementations.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications
Reference58 articles.
1. Adobe. 2006. Adobe Flash Player 9 security. http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf. Adobe. 2006. Adobe Flash Player 9 security. http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf.
2. Adobe. 2008. Flash Player penetration. http://www.adobe.com/products/player_census/flash- player/. Adobe. 2008. Flash Player penetration. http://www.adobe.com/products/player_census/flash- player/.
3. Alexa. 2007. Top sites. http://www.alexa.com/site/ds/top_sites?ts_mode=global. Alexa. 2007. Top sites. http://www.alexa.com/site/ds/top_sites?ts_mode=global.
4. Anvil K. 2007. Anti-DNS pinning + socket in flash. http://www.jumperz.net/. Anvil K. 2007. Anti-DNS pinning + socket in flash. http://www.jumperz.net/.
5. Arends R. Austein R. Larson M. Massey D. and Rose S. 2005. DNS security introduction and requirements. RFC 4033. Arends R. Austein R. Larson M. Massey D. and Rose S. 2005. DNS security introduction and requirements. RFC 4033.
Cited by
27 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献