Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Question 4.9 Recently there have been various attacks based on so-called DNS-reb

ID: 645013 • Letter: Q

Question

Question 4.9 Recently there have been various attacks based on so-called DNS-rebinding. A description of such an attack is given below.

1. Explain how the adversary can use the technique described in the attack to access a server behind the ?rewall. That is, describe the chain of events that leads to information being transmitted from the internal (possibly secret) server to the adversary.

2. Describe two countermeasures that could prevent such an attack. These counter-measures should not be overly restrictive. For example, closing the ?rewall for all connections to the Internet would not be an option.

Attack: The simple attack, where a JavaScript would directly access information from the internal server and forward it to the adversary, is prevented by the so-called same-origin policy. Most web browsers implement this policy in the way that content from one origin (domain) can perform HTTP requests to servers from another origin, but cannot read responses since access is restricted to

Explanation / Answer

1)
Some aproach would be to adjust your router firewall rules though not as simple as doing a local host route or local host file entry. I think what is happening is the Forward rules are allowing your internal traffic to hit the external IP. Adding the missing Forward rule to stop that behavior may protect all internal nodes centrally. I'd have to boot up a VM and muck with iptables to confirm it. INPUT/OUTPUT are pretty obvious but I've not worked with the FORWARD rule tables enough to give experience

2)
This attack requires knowing the username and password to access the gateway device's configuration web pages. The bad guys are hoping the default settings are still in use. So, make it hard for them. Change the user name if possible and replace the default password with a nasty and hard to figure out one. That should stop the attackers.

Another option is to require each and every web site to ask permission to load any kind of scripting. This is easy to do if you use the Firefox web browser. Get the NoScript add-on. In fact, Giorgio Maone, NoScript's developer added a new feature in the latest version of NoScript. The feature is called Application Boundaries Enforcer and one of default rules prevents the DNS rebinding attack.
One final suggestion is to use well-respected DNS servers and hard code their IP addresses into the network adaptor's configuration. I use OpenDNS. Doing so eliminates this and many other DNS-related exploits.

Related Questions

Question 4. 4. Which of the following is a store of value? (Points : 5) cash and
Question #1102081
Question 4. A 12.75-year maturity zero-coupon bond has convexity of 150.3 and mo
Question #2656109
Question 4. A fast-food restaurant features only three items on its menu with th
Question #2444826
Question 4. ACCT210 The financial statements of Lewis Limited a (18 marks) appea
Question #2407224
Question 4. Alternating Offers with Discounting You are buying a house and are b
Question #1110674
Question 4. Calculate the length of a peptide that is comprised of 14 amino acid
Question #144620
Question 4. Color vision in humans is mediated by 3 types of photoreceptors: con
Question #3164708
Question 4. Consider a unit load warehouse that handles a SKU with the following
Question #395778
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Question 4.6 lll be butput? main () int i,x 1,y clrscr ); 1,2s]; print f (\"%d.
Next
Question 4/371: What algorithm does the following pseudocode perform? Declare in

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.