mcBachmann.de TechBlog » dns http://blog.mcbachmann.de Der Blog zur Website ;-) Wed, 11 Jan 2012 21:12:53 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 dnsmasq: stop dns-rebind attacks http://blog.mcbachmann.de/linux/dnsmasq-stop-dns-rebind-attacks http://blog.mcbachmann.de/linux/dnsmasq-stop-dns-rebind-attacks#comments Thu, 22 Jul 2010 08:55:50 +0000 Sven Bachmann http://blog.mcbachmann.de/?p=525 Hi, in this years Black Hat conference, Craig Heffner will show an attack against many home routers which is based on DNS rebinding. This article shows you, how to disable it on dnsmasq.

DNS rebinding is based on the following scheme (thanks to Mitternachtshacking – article in german):

  • Webbrowser loads page with flash from server www.mydomain.com
    DNS for www.mydomain.com is: 212.18.45.xx with TTL=1
  • Webbroswer loads xmlsocket-policy from server www.mydomain.com, which allows port 22
    DNS for www.mydomain.com is: 212.18.45.xx with TTL=1
  • Flash which runs in webbrowser opens a connection to www.mydomain.com:22
    DNS for www.mydomain.com is: 192.168.1.1 with TTL=1

Everything runs under the same-origin-policy.

To prevent dnsmasq from accepting this, just add the following to the dnsmasq commandline:

--stop-dns-rebind

With Debian Lenny, you just need to add this line in the file /etc/default/dnsmasq:

DNSMASQ_OPTS="--stop-dns-rebind"

Bye,
Sven

]]> http://blog.mcbachmann.de/linux/dnsmasq-stop-dns-rebind-attacks/feed 0