dnsmasq: stop dns-rebind attacks

Hi, in this years Black Hat conference, Craig Heffner will show an attack against many home routers which is based on DNS rebinding. This article shows you, how to disable it on dnsmasq.

DNS rebinding is based on the following scheme (thanks to Mitternachtshacking – article in german):

  • Webbrowser loads page with flash from server www.mydomain.com
    DNS for www.mydomain.com is: 212.18.45.xx with TTL=1
  • Webbroswer loads xmlsocket-policy from server www.mydomain.com, which allows port 22
    DNS for www.mydomain.com is: 212.18.45.xx with TTL=1
  • Flash which runs in webbrowser opens a connection to www.mydomain.com:22
    DNS for www.mydomain.com is: 192.168.1.1 with TTL=1

Everything runs under the same-origin-policy.

To prevent dnsmasq from accepting this, just add the following to the dnsmasq commandline:

--stop-dns-rebind

With Debian Lenny, you just need to add this line in the file /etc/default/dnsmasq:

DNSMASQ_OPTS="--stop-dns-rebind"

Bye,
Sven

Kommentar hinterlassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.