Protecting Browsers from DNS Rebinding Attacks

被引：28

作者：

Jackson, Collin ^{[1
]}

Barth, Adam ^{[1
]}

Bortz, Andrew ^{[1
]}

Shao, Weidong ^{[1
]}

Boneh, Dan ^{[1
]}

机构：

[1] Stanford Univ, Dept Comp Sci, Stanford, CA 94305 USA

来源：

ACM TRANSACTIONS ON THE WEB | 2009年 / 3卷 / 01期

关键词：

Security; Design; Experimentation; Same-origin policy; DNS; firewall; spam; click fraud;

D O I：

10.1145/1462148.1462150

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

DNS rebinding attacks subvert the same-origin policy of browsers, converting them into open network proxies. Using DNS rebinding, an attacker can circumvent organizational and personal firewalls, send spam email, and defraud pay-per-click advertisers. We evaluate the cost effectiveness of mounting DNS rebinding attacks, finding that an attacker requires less than $ 100 to hijack 100,000 IP addresses. We analyze defenses to DNS rebinding attacks, including improvements to the classic "DNS pinning," and recommend changes to browser plug-ins, firewalls, and Web servers. Our defenses have been adopted by plug-in vendors and by a number of open-source firewall implementations.

引用

页数：26