DNS-Rebinding Can Help Infiltrate Home PCs

A new security vulnerability makes numerous household routers vulnerable to attack as it helps hackers to compromise consumers' browsing sessions or infiltrate home PCs.

Craig Heffner, Researcher at Seismic (a security consultancy firm) elaborated on the vulnerability and issued a proof-of-concept for it at the Vegas (USA)-held Black-Hat Conference in July 2010, as reported by TheRegister on July 19, 2010.

The DNS-rebinding vulnerability affects kit approximately one-half of prevalent home router models like DSL versions or Verizon Fios; Dell, and most Linksys. Contrarily, it has been many years now that DNS rebinding are in existence.

To further elaborate, the attack exploits a component of the DNS (Domain Name System), This is an online technique of changing names of web-pages to IP address numbers. When a user goes to Google.com, then that domain name may be changed online to the IP address Modern Web-browsers have protection measures against sites that try to access data which isn't at their authorized Internet Protocol address.

Heffner further states that the earlier attack version used enticing tactics to make a Web-surfer access a malware-laden site, but the present one utilizes a tactic for bypassing the same rule-of-origin. Hence, the present technique allows the penetration of a malicious JavaScript into vulnerable home PCs.

Moreover, the new version involves creating a website for attack with active malware. This implies that the IP address of a visitor is made to appear as another IP address of the attack website, giving the latter a status of trust.

Once the visitor lands on the booby-trapped website, its malicious script converts into a different IP address which is really his own IP address. Consequently, the script gains admission into the visitor's PC, potentially compromising his browser and take control over his router settings.

Finally, the new attack is different from other DNS-rebinding methods. It doesn't need former information about the attacked router like its model, host name, inside IP address etc. Moreover, it doesn't depend on any method for pinning DNS that helps it to bypass existing safeguards for DNS-rebinding.

Related article: DNS Servers Not Free of Vulnerability

ยป SPAMfighter News - 7/31/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page