DNS-Rebinding Can Help Infiltrate Home PCs
A new security vulnerability makes numerous household routers vulnerable to attack as it helps hackers to compromise consumers' browsing sessions or infiltrate home PCs.
Craig Heffner, Researcher at Seismic (a security consultancy firm) elaborated on the vulnerability and issued a proof-of-concept for it at the Vegas (USA)-held Black-Hat Conference in July 2010, as reported by TheRegister on July 19, 2010.
The DNS-rebinding vulnerability affects kit approximately one-half of prevalent home router models like DSL versions or Verizon Fios; Dell, and most Linksys. Contrarily, it has been many years now that DNS rebinding are in existence.
To further elaborate, the attack exploits a component of the DNS (Domain Name System), This is an online technique of changing names of web-pages to IP address numbers. When a user goes to Google.com, then that domain name may be changed online to the IP address 22.214.171.124. Modern Web-browsers have protection measures against sites that try to access data which isn't at their authorized Internet Protocol address.
Moreover, the new version involves creating a website for attack with active malware. This implies that the IP address of a visitor is made to appear as another IP address of the attack website, giving the latter a status of trust.
Once the visitor lands on the booby-trapped website, its malicious script converts into a different IP address which is really his own IP address. Consequently, the script gains admission into the visitor's PC, potentially compromising his browser and take control over his router settings.
Finally, the new attack is different from other DNS-rebinding methods. It doesn't need former information about the attacked router like its model, host name, inside IP address etc. Moreover, it doesn't depend on any method for pinning DNS that helps it to bypass existing safeguards for DNS-rebinding.
Related article: DNS Servers Not Free of Vulnerability
» SPAMfighter News - 31-07-2010