Re: DNS Rebinding Prevention for the Weak Host Model Attacks

I am looking at the deny-answer-* section for this, but we just need to ensure we minimally affect legitimate applications. This is why I was proposing we only action when the source is apart of the answer AS WELL as another answer. Blocking based on just the source would affect dyn-dns type applic

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

deny-answer-addresses { %source%; }; deny-answer-aliases { %source%; }; Maybe? - Kevin On 8/17/2010 12:22 AM, Bradley Falzon wrote: bind-users, In light of Craig Heffner's rece

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

In article , Florian Weimer wrote: > * Bradley Falzon: > > > Craig Heffner's version of the DNS Rebinding attack, similar to all > > DNS Rebinding attacks, requires the DNS Servers to respond with an > > Attackers IP Address as well as the Victims IP Address, in a typical > > Round Robin fashio

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

On Wed, Aug 18, 2010 at 1:05 AM, Phil Mayers wrote: > On 08/17/2010 04:31 PM, Florian Weimer wrote: >> >> * Bradley Falzon: >> >>> Craig Heffner's version of the DNS Rebinding attack, similar to all >>> DNS Rebinding attacks, requires the DNS Servers to respond with an >>> Attackers IP Address as

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

On Wed, Aug 18, 2010 at 1:01 AM, Florian Weimer wrote: > * Bradley Falzon: > >> Craig Heffner's version of the DNS Rebinding attack, similar to all >> DNS Rebinding attacks, requires the DNS Servers to respond with an >> Attackers IP Address as well as the Victims IP Address, in a typical >> Round

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

On 08/17/2010 04:31 PM, Florian Weimer wrote: * Bradley Falzon: Craig Heffner's version of the DNS Rebinding attack, similar to all DNS Rebinding attacks, requires the DNS Servers to respond with an Attackers IP Address as well as the Victims IP Address, in a typical Round Robin fashion. Previo

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

* Bradley Falzon: > Craig Heffner's version of the DNS Rebinding attack, similar to all > DNS Rebinding attacks, requires the DNS Servers to respond with an > Attackers IP Address as well as the Victims IP Address, in a typical > Round Robin fashion. Previous attacks would normally have the Victim

DNS Rebinding Prevention for the Weak Host Model Attacks

bind-users, In light of Craig Heffner's recent Black Hat talk (here: https://media.blackhat.com/bh-us-10/whitepapers/Heffner/BlackHat-USA-2010-Heffner-How-to-Hack-Millions-of-Routers-wp.pdf and here: http://rebind.googlecode.com) I would like to propose a possible solution in line with the 'DNS re