Two level verification for detection of DNS rebinding attacks

Abstract

In this paper the focus is on the detection and prevention of DNS rebinding attack. DNS rebinding attack circumvents the access control of browser's same origin policy (SOP) and converts them into open network proxies to access the information of target systems. It works by sending in genuine IP address for the DNS response and infects the victim browser with malicious Javascript or other active content which then exploits the name-based SOP. This leads to the successful launch of the attack in spite of the existence of strong authentication schemes. The existing counter mechanisms are not able to prevent all types of DNS rebinding attacks. We propose two level based solution, level-I is based on the comparison of the hostname of canonical NAME of each reverse DNS lookup of IP address returned by DNS response with the original domain name and level-II compares the HTTP response content of the each IP addresses returned by DNS response. The SSE network testbed was used for testing the proposed solution and the experimental results show that the proposed solutions are able to detect and prevent all subsequent DNS rebinding attacks. © 2013 The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden.