At Positive Hack Days, specialists of the Positive Research Center presented the results of the DNS Rebinding vulnerability research.
8/25/2011
The results helped finally reveal how the attack can be carried out in practice. The experts demonstrated new vectors for the DNS Rebinding attack, also known as AntiDNS Pinning. The vulnerability implies that a user's browser acts as a mediator between attackers and the target network. It allows attackers to conduct attacks against virtual infrastructures. Notably, it is not the infrastructure of virtual machine management that suffers from the attack but the users' and administrators' workstations, which are usually far less protected than servers. DNS Rebinding allows attackers to interact with internal systems from within the internal network of the target company, which makes it all easier for attackers. Though most browsers nowadays are protected against such attacks, the protection is not always efficient and can be bypassed.
The research conducted by Positive Technologies involved real cases to demonstrate attacks against corporate networks and virtualization systems, network equipment and means of protection. The research thoroughly covers the tools for vulnerability exploitation, as well as the way to bypass existing restrictions. Also, the authors observed the methods of protection against the attack and related attacks.
At present, the companies in which the vulnerability was detected, are cooperating with the experts of Positive Technologies to eliminate the defects.