A method for obtaining unauthorized access to the local network by fooling the Web browser into switching IP addresses from the Web server to a local computer. It is used to steal company information, compromise unprotected client machines and hijack IP addresses for spam, click fraud and other malevolent purposes.
When a user requests a Web page from an attacker's site, the attacker's DNS server returns the IP address of its Web server with an extremely short time to live (TTL). The page that gets downloaded contains malicious code that binds the local IP address to the host name of the attacker's site. The next query to the attacker's site becomes a query to the local machine. See TTL.
DNS Pinning
A function built into most Web browsers, DNS pinning ignores the TTL returned from the DNS server and keeps the Web server IP address "pinned" to the original host name for up to several minutes. However, active technologies such as Java and Flash are also vulnerable to DNS rebinding. They use separate pin databases and have their own access to the network.
When a user requests a Web page from an attacker's site, the attacker's DNS server returns the IP address of its Web server with an extremely short time to live (TTL). The page that gets downloaded contains malicious code that binds the local IP address to the host name of the attacker's site. The next query to the attacker's site becomes a query to the local machine. See TTL.
DNS Pinning
A function built into most Web browsers, DNS pinning ignores the TTL returned from the DNS server and keeps the Web server IP address "pinned" to the original host name for up to several minutes. However, active technologies such as Java and Flash are also vulnerable to DNS rebinding. They use separate pin databases and have their own access to the network.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- The depressing future of the Internet
- The depressing future of the InternetRE: The depressing future of the InternetEverybody knows the *real* meaning of life is somehow embedded into IPv6. I don't know - I've got a fever so high I could fry a sodding egg on my forehead.Whoa! Slow down, Momar...[i]...some years ago, some military...
- Discussion threads 2008-08-28
- The depressing future of the Internet
- A brief overview of how the Internet came about: some years ago, some military boffs thought it'd be awesome if computers could talk to each other, so the US could nuke the hell out of other countries without actually being near there. A smart professor from England then came up...
- Blog posts 2008-08-28
- Who's Dumber: Bad Guys … Or Good Guys?
- In the old cowboy movies, the black hats were villains that created mayhem, until the white hats came along and ended their reigns of fear. Now, we have the spectacle of good guys seemingly educating the bad guys on how to exploit flaws or processes of the Internet, that...
- Blog posts 2008-08-27
- One Router to Connect Them All
- One Router to Connect Them AllWives and out of townI have the same problem. I usually get infuriating phone calls where I have to talk her through the whole device reboot process each time, and she forgets how to do it.God awful from where I liveRead my "Harsh reality of...
- Discussion threads 2008-08-26
- Hundreds of Dutch web sites hacked by Islamic hackers
- In what appears to be a mass defacement, where several hundred domains take advantage of a shared hosting provider, starting as of this Friday, an Islamic hacker known as nEt^DeViL -- this is not the NetDevilz team that hijacked the DNS records of the ICANN and Photobucket in June --...
- Blog posts 2008-08-25
- Maxtor Central Axis NAS server
- The Maxtor Central Axis carries a list price of $320, but can be found for as little as $270--a good deal for a network storage device with 1TB of storage. We liked the Central Axis' compact design, fast performance, and that its over-the-Internet access service was easy to set...
- Product reviews 2008-08-22
- News to know: Google; Typosquatting; Apple; IDF
- Here are today's notable headlines. You can get News To Know via email alert and RSS daily: Garett Rogers: Google gains share again, should Microsoft give up? Christopher Dawson: Can Dell compete on cost anymore? Dancho Danchev: Typosquatting the U.S presidential...
- Blog posts 2008-08-22
- Websense reports China Netcom DNS cache poisoning
- Websense reports China Netcom DNS cache poisoninginteresting!Can I translate this article to korean in my blog? (http://carly1000.blogspot.com/2008/08/websense-reports-china-netcom-dns-cache.html)If you don't want to this, please add a comment on my blog.
- Discussion threads 2008-08-21
- Websense reports China Netcom DNS cache poisoning
- The DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits. According to a warning from Websense Security Labs, the DNS poisoning attacks are affecting customers of China Netcom CNC and are using a malicious...
- Blog posts 2008-08-21
- My bad day with Windows Server 2003
- Today was not a good computer day. I had some good meetings (yes, actual good, productive meetings), finished a couple items on my to do list, and even got some of that good old Ikea furniture put together. The part of my job where I work with a...
- Blog posts 2008-08-18
- Delivering the Olympics: Akamai and Limelight respond
- Akamai disputes Limelight Networks' take on its infrastructure and my recent post, Limelight Networks: Why the Olympics didn't 'Melt' the Internet. Limelight, however, says its implementation facts are accurate and that it absolutely stands behind its words.Keep in mind that the two companies compete fiercely and have different takes on...
- Blog posts 2008-08-18
- Creating good spaces for kids to work
- Creating good spaces for kids to workNo contentI didn't find anything in here except "go to ikea" for useful info on setting up kids workspaces. Was hoping for some advice on maybe how to time share the computer, or how to setup the computers so they can be easily...
- Discussion threads 2008-08-18
- Microsoft investigating NSlookup.exe flaw, reported attacks
- Microsoft is investigating new public reports of a zero-day Windows vulnerability that's being exploited in the wild. According to a this SecurityFocus alert, the attacks are exploiting a remote code-execution vulnerability due to an unspecified error in NSlookup.exe, the command-line administrative tool used for testing and troubleshooting...
- Blog posts 2008-08-15
- MBTA published checksum info in court filings
- MBTA published checksum info in court filingsWho is MBTA?Admittedly, I could probably look it up, but it really should be one of the first things you mention in your article.The important question is TRO, not PROThe spectre of a permanent restraining order is a red herring. The immediate harm...
- Discussion threads 2008-08-14
- Measuring (not so) recent BIND nameserver patching
- Guest editorial by Derek Callaway This post is meant to provide an approximation of BIND nameserver updates that occurred during the past month, most likely in response to Dan Kaminsky's DNS cache poisoning vulnerability. I conducted this research because I was curious as to how widely BIND...
- Blog posts 2008-08-14
- Joomla hit by critical password-reset forgery flaw
- Joomla hit by critical password-reset forgery flawReset Yur Admin PasswordHere's a link to how to reset your password in MySQL if you have already been exploited. It's important that you do this if you are having issues.http://anotherguy.us/categories/software/25-recover-your-admin-password-in-joomlaWOW!All I can say is WOW! This is security 101, or even before that....
- Discussion threads 2008-08-13
- The Unix sysadmin salary premium
- The Unix sysadmin salary premiumThe non-obviously conclusions I draw...The non-obviously conclusions I draw from this is that organisations looking fron Windows admins could do well by bring in guys with Unix experience.(I can hear someone say "No self respecting unix guy would take the job", to which the answer is...
- Discussion threads 2008-08-13
- Gmail outage the latest cloud stumble; Where's the offline synching?
- Gmail outage the latest cloud stumble; Where's the offline synching?Can't trust it yetWhile seeing the tech world lose their mind via Twitter due to the gmail outage, I agree that it shows the need to not rely on a single source for anything deemed "critial", whether it's cloud, hardware, software,...
- Discussion threads 2008-08-12
- Gmail outage the latest cloud stumble; Where's the offline synching?
- Google's Gmail outage on Monday was the latest stumble for nascent cloud computing services, which are becoming the lifeblood for small businesses and startups. The Gmail outage--along with Amazon's stumbles of late--raises a few key questions: Where's the offline synchronization capability? Can we depend solely on the Web? Is Microsoft's...
- Blog posts 2008-08-12
- Coordinated Russia vs Georgia cyber attack in progress
- In the wake of the Russian-Georgian conflict, a week worth of speculations around Russian Internet forums have finally materialized into a coordinated cyber attack against Georgia's Internet infrastructure. The attacks have already managed to compromise several government web sites, with continuing DDoS attacks against numerous other Georgian government sites, prompting...
- Blog posts 2008-08-11
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Ultraportables
- Understanding Ultraportable Laptops (BNET)
- Five steps to protect mobile devices anywhere, anytime (TechRepublic)
- View all ZDNet Toshiba laptop reviews
- From our sponsors
- Toshiba Satellite® U400 Series
-
- The ultra-portable, ultra-stylish Satellite® U405 is a smart choice for you and your small business. Only from the laptop expert, Toshiba. Explore the complete laptop lineup »
-
