Protecting browsers from DNS rebinding attacks

ACM Transactions on the Web

Volumn 3, Issue 1, 2009, Pages

  Jackson, Collin ^a,b   Barth, Adam ^a,b   Bortz, Andrew ^a,b   Shao, Weidong ^a,b   Boneh, Dan ^a,b  

^a STANFORD UNIVERSITY   (United States)

^b Stanford University   (United States)

Author keywords

Click fraud; DNS; Firewall; Same origin policy; Spam

Indexed keywords

CLICK FRAUD; DNS; FIREWALL; SAME-ORIGIN POLICY; SPAM;

COMPUTER SYSTEM FIREWALLS; INTERNET; INTERNET PROTOCOLS; SPAMMING;

SERVERS;

EID: 58849088038     PISSN: 15591131     EISSN: 1559114X     Source Type: Journal    
DOI: 10.1145/1462148.1462150     Document Type: Conference Paper

References (58)

1. Adobe. 2006. Adobe Flash Player 9 security, http://www.adobe. com/devnet/flashplayer/articles/fiash-player-9-security.pdf.
2. Adobe. 2008. Flash Player penetration. http://www.adobe.com/ products/player-census/flash-player/.
3. Aleka. 2007. Top sites. http://www.alexa.com/site/ds/top-sites? ts-mode=global.
4. ANVIL, K. 2007. Anti-DNS pinning + socket in flash. http://www.jumperz.net/.
5. ARENDS, R., AUSTEIN, R., LARSON, M., MASSEY, D., AND ROSE, S. 2005. DNS security introduction and requirements. RFC 4033.
6. BORTZ, A., BARTH, A., AND JACKSON, C. 2007. Google dnswall. http://code.google.com/p/googlednswall/.
7. CHESHIRE, S., ABOBA, B., AND GUTTMAN, E. 2005. Dynamic configuration of IPv4 link-local addresses. IETF RFC 3927.
8. CHESWICK, W. AND BELLOVIN, S. 1996. A DNS filter and switch for packet-filtering gateways. In Proceedings of the USENIX Annual Technical Conference.
9. DASWANI, N. AND STOPPELMAN, M. 2007. The anatomy of Clickbot.A. In Proceedings of 1st Workshop on Hot Topics in Understanding Botnets (HotBots).
10. DEAN, D., FELTEN, E. W., AND WALLACH, D. S. 1996. Java security: From HotJava to Netscape and beyond. In IEEE Symposium on Security and Privacy.
11. EDWARDS, D. 2005. Your MOMA knows best. http://xooglers. blogspot.com/2005/12/your-moma-knows-best.html.
12. FAINELLI, F. 2008. The OpenWrt embedded development framework. In Free and Open Source Software Developers' European Meeting.
13. FENZI, K. AND WRESKI, D. 2004. Linux security HOWTO.
14. FIELDING, R., GETTYS, J., MOGUL, J., FRYSTYK, H., MASINTER, L., LEACH, P., AND BERNERS-LEE, T. 1999. Hypertext Transfer Protocol - HTTP/1.1. RFC 2616.
15. FISHER, D. 2007. Personal communication.
16. FISHER, D. ET AL. 2003. Problems with new DNS cache ("pinning" forever). https://bugzilla.mozilla.org/show-bug.cgi?id= 162871.
17. GAJEK, S., SCHWENK, J., AND XUAN, C. 2008. On the insecurity of Microsoft's identity metasystem. Tech. Rep. HGI-TR-2008-003, Horst Görtz Institute for IT Security, Ruhr University Bochum. May. http://demo.nds.rub.de/cardspace/.
18. GOODIN, D. 2005. Calif. man pleads guilty to felony hacking. Assoc. Press.
19. GOTTSCHALL, S. ET AL. 2008. DD-WRT (version 24). http://www.dd-wrt.com/.
20. GRIMM, S. ET AL. 2002. Setting document.domain doesn't match an implicit parent domain. https://bugzilla.mozilla.org/show-bug.cgi?id= 183143.
21. GROSSMAN, J. AND NIEDZIALKOWSKI, T. 2006. Hacking intranet Websites from the outside: JavaScript malware just got a lot more dangerous. In Blackhat USA. Invited talk.
22. HAUPT, E. 2008. dnswall FreeBSD port. http://www.freebsd.org/ cgi/cvsweb.cgi/ports/dns/dnswall/.
23. HINDEN, R. AND DEERING, S. 2003. Internet protocol version 6 (IPv6) addressing architecture. IETF RFC 3513.
24. HINDEN, R. AND HAISKRMAN, B. 2005. Unique local IPv6 unicast addresses. IETF RFC 4193.
25. JACKSON, C. AND BARTH, A. 2008. Beware of finer-grained origins. In Web 2.0 Security and Privacy.
26. JOHNS, M. 2006. (Somewhat) breaking the same-origin policy by undermining DNS pinning. http://shampoo.antville.org/stories/1451301/.
27. JOHNS, M. AND WINTER, J. 2007. Protecting the Intranet against "JavaScript Malware" and related attacks. In Proceedings of the GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).
28. KARLOF, C. K., SHANKAR, U., TY'GAR, D., AND WAGNER, D. 2007. Dynamic pharming attacks and the locked same-origin policies for Web browsers. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
29. KELLEY, S. 2008. Dnsmasq (version 2.41). http://www.thekelleys. org.uk/dnsmasq/doc.html.
30. KLEIN, A. 2006. Host header cannot be trusted as an anti anti DNS-pinning measure. http://www.securityfocus.com/archive/1/445490.
31. LAM, V. T., ANFONATOS, S., AKRITIDIS, P., AND ANAGNOSTAKJS, K. G. 2006. Puppetnets: Misusing Web browsers as a distributed attack infrastructure. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
32. MAONE, G. 2007a. DNS spoofing/pinning. http://sla.ckers.org/ forum/read.php?6,4511,14500.
33. MAONE, G. 2007b. NoScript. http://noscript.net/.
34. MEGACZ, A. 2002. XWT Foundation security advisory. http://www.megacz.com/research/sop.txt.
35. MEGACZ, A. AND MEKETA, D. 2003. X-RequestOrigin. http://www.xwt.org/x-requestorigin.txt.
36. MEYER, D. 1998. Administratively scoped IP multicast. IETF RFC 2365.
37. Microsoft. 2004. Microsoft Web enterprise portal. http://www.microsoft.com/technet/itshowcase/content/MSWebTWP.mspx.
38. MICROSOFT 2008. Socket class (System.Net.Sockets). http://msdn.microsoft.com/en-us/library/system.net.sockets.soeket(VS.95).aspx.
39. MITRE. 2007a. CVE-2007-5273.
40. MITRE. 2007b. CVE-2007-5274.
41. MITRE. 2007c. CVE-2007-5275.
42. MITRE. 2007d. CVE-2007-6244.
43. MITRE. 2008. CVE-2008-1192.
44. MOCKAPETRIS, P. 1987. Domain names - Implementation and specification. IETF RFC 1035.
45. NUUJA, C. 2007. Personal communication.
46. OLLMANN, G. 2005. The pharming guide. http://www.ngssoftware. com/papers/ThePharmingGuide.pdf.
47. REKHTER, Y., MOSKOWITZ, B., KARRENBERG, D., DE GROOT, G. J., AND LEAR, E. 1996. Address allocation for private Internets. IETF RFC 1918.
48. REYNOLDS, J. AND POSTEL, J. 1994. Assigned numbers. IETF RFC 1700.
49. ROSKIND, J. 2001. Attacks against the Netscape browser. In RSA Conference. Invited talk.
50. ROSS, D. 2007. Notes on DNS pinning. http://blogs.msdn.com/ dross/archive/2007/07/09/notes-o-ndns-pinning.aspx.
51. RUDKUMAN, J. 2001. JavaScript security: Same origin. http://www.mozilla.org/projects/security/components/same-origin.html.
52. SOREF, J. 2003. DNS: Spoofing and pinning. http://viper.haque. net/timeless/blog/11/.
53. Spamhaus. 2007. The Spamhaus block list. http://www.spamhaus. org/sbl/.
54. STAMM, S., RAMZAN, Z., AND JAKOBSSON, M. 2006. Drive-By pharming. Tech. Rep. 641, Computer Science Department, Indiana University. December.
55. TOFF, J. 2001. HTML form protocol attack. http://www.remote.org/ jochen/sec/hfpa/hfpa.pdf.
56. VEDITZ, D. ET AL. 2002. Document.domain abused to access hosts behind firewall. https://bugzilla.mozilla.org/show-bug.cgi?id= 154930.
57. WARNER, B. 2004. Home PCs rented out in sabotage-for-hire racket. Reuters.
58. WINTER, J. AND JOHNS, M. 2007. LocalRodeo: Client-Side prelection against JavaScript Malware. http://databasement.net/labs/ localrodeo/.