Yunxing Dai and Ryan Resig, University of Michigan
By using traditional DNS rebinding attacks, an attacker is able to circumvent firewalls in order to access internal network servers. Although many of the variations of this attack are well-known and sufficiently defended against, we show that by exploiting browsers' DNS cache table, it is possible to launch a DNS rebinding attack on modern browsers. Furthermore, we implement FireDrill, a tool that uses this DNS cache flooding technique to initialize an interactive session between the attacker and victim's web server. This interactive session opens up a number of malicious possibilities for the attacker on top of existing DNS rebinding uses. Some of the new potential uses include authentication, modification of website state, framing of the victim, and more.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {179194,
author = {Yunxing Dai and Ryan Resig},
title = {{FireDrill}: Interactive {DNS} Rebinding},
booktitle = {7th USENIX Workshop on Offensive Technologies (WOOT 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/woot13/workshop-program/presentation/dai},
publisher = {USENIX Association},
month = aug
}
