FireDrill: interactive DNS rebinding

Authors:
Yunxing Dai;Ryan Resig
Affiliations:
Electrical Engineering and Computer Science Department, University of Michigan, Ann Arbor, MI;Electrical Engineering and Computer Science Department, University of Michigan, Ann Arbor, MI
Venue:
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Year:
2013

Citing 3
Cited 0

Protecting browser state from web privacy attacks

Proceedings of the 15th international conference on World Wide Web
Protecting browsers from dns rebinding attacks

Proceedings of the 14th ACM conference on Computer and communications security
Java security: from hotjava to netscape and beyond

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

By using traditional DNS rebinding attacks, an attacker is able to circumvent firewalls in order to access internal network servers. Although many of the variations of this attack are well-known and sufficiently defended against, we show that by exploiting browsers' DNS cache table, it is possible to launch a DNS rebinding attack on modern browsers. Furthermore, we implement FireDrill, a tool that uses this DNS cache flooding technique to initialize an interactive session between the attacker and victim's web server. This interactive session opens up a number of malicious possibilities for the attacker on top of existing DNS rebinding uses. Some of the new potential uses include authentication, modification of website state, framing of the victim, and more.