Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Are the attacks on home routers dangerous?
Message
<blockquote data-quote="Andy Ful" data-source="post: 904143" data-attributes="member: 32260"><p>If I correctly recall, in this video authors claim that the router protections against DNS Rebainding are usually insufficient. It is necessary to know what protection has been applied (see pages 45-50 and pages 73-74 in the Presentation). I have seen several Infos from this year in Google that router vendors submitted updates to protect against DNS Rebainding (but I do not know details).</p><p></p><p>"<em>How do common DNS protections work?</em></p><ul> <li data-xf-list-type="ul"><em>The most common form of protection is to block private IP addresses as defined in RFC 1918</em></li> <li data-xf-list-type="ul"><em>Some tools allow to additionally block localhost, local (internal) networks, or 0.0.0.0</em></li> <li data-xf-list-type="ul"><em>Dnsmasq & Unbound open source DNS servers are very popular and are used in many widely used applications such as the pfSense firewall, the OpenWRT embedded operating system, and some home routers from FRITZ!Box or ASUS</em></li> <li data-xf-list-type="ul"><em>There are also free DNS services such as OpenDNS which has a setting to block internal IP addresses.</em></li> <li data-xf-list-type="ul"><em>Most tools tools or services that have try to block DNS rebinding attacks do not enable it by default. pfSense and Google Home seem to enable it by default. But there are several tool & services that allow you to configure DNS rebinding protections."</em></li> </ul><p></p><p><em>"How to really protect from DNS rebinding:</em></p><ol> <li data-xf-list-type="ol"><em>Use TLS on all services, external and internal including localhost</em></li> <li data-xf-list-type="ol"><em>Always use authentication.</em></li> <li data-xf-list-type="ol"><em>Validate the Host header of HTTP requests for correct values e.g. 127.0.0.1 (whitelisting)</em>."</li> </ol><p>See also:</p><p>[URL unfurl="true"]https://github.com/nccgroup/singularity/wiki/Preventing-DNS-Rebinding-Attacks[/URL]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 904143, member: 32260"] If I correctly recall, in this video authors claim that the router protections against DNS Rebainding are usually insufficient. It is necessary to know what protection has been applied (see pages 45-50 and pages 73-74 in the Presentation). I have seen several Infos from this year in Google that router vendors submitted updates to protect against DNS Rebainding (but I do not know details). "[I]How do common DNS protections work?[/I] [LIST] [*][I]The most common form of protection is to block private IP addresses as defined in RFC 1918[/I] [*][I]Some tools allow to additionally block localhost, local (internal) networks, or 0.0.0.0[/I] [*][I]Dnsmasq & Unbound open source DNS servers are very popular and are used in many widely used applications such as the pfSense firewall, the OpenWRT embedded operating system, and some home routers from FRITZ!Box or ASUS[/I] [*][I]There are also free DNS services such as OpenDNS which has a setting to block internal IP addresses.[/I] [*][I]Most tools tools or services that have try to block DNS rebinding attacks do not enable it by default. pfSense and Google Home seem to enable it by default. But there are several tool & services that allow you to configure DNS rebinding protections."[/I] [/LIST] [I]"How to really protect from DNS rebinding:[/I] [LIST=1] [*][I]Use TLS on all services, external and internal including localhost[/I] [*][I]Always use authentication.[/I] [*][I]Validate the Host header of HTTP requests for correct values e.g. 127.0.0.1 (whitelisting)[/I]." [/LIST] See also: [URL unfurl="true"]https://github.com/nccgroup/singularity/wiki/Preventing-DNS-Rebinding-Attacks[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
