Skip to main content

Home DNS rebinding attack

DNS rebinding attack

(also DNS rebinding)

DNS rebinding attack definition

A DNS rebinding attack is a type of DNS attack that manipulates the resolution of domain names. Hackers usually conduct DNS rebinding attacks so that they can create a pathway that establishes communication between the victim’s browser and the attacker’s server, enabling the attacker to exploit vulnerabilities within the browser itself. So, a DNS rebinding attack is not a standalone attack like other cyberattacks. While an attacker conducts a DNS rebinding attack, not only do they compromise the domain, but they also hijack the domain’s nameserver. So, using a DNS rebinding attack, an attacker can use various techniques to deliver malicious content which might further infect devices with malware and other viruses.

See also: IoT botnet, IoT middleware

DNS rebinding attack protection

Browser-based mitigation. Using browsers like Firefox and Chrome, which use the DNS pinning technique to protect users against DNS rebinding attacks, can help prevent falling prey to such attacks. However, this method is not bulletproof because attackers can still conduct a DNS rebinding attack by lowering the TTL to the DNS record of malicious hostnames.

Regardless, it’s still better to use browsers with some DNS rebinding protection than ones with none.

DNS-based mitigation. To further protect from DNS rebinding attacks, DNS-based mitigation can be implemented by using services like OpenDNS and some DNS caching software.