|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Whitepaper - DNS pinning and web proxies
Date: Tue Jul 10 2007 - 14:19:05 EDT
Hello
The statements below, as well as on the paper itself ("So far, discussion has focused solely on browser issues and has ignored the fact that web proxies are also vulnerable to the same attacks.") are somewhat inaccurate.
Please look at the following BugTraq posting submitted July 29th, 2002 by Adam Megacz and titled "XWT Foundation Advisory: Firewall circumvention possible with all browsers" (http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-07/0363.html). It uses the term "quick-swap DNS" to describe the basic attack, and proceeds to note:
"Since some clients behind HTTP proxies do not have access to a DNS server which they can use for name-to-IP resolution, HTTP Proxies should return an additional header in the HTTP reply 'Origin-Server-Address:', whose value is the network-layer address of the origin server. A web browser without DNS access which recieves a script from a proxy which does not support this header must not be allowed to access content in any other frame, iframe, window, or layer."
Which is identical to solution #3 you suggest.
So I'd say the problem has been known for few years (albeit admittedly less discussed), and at least one solution was already suggested.
Thanks,
-Amit
On 7/10/07, Dafydd Stuttard <daf@ngssoftware.com> wrote:
> DNS-based attacks against browsers have been known about for years. These
> attacks have received increased attention recently, following the discovery
> of defects within browser-based DNS pinning defences.
>
> So far, discussion has focused on browser issues. However, the same attacks
> can also be performed against web proxies.
Received on Tue Jul 10 15:10:48 2007
This archive was generated by hypermail 2.1.8 : Mon Jul 16 2007 - 05:18:42 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |