In a DNS rebinding attack, the attacker first gains control of a malicious DNS server. This server responds to queries for a specific domain. The attacker then employs tactics like phishing to deceive the user into visiting the malicious domain in their browser, which triggers a DNS request for the IP address. Initially, the attacker's server provides the correct IP address, but it sets a very short time-to-live (TTL) of one second for the DNS record, ensuring it doesn't stay in the cache for long. For any further DNS requests, the attacker swaps in an IP address that points to a resource on the victim’s local network. This bypasses same-origin policy (SOP) restrictions, enabling the attacker to carry out harmful actions within the browser. DNS rebinding attacks can be used to steal sensitive data, disrupt business operations, perform unauthorized activities, or set the stage for more extensive attacks. Enabling certain security settings can prevent DNS rebinding attacks.
General
Content
Integrations
App links