Paid Advertising
web application security lab
« Charset Vulnerability Map
Tor’s Privacy Broken? »

Practical Anti-DNS Pinning Writeup

I saw this today and I had to laugh - where people thought this was all theoretical, we now have proof that attackers are actually using Anti-DNS pinning. .::t3rmin4t0r::. (a Yahoo! employee his website proclaims) actually used this attack successfully to own a router of the victim. More importantly he actually goes into some pretty good detail about how he actually performed the attack itself (which webserver, how he logged the victim, how he performed the XMLHTTPRequest, etc…).

Just because it’s not obvious doesn’t mean attackers don’t use it. It may not be prevalent, but if people are starting to use it, it will only be a matter of time before any local webservers or intranet webservers are attacked using this method. Anyway, it’s a very good writeup by .::t3rmin4t0r::. if you aren’t already familiar with the nuances of anti-DNS pinning, which I’m told most people aren’t.

And by the way, if things aren’t clear the only way I know that is if someone says, “wtf are you talking about RSnake?” If you guys want to know more about something about whatever it is I’m talking about, please let me know, because otherwise I sort of assume everyone pretty much gets it.

This entry was posted on Thursday, March 8th, 2007 at 4:46 pm and is filed under XSS, Webappsec. You can leave a response as well.

7 Responses to “Practical Anti-DNS Pinning Writeup”

  1. t3rmin4t0r Says:
    March 8th, 2007 at 10:50 pm

    Hmm… somehow the term “attacker” sounds a bit harsh - because it is all between friends here (unbelievers come in all sizes & shapes, but).

    and I work in Y!’s b’lore office.

  2. Dinis Cruz Blog » Blog Archive » DNS Pinning Says:
    March 9th, 2007 at 1:45 am

    […] Practical Anti-DNS Pinning Writeup […]

  3. Jungsonn Says:
    March 9th, 2007 at 2:37 am

    You know what’s strange about this all? I’ve already done it without knowing it was called “Anti-DNS Pinning”. Now I realize after his write-up about it that it was exactly this what I did.

    haha isn’t that cool. :)

  4. SW Says:
    March 9th, 2007 at 8:40 am

    wtf are you talking about RSnake?

    Nevermind found it. ;)

    [url]http://jeremiahgrossman.blogspot.com/[/url]

  5. RSnake Says:
    March 9th, 2007 at 9:02 am

    t3rmin4t0r - sorry, it wasn’t clear you were doing it against a friend only. :) In that case you’re right, it’s not really an attacker. And since we are friends I hope you don’t mind me reading your email too. ;)

  6. t3rmin4t0r Says:
    March 13th, 2007 at 1:23 am

    Friend (n): /frɛnd/
    Someone in a position to whack you with a pool cue, if you b0rk things too bad

    I’m sorry to say, I can’t put you in that category yet … :)

    Jokes aside, I’m intelligent enough to know I’m no security guy - just the wrong
    guy to say “My machine is secure” to, mainly because of the information real
    researchers (i.e you guys) churn out ().

    Except I do have to wonder … how did an obscure blog like mine (full of
    philosophical BS and my life story in general) end up with you ?

  7. RSnake Says:
    March 13th, 2007 at 1:53 pm

    I’m not sure, I find people through all sorts of means. It was a few days ago now and I don’t recall how I found myself there. But it’s a good writeup, that’s for sure.

Respond here or Discuss On the Forums