Cenzic 232 Patent
Paid Advertising
web application security lab

DNS Pinning Madness

If you haven’t noticed, DNS pinning is all the rage lately. Sure, it’s been around forever, but once Martin Johns found the original problem with it, it became something interesting to talk about (specifically in the context of Intranets). Now, a year later, suddenly people see it as a big hole (and it is). Weird timing though. Anyway, firstly, if you haven’t checked out Christ1an’s blog entry on how DNS pinning works you probably should. This is taken partly from the XSS Exploits book and partially from talking with Christ1an.

More interestingly, David Ross from Microsoft posted two interesting comments on DNS pinning. The first is that IE does not actually implement DNS pinning. Scary. The second is that XMLHTTPRequest did stop anti-anti-anti DNS pinning, which you should already know if you read my blog religiously. The sub-text here (not from David, but from my own thoughts) is that there may be more holes there, rather than needing to shut down the port. Very interesting.

2 Responses to “DNS Pinning Madness”

  1. Spider Says:

    Cool. If I could make one suggestion to all of the wonderful (used without sarcasm ) security researchers it would be this: Please come up with a better taxonomy for the various anti DNS pinning techniques. I understand what it is, but its tough to keep track of all the anti s and remember which technique is used for each step.

    I don’t have an suggestions per say, just a thought.

  2. RSnake Says:

    The security industry has never had a good naming standard for any web based exploits. However, we could make it slightly more ridiculous - the exploit that IE7.0 fixed in XMLHTTPRequest to spoof the host header could be called anti-anti-anti-anti DNS pinning since it does fix anti-anti-anti DNS pinning. ;)