W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

[AC] Hardening against DNS rebinding attacks - proposal

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 27 Jun 2008 14:18:12 -0700
Message-ID: <48655914.4040901@sicking.cc>
To: Webapps WG <public-webapps@w3.org>

Hi All!

There has been recent discussions about how DNS rebinding attacks affect
Access-Control.

As I have said in previous emails [1] Access-Control is currently no
more prone to DNS rebinding attacks than the rest of the existing web
platform. However, it would still be good if we could harden
Access-Control such that it is less susceptible to DNS rebinding
attacks. Partially in order to not make it harder to in the future
improve the rest of the web platform, partially for any implementations
of Access-Control which would exist outside of the web platform.

So I have the following proposal:

When a preflight OPTIONS request is made, store in the cache what IP
address was used to make the request. When a subsequent non-GET is made,
check what IP address the DNS name resolves to, and if the IP address is
not the same as the one used for the OPTIONS request, re-do the
preflight OPTIONS check.

This requires no changes on the server side. It does call for a somewhat
more complex solution on the client side.

Also note that a server can (and should for reasons other than 
Access-Control) protect itself from DNS rebinding attacks by checking 
the 'Host' header.

/ Jonas
Received on Friday, 27 June 2008 21:18:42 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:26 GMT