http://directwebremoting.org/blog/mark/2007/07/19/does_firefox_implement_dns_pinning.html I've been playing around with DNS pinning over the past few weeks; mainly on how the presence of proxies affects the story, which Rsnake and Portswigger beat me to (nice work guys), but also on various other bits. Something that's caught my ... en Mark Goodwin Thu, 26 Jul 2007 07:45:00 GMT Pebble (http://pebble.sourceforge.net) http://backend.userland.com/rss http://directwebremoting.org/blog/mark/2007/07/19/does_firefox_implement_dns_pinning.html#comment1186729184020 Yes, I was aware of this.&nbsp; I thought the firefox thing was noteworthy for two reasons:<br /> <ol> <li>It seems to go against the widely understood behaviour of the browser</li> <li>If you can carry out this type of attack without generating too much noise (e.g. connections from the browser to non-standard ports) the attack becomes harder to detect and therefore stop</li> </ol> The best I can come up with in terms of mitigation for this type of attack is to filter all traffic for responses that resolve unrecognised domains to internal addresses. Mark Goodwin http://directwebremoting.org/blog/mark/2007/07/19/does_firefox_implement_dns_pinning.html#comments http://directwebremoting.org/blog/mark/2007/07/19/does_firefox_implement_dns_pinning.html#comment1186729184020 Fri, 10 Aug 2007 06:59:44 GMT http://directwebremoting.org/blog/mark/2007/07/19/does_firefox_implement_dns_pinning.html#comment1185435900602 You can use a closed port like 81 instead of firewalling. Check this out http://www.jumperz.net/index.php?i=2&a=1&b=7 Kanatoko http://directwebremoting.org/blog/mark/2007/07/19/does_firefox_implement_dns_pinning.html#comments http://directwebremoting.org/blog/mark/2007/07/19/does_firefox_implement_dns_pinning.html#comment1185435900602 Thu, 26 Jul 2007 07:45:00 GMT