(
Domain
Name
System rebinding) A method for obtaining unauthorized access to the local network by fooling the Web browser into switching IP addresses from the Web server to a local computer. It is used to steal company information, compromise unprotected client machines and hijack IP addresses for spam, click fraud and other malevolent purposes.
When a user requests a Web page from an attacker's site, the attacker's DNS server returns the IP address of its Web server with an extremely short time to live (TTL). The page that gets downloaded contains malicious code that binds the local IP address to the hostname of the attacker's site. The next query to the attacker's site becomes a query to the local machine. See
TTL.
DNS Pinning
A function built into most Web browsers, DNS pinning ignores the TTL returned from the DNS server and keeps the Web server IP address "pinned" to the original hostname for up to several minutes. However, active technologies such as Java and Flash are also vulnerable to DNS rebinding. They use separate pin databases and have their own access to the network.