Talk:DNS rebinding

Latest comment: 16 years ago by Rulesdoc in topic Circumventing DNS rebinding defenses

Circumventing DNS rebinding defenses

edit

TerraFrost, I noticed that you added links to articles about DNS pinning and Host header checking. I agree that there should be a mention of circumvention techniques, but I am concerned that these articles might be confusing to readers. The first article (circumventing DNS pinning) describes how to trick browsers into unpinning; this is not a flaw in pinning but rather an observation that current browsers do not fully implement pinning. A better example of a flaw in pinning is that browsers cannot enforce pinning when a proxy is being used. The second article (circumventing Host header checking) is a bit outdated, since it came several years before the Flash DNS rebinding fixes. Although it seems possible and even likely that attacks on Host header integrity may still exist, it would be best to link to a more up-to-date article on the issue, or perhaps provide some more context about when the article was written. Rulesdoc (talk) 06:10, 4 January 2008 (UTC)Reply