Hacker News new | past | comments | ask | show | jobs | submit login

Had never heard of DNS rebinding before. Very cool. I presume this is only useful for extremely target attacks given the strict timing requirements?



Nope, it would be pretty straightforward to set up a stateful dns server that serves the "real" ip on first request from a new client, and then ever subsequent request returns a local IP. That one dns server would enable an attack on anyone who visits the malicious site.


No, people use it to scan entire LANs from the outside, untargeted exploration.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: