top | item 23249573

(no title)

braxxox | 5 years ago

Port scanning from a web page, combined with DNS rebinding, can present a really nasty attack, and can effect an entire private network, not just localhost.

Some more info here: https://medium.com/@brannondorsey/attacking-private-networks...

Example code: https://github.com/brannondorsey/dns-rebind-toolkit

A malicious DNS rebind server: https://github.com/brannondorsey/whonow

Disclaimer: I performed some of this research a few years ago. So those resource suggestions are my own, but they feel very relevant here.

discuss

No comments yet.