SonicWALL 5.8.1 Manuale Utente
Network > DNS
298
SonicOS 5.8.1 Administrator Guide
In the DNS Settings section, select Specify DNS Servers Manually and enter the IP
address(es) into the DNS Server fields. Click Accept to save your changes. To use the DNS
Settings configured for the WAN zone, select Inherit DNS Settings Dynamically from the
WAN Zone. Click Accept to save your changes.
address(es) into the DNS Server fields. Click Accept to save your changes. To use the DNS
Settings configured for the WAN zone, select Inherit DNS Settings Dynamically from the
WAN Zone. Click Accept to save your changes.
DNS Rebinding Attack Prevention
DNS rebinding is a DNS-based attack on code embedded in web pages. Normally requests
from code embedded in web pages (JavScript, Java and Flash) are bound to the web-site they
are originating from (see Same Origin Policy). A DNS rebinding attack can be used to improve
the ability of JavaScript based malware to penetrate private networks, and subvert the
browser's same-origin policy.
from code embedded in web pages (JavScript, Java and Flash) are bound to the web-site they
are originating from (see Same Origin Policy). A DNS rebinding attack can be used to improve
the ability of JavaScript based malware to penetrate private networks, and subvert the
browser's same-origin policy.
DNS rebinding attackers register a domain which is delegated to a DNS server they control.
The server is configured to respond with a very short TTL parameter which prevents the result
from being cached. The first response contains IP address of the server hosting the malicious
code. Any subsequent requests contain IP addresses from private (RFC 1918) network,
presumably behind a firewall, being target of the attacker. Because both are fully valid DNS
responses, they authorize the sandbox script to access hosts in a private network. By iterating
addresses in these short-term but still valid DNS replies the script is able to scan the network
and perform other malicious activities.
The server is configured to respond with a very short TTL parameter which prevents the result
from being cached. The first response contains IP address of the server hosting the malicious
code. Any subsequent requests contain IP addresses from private (RFC 1918) network,
presumably behind a firewall, being target of the attacker. Because both are fully valid DNS
responses, they authorize the sandbox script to access hosts in a private network. By iterating
addresses in these short-term but still valid DNS replies the script is able to scan the network
and perform other malicious activities.
Select the Enable DNS Rebinding Attack Prevention checkbox.
From the Action pulldown menu, select an action to perform when a DNS rebinding attack is
detected:
detected:
•
0 - Log
•
1 - Log & return RFC 1035 query REFUSED reply
•
2 - Log & drop the reply
Allowed Domains FQDN Address Object/Group containing allowed domain-names (e.g.
*.sonicwall.com) for which locally connected/routed subnets should be considered legal
responses
*.sonicwall.com) for which locally connected/routed subnets should be considered legal
responses