Start Demo

Products

Solutions

Customers

Resources

Company

Blog

Start the Democaret-right

Contact Uscaret-right
caret-left Back

Products

Security

Cloud

Performance

The ExtraHop Differencecaret-right

Why Cloud-Native?caret-right

Competitive Comparisoncaret-right

Professional Servicescaret-right

Integration and Automationcaret-right
caret-left Back

Solutions

Security Operations

Cloud-Native Security

Network Performance

Application Analytics

caret-left Back

Customers

Community

Partners

Support

Training

caret-left Back

Resources

Customer Stories

Resources

Integrations

Partner Programcaret-right

Protocol Librarycaret-right

Documentationcaret-right

Firmwarecaret-right

Training Videoscaret-right
caret-left Back

Company

About Us

Careers

Newsroom

Eventscaret-right

Leadershipcaret-right

Boardcaret-right

Investorscaret-right

Partnerscaret-right
caret-left Back

Security Operations

Secure your hybrid attack surface with complete visibility, real-time detection, and intelligent response.

Learn More

Threat Detection and Response

Secure Decryption

Enterprise IoT Security

Hygiene and Compliance
caret-left Back

Cloud-Native Security

Manage risk and drive growth in AWS with an agile, cloud-native approach to cybersecurity.

Learn More

Security for AWS

Security for Azure

Security for Google Cloud Platform

Cloud Migration
caret-left Back

Network Performance

Take control of SDN, the cloud, and more with complete visibility, real-time detection, and intelligent response.

Learn More

Security & Availability for Remote Access

NOC/SOC Integration

Remote Site Visibility

Triage & Troubleshooting
caret-left Back

Application Analytics

Ensure the availability and performance of your enterprise from the cloud, to the data center, to the customer.

Learn More

Commercial Application Visibility

Customer Experience Monitoring

Application Upgrade & Cloud Migration
caret-left Back

Community

Learn about the innovative ways our customers are succeeding with ExtraHop, plus the latest news from R&D.

Learn More

Customer Stories

Solution Bundles Gallery

Community Forums

Customer Portal
caret-left Back

Partners

Explore the Panorama Partner Program, meet our channel partners, or search for a technology partner.

Learn More

Partner Portal

Channel Partners

Technology Partners
caret-left Back

Support

Compare support packages, check out our Professional Services offerings, or log into the Customer Portal.

Learn More

Support Overview

Professional Services

Documentation

Policies
caret-left Back

Training

Watch free training videos and courses, or schedule a visit from an ExtraHop expert for specialized training.

Learn More

Training Overview

Training Sessions

Back Arrow Bundle Library

DNS Rebinding Attack Detection

Description

DNS Rebinding Bundle detects DNS rebind attacks in the network.

DNS Rebind is network attack that uses a malicious web page running client-side script that attacks / scans the private network of the victim.

How does this attack work?

  1. Attacker with a DNS server with registered domain can run this attack to anyone visiting a malicious website the attacker created.
  2. The attacker configures DNS server to respond with a very short TTL value, preventing DNS to be cached in victim's computer.
  3. The first DNS request responds with an ip address of attacker's malicious website. The malicious code will then send another DNS request to the DNS server, which the DNS server responds with an IP address of private IP address to attack something in victim's private network.
  4. This bypasses Same-Origin-Policy because the DNS name stays the same. it is only the ip address that changes.

More information about attacks that can be done with this attack can be read here

Requirements

ExtraHop version 6.2 or later

Installation Instructions

  1. Download and Apply the bundle to your EDA
  2. Assign DNS Rebinding Detection V2 trigger to DNS Server Device Group

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More