The attack is a
typical ???bait-and-switch??? attack. The browser (or browser plug-in) is baited into trusting
some site on the Internet, but at the last moment the Internet site switches its IP address
to an internal intranet site. The switch is performed by switching, or rebinding, the IP
address of a domain name controlled by the attacker. Before discussing the attack in
detail, let us first discuss how DNS plays a role on the Web.
238 Hacking Exposed Web 2.0
DNS in a Nutshell
DNS is like a phonebook. Historically, when you want to talk to your friend??”say, Rich
Cannings, the model superstar??”you look his name up in the phonebook to find his
telephone number, and then you call him. Web sites are not much different. When a user
wants to go a web site??”say, temp.evil.org??”the browser and/or operating system must
find the IP address ???number??? of the computer named temp.evil.org. To do so, the browser
or operating system looks up this ???number??? with the Domain Name System (DNS).
People cache phone numbers in mobile phone contact lists and personal phonebooks
so they don??™t have to go through the hassle of looking up their friends??™ numbers in the
phonebook over and over again.
Pages:
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414