Cross-domain security problems caused by DNS suffixes

Source: Internet
Author: User

We all know that the DNS suffix of the client can be set in dhcpd. For example, if we set the DNS suffix to "sb.com", when we access www.sb.com, all clients will use the DHCP server and try the following sequence for resolution.

 
Note: The following green fonts represent the primary domain name, and the red fonts represent the Host Name (second-level domain name header)
 
1. If the DNS server finds the IP address corresponding to www.2cto.com, the client uses this IP address for access.
 
2. If the DNS server cannot be found, the system will automatically add the DNS suffix, and another attempt will appear, such as 2cto.com.test.com. If the DNS server finds the corresponding IP address, the client will assume that the IP address corresponds to the domain name www.2cto.com. This may cause some serious security problems, such as cross-origin.
 
 
For example:
 
1. A free blog website CNAZ. NET. CNAZ. NET form of second-level domain name access (xxx represents your registered second-level domain name, most of them are directly the user name ).
 
2. The internal network of the website CNAZ. NET will use the DHCP server to automatically add the domain name suffixed with CNAZ. NET to their blog homepage, such as xxx. CNAZ. NET.
 
Instance: for example, in CNAZ. NET registered a second-level domain name, the host name (this is not understood as the user name) is: hack.www.google.com, then the complete domain name should be: hack.www.google.com. CNAZ. NET
 
Add the following framework iframe for this second-level domain name:
 
<Iframe src = "https://hack.www.google.com/accounts";> articles from security online </iframe>
 
 
When visiting hack.www.google.com, this domain name is apparently not found, resulting in:
 
1. Access hack.www.google.com and return an error (NX Domain ).
 
2. Then try hack.www.google.com. CNAZ. NET to get the IP address of the attacker's host!
 
The WEB browser takes the user to the attacker's IP address, namely hack.www.google.com. CNAZ. NET.
 
 
Windows XP/Linux Ubuntu 11.04 system IE firefox Chrome all tests are successful. Win7 fails because it only adds the DNS suffix to dnsname and does not contain the decimal point ..
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.