DNS Pinning and Web Proxies

DNS-based attacks can be used to perform a partial breach of browser same origin restrictions in some situations, enabling a malicious web site to perform two-way interaction with a different domain.

The attacks that are normally conceived against browser-based DNS pinning are capable of being resolved through additional safeguards within browsers. However, the same attacks can also be performed against web proxies, where browser DNS pinning does not apply. Corporate web users accessing the Internet via a proxy are at risk from such attacks.

There are various ways in which DNS-based attacks against web proxies could potentially be prevented through changes to proxy and browser software. Each of the fixes considered suffers from important shortcomings. In the meantime, there are other defences that organisations and individuals can employ to prevent attacks against them.

Download whitepaper here

Author: Dafydd Stuttard, Principal Security Consultant

Call us before you need us.

Our experts will help you.

Get in touch
%d bloggers like this: