* Bradley Falzon: > Craig Heffner's version of the DNS Rebinding attack, similar to all > DNS Rebinding attacks, requires the DNS Servers to respond with an > Attackers IP Address as well as the Victims IP Address, in a typical > Round Robin fashion. Previous attacks would normally have the Victims > IP Address to be their Private IP.
For which protocols is this supposed to work? Why would a security-minded web application serve content under a name it knows cannot be its own? -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
