Avoiding DNS Rebinding Attacks避免攻擊的DNS重新綁定

I’ve talked about the benefits of the我已經談論的好處 OpenDNS system as an alternative way of connecting to websites rather than using your ISP’s DNS servers.系統作為替代的方式連接到網站，而不是使用您的ISP的DNS服務器。 It offers built-in它提供了內置的 phishing protection網絡釣魚防護 , filtering ( ，過濾（ adult content成人內容 , for example), it can automatically correct URL typos you make in the address bar, and allows you to create shortcuts you can use across your network of computers rather than having to duplicate them from browser to browser.舉例來說） ，它可以自動正確的網址錯字你在地址欄中，並允許您創建的快捷方式您可以使用網絡上的計算機，而不是重複他們的瀏覽器瀏覽器。

Now, OpenDNS has addressed another important security issue, so-called現在， OpenDNS討論了另一個重要的安全問題，所謂的 DNS Rebinding的DNS重新綁定 . 。 A DNS rebinding attack involves an attacker registering a domain which is delegated to a DNS server they control.重新綁定的DNS攻擊，攻擊者涉及註冊域名是授給一個DNS服務器，他們控制。 The server is configured to respond with a very short time-to-live (TTL) parameter set which prevents the response from being cached.該服務器配置為響應很短的時間內生存期（ TTL ）參數設置阻止的反應被緩存。 Such an attack can be used to subvert the same-origin policy and convert your browser into an open network proxy.這種攻擊可以用來顛覆同一原產地的政策和您的瀏覽器轉換成一個開放的網絡代理。

The resulting mayhem means your firewall is breached and hackers can get direct access to internal documents and services.由此產生的混亂意味著你的防火牆是違反和黑客可以直接進入內部文件和服務。 With less than $100 a cyber-crook could temporarily hijack 100,000 internet (IP) addresses to send their on spam, phish, and to defraud pay-per-click advertisers by turning your browser into an ad-clicking bot.不到100美元的網絡騙子可能會暫時劫持100000互聯網（ IP ）地址將其對垃圾郵件，誘騙，詐騙和按點擊付費的廣告客戶，把您的瀏覽器成為廣告點擊傀儡。 OpenDNS explains the issue: OpenDNS說明問題：

Suspicious responses are DNS replies that contain data that might be malicious or otherwise unwanted. 可疑反應的DNS答复中包含的數據可能被惡意或其他有害的。 Unlike the rest of our filtering features, which filter based on the domain being looked up, these tools filter based on the contents of the reply. 不同於其他的過濾功能，其中過濾器為基礎的網域正在抬頭，這些工具的基礎上篩選內容的答复。

By enabling the filter to block internal IP addresses listed in RFC1918, the system can prevent such DNS Rebinding attacks. ，使過濾器攔截的內部IP地址列在RFC1918 ，該系統可以防止此類攻擊的DNS重新綁定。 For example, if badstuff.attacker.com points to 192.168.1.1 (which should be an internal address on your network), the option would filter out the response.例如，如果badstuff.attacker.com點，至192.168.1.1 （這應該是一個內部地址，您的網絡）中，選擇將篩選出的反應。 Making you all safe and sound once again.讓你的所有安全和無害再次。