> For the complete documentation index, see [llms.txt](https://nazneen-rupawalla.gitbook.io/learn-write-share/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://nazneen-rupawalla.gitbook.io/learn-write-share/security-bits/dns-rebinding-attacks-useful-resources.md). # DNS rebinding attacks - Useful resources During the recent pen testing workshop I attended, I was reminded of the attack that could allow remote access to the devices setup on your local network. > Picking up the quote from a blog: \ > \&#xNAN;*Put simply, DNS rebinding allows a remote attacker to bypass a victim’s network firewall and use their web browser as a proxy to communicate directly with devices on their private home network. By following the wrong link, or being served a malicious banner advertisement, you could inadvertently provide an attacker with access to the thermostat that controls the temperature in your home.* In this note, I just plan to share the resources I found very useful to understand and replay the attack. Blog on Medium showcasing how to attack Private Networks from the Internet with DNS Rebinding : {% hint style="danger" %} My takeaway: We do not apply authorization on our local REST API thinking our router has it. Protocols like UPnP are built around this idea that devices on the same network can trust each other. This is the problem. {% endhint %} Blog on Wired.com detailing how millions of streaming devices are vulnerable to a retro web attack : > DNS rebinding attacks have been brought up many times in the past, but new features in Internet of Things devices including geolocation and collection of personal data make it something people should really be aware of. The problem is exacerbated by IoT devices having APIs intended for communication with other, unauthenticated devices on the network. Blog on Lifehacker.com on how to prevent DNS rebinding attacks by adjusting your router : --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://nazneen-rupawalla.gitbook.io/learn-write-share/security-bits/dns-rebinding-attacks-useful-resources.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.