Eradicating Attacks on the Internal Network with Internal Network Policy

In this paper we present three attacks on private internal networks behind a NAT and a corresponding new protection mechanism, Internal Network Policy, to mitigate a wide range of attacks that penetrate internal networks behind a NAT. In the attack scenario, a victim is tricked to visit the attacker's website, which contains a malicious script that lets the attacker access the victim's internal network in different ways, including opening a port in the NAT or sending a sophisticated request to local devices. The first attack utilizes DNS Rebinding in a particular way, while the other two demonstrate different methods of attacking the network, based on application security vulnerabilities. Following the attacks, we provide a new browser security policy, Internal Network Policy (INP), which protects against these types of vulnerabilities and attacks. This policy is implemented in the browser just like Same Origin Policy (SOP) and prevents malicious access to internal resources by external entities.

[1]  Stuart Cheshire,et al.  Dynamic Configuration of IPv4 Link-Local Addresses , 2005, RFC.

[2]  Dan Boneh,et al.  Protecting browsers from DNS rebinding attacks , 2009, ACM Trans. Web.

[3]  Paul J. Leach,et al.  Simple Service Discovery Protocol/1.0 , 1999 .

[4]  유재인 Chromium , 1944, Science.

[5]  Dirk Fox,et al.  Cross Site Scripting (XSS) , 2012, Datenschutz und Datensicherheit - DuD.

[6]  Collin Jackson,et al.  Robust defenses for cross-site request forgery , 2008, CCS.

[7]  Stuart Cheshire,et al.  Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry , 2011, RFC.

[8]  Georgios Kokkinopoulos,et al.  DNS rebinding attacks , 2009 .

[9]  Yakov Rekhter,et al.  Address Allocation for Private Internets , 1994, RFC.

[10]  Dan Wing,et al.  Universal Plug and Play (UPnP) Internet Gateway Device - Port Control Protocol Interworking Function (IGD-PCP IWF) , 2013, RFC.

[11]  Matthew Roughan,et al.  Clear as MUD: Generating, Validating and Applying IoT Behavioral Profiles , 2018, IoT S&P@SIGCOMM.

[12]  Ermanno Pietrosemoli Setting Long Distance WiFi Records: Proofing Solutions for Rural Connectivity , 2008, J. Community Informatics.

[13]  Mike Shema,et al.  Cross-Site Request Forgery (CSRF) , 2012 .

[14]  Bandu B. Meshram,et al.  CSRF Vulnerabilities and Defensive Techniques , 2012 .

[15]  Ben Stock,et al.  Eradicating DNS Rebinding with the Extended Same-origin Policy , 2013, USENIX Security Symposium.

[16]  Robert M. Hinden,et al.  Unique Local IPv6 Unicast Addresses , 2005, RFC.

[17]  Stephen E. Deering,et al.  IP Version 6 Addressing Architecture , 1995, RFC.

[18]  S. Parasuraman,et al.  Applying secure authentication scheme to protect DNS from rebinding attack using proxy , 2015, 2015 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2015].

[19]  Zhiqiang Lin,et al.  IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing , 2018, NDSS.

[20]  Nick Feamster,et al.  Web-based Attacks to Discover and Control Local IoT Devices , 2018, IoT S&P@SIGCOMM.

[21]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.