Back to Glossary
Attacks
What is DNS Rebinding?
An attack that manipulates DNS responses to make a web browser access resources on a victim's local network, bypassing same-origin security policies.
DNS rebinding tricks your browser into thinking a malicious website and your local network devices share the same origin.
How It Works
- Victim visits attacker.com
- attacker.com's DNS initially resolves to the attacker's server
- After initial page load, the DNS record changes to 192.168.1.1 (your router)
- The browser thinks it's still talking to attacker.com
- JavaScript on the page can now access your router's admin interface
Impact
- Access and modify router configuration
- Interact with IoT devices on your network
- Exfiltrate data from internal services
- Pivot to further attacks on your network
Protection
- Use a DNS resolver that blocks private IP ranges in external responses
- Set strong passwords on all local devices (routers, NAS, cameras)
- Use network segmentation to isolate IoT devices
- Keep router firmware updated
Related Terms
DNS Poisoning
An attack that corrupts a DNS resolver's cache, redirecting users to malicious websites even when they type the correct address.
Man-in-the-Middle Attack
An attack where the adversary secretly intercepts and potentially alters communications between two parties who believe they're communicating directly with each other. MITM attacks can capture credentials, inject malware, or modify data.
Have more questions?
Use our guided flow to get the right next privacy step for DNS Rebinding.
Open Guided Flow