{"id":476921,"date":"2023-08-09T09:05:02","date_gmt":"2023-08-09T09:05:02","guid":{"rendered":""},"modified":"2023-09-05T11:13:39","modified_gmt":"2023-09-05T11:13:39","slug":"dns-rebinding-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/dns-rebinding-attack\/","title":{"rendered":"DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483"},"content":{"rendered":"

DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u653b\u6483\u8005\u304c Web \u30d6\u30e9\u30a6\u30b6\u30fc\u3068\u305d\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u60aa\u7528\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3059\u308b\u9ad8\u5ea6\u306a\u65b9\u6cd5\u3067\u3059\u3002DNS (\u30c9\u30e1\u30a4\u30f3 \u30cd\u30fc\u30e0 \u30b7\u30b9\u30c6\u30e0) \u306e\u56fa\u6709\u306e\u4fe1\u983c\u6027\u3092\u5229\u7528\u3057\u3066\u3001Web \u30d6\u30e9\u30a6\u30b6\u30fc\u306b\u3088\u3063\u3066\u5f37\u5236\u3055\u308c\u308b\u540c\u4e00\u751f\u6210\u5143\u30dd\u30ea\u30b7\u30fc (SOP) \u3092\u56de\u907f\u3057\u307e\u3059\u3002\u3053\u306e\u653b\u6483\u306f\u3001\u30eb\u30fc\u30bf\u30fc\u3001\u30ab\u30e1\u30e9\u3001\u30d7\u30ea\u30f3\u30bf\u30fc\u3001\u3055\u3089\u306b\u306f\u793e\u5185\u306e\u30b7\u30b9\u30c6\u30e0\u306a\u3069\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30b5\u30fc\u30d3\u30b9\u3068\u3084\u308a\u53d6\u308a\u3059\u308b Web \u30b5\u30a4\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u30e6\u30fc\u30b6\u30fc\u3092\u30bf\u30fc\u30b2\u30c3\u30c8\u306b\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002DNS \u5fdc\u7b54\u3092\u64cd\u4f5c\u3059\u308b\u3053\u3068\u3067\u3001\u653b\u6483\u8005\u306f\u6a5f\u5bc6\u60c5\u5831\u3078\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u3001\u305d\u306e\u4ed6\u306e\u60aa\u610f\u306e\u3042\u308b\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002<\/p>\n

DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u8d77\u6e90\u3068\u305d\u306e\u6700\u521d\u306e\u8a00\u53ca\u306e\u6b74\u53f2<\/h2>\n

DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306e\u6982\u5ff5\u306f\u30012005 \u5e74\u306b Daniel B. Jackson \u304c\u4fee\u58eb\u8ad6\u6587\u3067\u521d\u3081\u3066\u7d39\u4ecb\u3057\u307e\u3057\u305f\u3002\u3057\u304b\u3057\u30012007 \u5e74\u306b\u7814\u7a76\u8005\u304c Web \u30d6\u30e9\u30a6\u30b6\u30fc\u3092\u60aa\u7528\u3059\u308b\u5b9f\u7528\u7684\u306a\u5b9f\u88c5\u3092\u767a\u898b\u3057\u305f\u5f8c\u3001\u3053\u306e\u653b\u6483\u306f\u5927\u304d\u306a\u6ce8\u76ee\u3092\u96c6\u3081\u307e\u3057\u305f\u3002Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u5c02\u9580\u5bb6\u3067\u3042\u308b Jeremiah Grossman \u306f\u30012007 \u5e74\u306b\u30d6\u30ed\u30b0\u8a18\u4e8b\u3092\u516c\u958b\u3057\u3001DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u3092\u4f7f\u7528\u3057\u3066 SOP \u3092\u56de\u907f\u3057\u3001\u88ab\u5bb3\u8005\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u80cc\u5f8c\u306b\u3042\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30c7\u30d0\u30a4\u30b9\u3092\u4fb5\u5bb3\u3059\u308b\u65b9\u6cd5\u3092\u8aac\u660e\u3057\u307e\u3057\u305f\u3002\u305d\u308c\u4ee5\u6765\u3001DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306f\u653b\u6483\u8005\u3068\u9632\u5fa1\u8005\u306e\u4e21\u65b9\u306b\u3068\u3063\u3066\u95a2\u5fc3\u306e\u9ad8\u3044\u30c8\u30d4\u30c3\u30af\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n

DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306b\u95a2\u3059\u308b\u8a73\u7d30\u60c5\u5831<\/h2>\n

DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306b\u306f\u3001\u653b\u6483\u8005\u304c\u88ab\u5bb3\u8005\u306e Web \u30d6\u30e9\u30a6\u30b6\u3092\u9a19\u3057\u3066\u4efb\u610f\u306e\u30c9\u30e1\u30a4\u30f3\u306b\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u884c\u3046\u3088\u3046\u306b\u4ed5\u5411\u3051\u308b\u3001\u8907\u6570\u306e\u30b9\u30c6\u30c3\u30d7\u304b\u3089\u6210\u308b\u30d7\u30ed\u30bb\u30b9\u304c\u542b\u307e\u308c\u307e\u3059\u3002\u653b\u6483\u306f\u901a\u5e38\u3001\u6b21\u306e\u624b\u9806\u3067\u884c\u308f\u308c\u307e\u3059\u3002<\/p>\n

    \n
  1. \n

    \u521d\u671f\u30a2\u30af\u30bb\u30b9<\/strong>: \u88ab\u5bb3\u8005\u306f\u60aa\u610f\u306e\u3042\u308b Web \u30b5\u30a4\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3057\u305f\u308a\u3001\u60aa\u610f\u306e\u3042\u308b\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3088\u3046\u306b\u8a98\u5c0e\u3055\u308c\u305f\u308a\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n

  2. \n

    \u30c9\u30e1\u30a4\u30f3\u89e3\u6c7a<\/strong>: \u88ab\u5bb3\u8005\u306e\u30d6\u30e9\u30a6\u30b6\u306f\u3001\u60aa\u610f\u306e\u3042\u308b Web \u30b5\u30a4\u30c8\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u3092\u89e3\u6c7a\u3059\u308b\u305f\u3081\u306b DNS \u8981\u6c42\u3092\u9001\u4fe1\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n

  3. \n

    \u77ed\u547d\u306a\u6b63\u5f53\u306a\u5bfe\u5fdc<\/strong>: \u5f53\u521d\u3001DNS \u5fdc\u7b54\u306b\u306f\u653b\u6483\u8005\u306e\u30b5\u30fc\u30d0\u30fc\u3092\u6307\u3059 IP \u30a2\u30c9\u30ec\u30b9\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u3053\u306e IP \u30a2\u30c9\u30ec\u30b9\u306f\u3059\u3050\u306b\u3001\u30eb\u30fc\u30bf\u30fc\u3084\u5185\u90e8\u30b5\u30fc\u30d0\u30fc\u306a\u3069\u306e\u6b63\u5f53\u306a IP \u30a2\u30c9\u30ec\u30b9\u306b\u5909\u66f4\u3055\u308c\u307e\u3059\u3002<\/p>\n<\/li>\n

  4. \n

    \u540c\u4e00\u751f\u6210\u5143\u30dd\u30ea\u30b7\u30fc\u306e\u30d0\u30a4\u30d1\u30b9<\/strong>: DNS \u5fdc\u7b54\u306e TTL (Time-To-Live) \u304c\u77ed\u3044\u305f\u3081\u3001\u88ab\u5bb3\u8005\u306e\u30d6\u30e9\u30a6\u30b6\u306f\u60aa\u610f\u306e\u3042\u308b\u767a\u4fe1\u5143\u3068\u6b63\u5f53\u306a\u767a\u4fe1\u5143\u3092\u540c\u4e00\u3068\u307f\u306a\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n

  5. \n

    \u643e\u53d6<\/strong>: \u653b\u6483\u8005\u306e JavaScript \u30b3\u30fc\u30c9\u306f\u3001\u6b63\u5f53\u306a\u30c9\u30e1\u30a4\u30f3\u306b\u5bfe\u3057\u3066\u30af\u30ed\u30b9\u30aa\u30ea\u30b8\u30f3 \u30ea\u30af\u30a8\u30b9\u30c8\u3092\u5b9f\u884c\u3057\u3001\u305d\u306e\u30c9\u30e1\u30a4\u30f3\u304b\u3089\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u30c7\u30d0\u30a4\u30b9\u3084\u30b5\u30fc\u30d3\u30b9\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

    DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u5185\u90e8\u69cb\u9020\u3002DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u4ed5\u7d44\u307f<\/h2>\n

    DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u5185\u90e8\u69cb\u9020\u3092\u7406\u89e3\u3059\u308b\u306b\u306f\u3001\u95a2\u4fc2\u3059\u308b\u3055\u307e\u3056\u307e\u306a\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u8abf\u3079\u308b\u3053\u3068\u304c\u4e0d\u53ef\u6b20\u3067\u3059\u3002<\/p>\n

      \n
    1. \n

      \u60aa\u610f\u306e\u3042\u308b\u30a6\u30a7\u30d6\u30b5\u30a4\u30c8<\/strong>: \u653b\u6483\u8005\u306f\u60aa\u610f\u306e\u3042\u308b JavaScript \u30b3\u30fc\u30c9\u3092\u542b\u3080 Web \u30b5\u30a4\u30c8\u3092\u30db\u30b9\u30c8\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n

    2. \n

      DNS\u30b5\u30fc\u30d0\u30fc<\/strong>: \u653b\u6483\u8005\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u30c9\u30e1\u30a4\u30f3\u306e DNS \u30af\u30a8\u30ea\u306b\u5fdc\u7b54\u3059\u308b DNS \u30b5\u30fc\u30d0\u30fc\u3092\u5236\u5fa1\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n

    3. \n

      TTL\u64cd\u4f5c<\/strong>: DNS \u30b5\u30fc\u30d0\u30fc\u306f\u6700\u521d\u306b\u77ed\u3044 TTL \u5024\u3067\u5fdc\u7b54\u3057\u3001\u88ab\u5bb3\u8005\u306e\u30d6\u30e9\u30a6\u30b6\u306f DNS \u5fdc\u7b54\u3092\u77ed\u671f\u9593\u30ad\u30e3\u30c3\u30b7\u30e5\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n

    4. \n

      \u6b63\u5f53\u306a\u30bf\u30fc\u30b2\u30c3\u30c8<\/strong>: \u653b\u6483\u8005\u306e DNS \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u305d\u306e\u5f8c\u3001\u6b63\u5f53\u306a\u30bf\u30fc\u30b2\u30c3\u30c8 (\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30ea\u30bd\u30fc\u30b9\u306a\u3069) \u3092\u6307\u3059\u5225\u306e IP \u30a2\u30c9\u30ec\u30b9\u3067\u5fdc\u7b54\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n

    5. \n

      \u540c\u4e00\u751f\u6210\u5143\u30dd\u30ea\u30b7\u30fc\u306e\u30d0\u30a4\u30d1\u30b9<\/strong>: TTL \u304c\u77ed\u3044\u305f\u3081\u3001\u88ab\u5bb3\u8005\u306e\u30d6\u30e9\u30a6\u30b6\u306f\u60aa\u610f\u306e\u3042\u308b\u30c9\u30e1\u30a4\u30f3\u3068\u6b63\u5f53\u306a\u30bf\u30fc\u30b2\u30c3\u30c8\u3092\u540c\u3058\u30aa\u30ea\u30b8\u30f3\u3068\u898b\u306a\u3057\u3001\u30af\u30ed\u30b9\u30aa\u30ea\u30b8\u30f3 \u30ea\u30af\u30a8\u30b9\u30c8\u3092\u53ef\u80fd\u306b\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

      DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u4e3b\u306a\u7279\u5fb4\u306e\u5206\u6790<\/h2>\n

      DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306b\u306f\u3001\u5f37\u529b\u306a\u8105\u5a01\u3068\u306a\u308b\u3044\u304f\u3064\u304b\u306e\u91cd\u8981\u306a\u7279\u5fb4\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n

        \n
      1. \n

        \u30b9\u30c6\u30eb\u30b9\u6027<\/strong>: \u3053\u306e\u653b\u6483\u306f\u88ab\u5bb3\u8005\u306e\u30d6\u30e9\u30a6\u30b6\u3068 DNS \u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u3001\u5f93\u6765\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u56de\u907f\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n

      2. \n

        \u30af\u30ed\u30b9\u30aa\u30ea\u30b8\u30f3\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8<\/strong>: \u653b\u6483\u8005\u306f SOP \u3092\u56de\u907f\u3057\u3001Web \u304b\u3089\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044\u306f\u305a\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30c7\u30d0\u30a4\u30b9\u3084\u30b5\u30fc\u30d3\u30b9\u3068\u3084\u308a\u53d6\u308a\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

      3. \n

        \u77ed\u3044\u6642\u9593\u67a0<\/strong>: \u3053\u306e\u653b\u6483\u306f\u3001\u77ed\u3044 TTL \u5024\u3092\u5229\u7528\u3057\u3066\u60aa\u610f\u306e\u3042\u308b IP \u30a2\u30c9\u30ec\u30b9\u3068\u6b63\u5f53\u306a IP \u30a2\u30c9\u30ec\u30b9\u3092\u7d20\u65e9\u304f\u5207\u308a\u66ff\u3048\u308b\u305f\u3081\u3001\u691c\u51fa\u3068\u7de9\u548c\u304c\u56f0\u96e3\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

      4. \n

        \u30c7\u30d0\u30a4\u30b9\u306e\u60aa\u7528<\/strong>DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u8106\u5f31\u6027\u304c\u3042\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b IoT \u30c7\u30d0\u30a4\u30b9\u3084\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u3092\u6a19\u7684\u3068\u3059\u308b\u3053\u3068\u304c\u591a\u304f\u3001\u305d\u308c\u3089\u3092\u6f5c\u5728\u7684\u306a\u653b\u6483\u30d9\u30af\u30c8\u30eb\u306b\u5909\u3048\u3066\u3057\u307e\u3044\u307e\u3059\u3002<\/p>\n<\/li>\n

      5. \n

        \u30e6\u30fc\u30b6\u30fc\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8<\/strong>: \u653b\u6483\u306f\u88ab\u5bb3\u8005\u306e\u30d6\u30e9\u30a6\u30b6\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u767a\u751f\u3057\u3001\u6a5f\u5bc6\u60c5\u5831\u3084\u8a8d\u8a3c\u3055\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

        DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u7a2e\u985e<\/h2>\n

        DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u624b\u6cd5\u306b\u306f\u3055\u307e\u3056\u307e\u306a\u30d0\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u304c\u3042\u308a\u3001\u305d\u308c\u305e\u308c\u306b\u56fa\u6709\u306e\u7279\u5fb4\u3068\u76ee\u7684\u304c\u3042\u308a\u307e\u3059\u3002\u4e00\u822c\u7684\u306a\u30bf\u30a4\u30d7\u3092\u3044\u304f\u3064\u304b\u793a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n
        \u30bf\u30a4\u30d7<\/th>\n\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n
        \u30af\u30e9\u30b7\u30c3\u30af DNS \u518d\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0<\/strong><\/td>\n\u653b\u6483\u8005\u306e\u30b5\u30fc\u30d0\u30fc\u306f\u3001\u3055\u307e\u3056\u307e\u306a\u5185\u90e8\u30ea\u30bd\u30fc\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u305f\u3081\u306b DNS \u5fdc\u7b54\u3092\u8907\u6570\u56de\u5909\u66f4\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n
        \u30b7\u30f3\u30b0\u30eb A \u30ec\u30b3\u30fc\u30c9\u306e\u518d\u30d0\u30a4\u30f3\u30c9<\/strong><\/td>\nDNS \u5fdc\u7b54\u306b\u306f IP \u30a2\u30c9\u30ec\u30b9\u304c 1 \u3064\u3060\u3051\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u3059\u3050\u306b\u30bf\u30fc\u30b2\u30c3\u30c8\u306e\u5185\u90e8 IP \u306b\u5207\u308a\u66ff\u3048\u3089\u308c\u307e\u3059\u3002<\/td>\n<\/tr>\n
        \u4eee\u60f3\u30db\u30b9\u30c8\u306e\u518d\u30d0\u30a4\u30f3\u30c9<\/strong><\/td>\n\u3053\u306e\u653b\u6483\u306f\u3001\u5358\u4e00\u306e IP \u30a2\u30c9\u30ec\u30b9\u4e0a\u306e\u4eee\u60f3\u30db\u30b9\u30c8\u3092\u60aa\u7528\u3057\u3001\u540c\u3058\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u3055\u307e\u3056\u307e\u306a\u30b5\u30fc\u30d3\u30b9\u3092\u6a19\u7684\u3068\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n
        \u6642\u9593\u30d9\u30fc\u30b9\u306e\u518d\u30d0\u30a4\u30f3\u30c9<\/strong><\/td>\nDNS \u5fdc\u7b54\u306f\u7279\u5b9a\u306e\u9593\u9694\u3067\u5909\u66f4\u3055\u308c\u3001\u6642\u9593\u306e\u7d4c\u904e\u3068\u3068\u3082\u306b\u3055\u307e\u3056\u307e\u306a\u30b5\u30fc\u30d3\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

        DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u4f7f\u7528\u65b9\u6cd5\u3001\u4f7f\u7528\u306b\u95a2\u9023\u3059\u308b\u554f\u984c\u3068\u305d\u306e\u89e3\u6c7a\u7b56<\/h2>\n

        DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306f\u6df1\u523b\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u8ab2\u984c\u3092\u5f15\u304d\u8d77\u3053\u3057\u3001\u305d\u306e\u6f5c\u5728\u7684\u306a\u7528\u9014\u306b\u306f\u6b21\u306e\u3088\u3046\u306a\u3082\u306e\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n

          \n
        1. \n

          \u4e0d\u6b63\u30a2\u30af\u30bb\u30b9<\/strong>: \u653b\u6483\u8005\u306f\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30c7\u30d0\u30a4\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u64cd\u4f5c\u3057\u3001\u30c7\u30fc\u30bf\u4fb5\u5bb3\u3084\u4e0d\u6b63\u306a\u5236\u5fa1\u3092\u5f15\u304d\u8d77\u3053\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

        2. \n

          \u6a29\u9650\u6607\u683c<\/strong>: \u5185\u90e8\u30b5\u30fc\u30d3\u30b9\u306b\u6607\u683c\u3055\u308c\u305f\u6a29\u9650\u304c\u3042\u308b\u5834\u5408\u3001\u653b\u6483\u8005\u306f\u305d\u308c\u3092\u60aa\u7528\u3057\u3066\u3088\u308a\u9ad8\u3044\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u53d6\u5f97\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

        3. \n

          \u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u306e\u52df\u96c6<\/strong>: DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306b\u3088\u3063\u3066\u4fb5\u5bb3\u3055\u308c\u305f IoT \u30c7\u30d0\u30a4\u30b9\u306f\u3001\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u306b\u7d44\u307f\u5165\u308c\u3089\u308c\u3001\u3055\u3089\u306a\u308b\u60aa\u610f\u306e\u3042\u308b\u6d3b\u52d5\u306b\u5229\u7528\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

          DNS \u518d\u30d0\u30a4\u30f3\u30c9\u306b\u95a2\u9023\u3059\u308b\u554f\u984c\u306b\u5bfe\u51e6\u3059\u308b\u305f\u3081\u306b\u3001\u6b21\u306e\u3088\u3046\u306a\u3055\u307e\u3056\u307e\u306a\u89e3\u6c7a\u7b56\u304c\u63d0\u6848\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

            \n
          1. \n

            DNS \u5fdc\u7b54\u306e\u691c\u8a3c<\/strong>: DNS \u30ea\u30be\u30eb\u30d0\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u3001DNS \u5fdc\u7b54\u304c\u6b63\u5f53\u3067\u3042\u308a\u3001\u6539\u3056\u3093\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u305f\u3081\u306b\u3001\u5fdc\u7b54\u691c\u8a3c\u6280\u8853\u3092\u5b9f\u88c5\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n

          2. \n

            \u62e1\u5f35\u540c\u4e00\u751f\u6210\u5143\u30dd\u30ea\u30b7\u30fc<\/strong>: \u30d6\u30e9\u30a6\u30b6\u306f\u3001IP \u30a2\u30c9\u30ec\u30b9\u4ee5\u5916\u306e\u8981\u7d20\u3092\u8003\u616e\u3057\u3066\u30012 \u3064\u306e\u30aa\u30ea\u30b8\u30f3\u304c\u540c\u3058\u304b\u3069\u3046\u304b\u3092\u5224\u65ad\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n

          3. \n

            \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u30bb\u30b0\u30e1\u30f3\u30c6\u30fc\u30b7\u30e7\u30f3<\/strong>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u9069\u5207\u306b\u30bb\u30b0\u30e1\u30f3\u30c8\u5316\u3059\u308b\u3053\u3068\u3067\u3001\u5185\u90e8\u30c7\u30d0\u30a4\u30b9\u3084\u30b5\u30fc\u30d3\u30b9\u304c\u5916\u90e8\u304b\u3089\u306e\u653b\u6483\u306b\u3055\u3089\u3055\u308c\u308b\u30ea\u30b9\u30af\u3092\u5236\u9650\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

            \u4e3b\u306a\u7279\u5fb4\u3068\u305d\u306e\u4ed6\u306e\u985e\u4f3c\u7528\u8a9e\u3068\u306e\u6bd4\u8f03\u3092\u8868\u3068\u30ea\u30b9\u30c8\u306e\u5f62\u5f0f\u3067\u793a\u3057\u307e\u3059\u3002<\/h2>\n\n\n\n\n\n\n\n\n\n
            \u7279\u6027<\/th>\nDNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483<\/th>\n\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS)<\/th>\n<\/tr>\n<\/thead>\n
            \u76ee\u6a19<\/strong><\/td>\n\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30c7\u30d0\u30a4\u30b9\u3068\u30b5\u30fc\u30d3\u30b9<\/td>\nWeb \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3068\u30e6\u30fc\u30b6\u30fc<\/td>\n<\/tr>\n
            \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8<\/strong><\/td>\n\u540c\u4e00\u751f\u6210\u5143\u30dd\u30ea\u30b7\u30fc\u306e\u30d0\u30a4\u30d1\u30b9<\/td>\n\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3068\u30bb\u30c3\u30b7\u30e7\u30f3\u30cf\u30a4\u30b8\u30e3\u30c3\u30af<\/td>\n<\/tr>\n
            \u8d77\u6e90<\/strong><\/td>\nDNS\u306e\u64cd\u4f5c\u3092\u4f34\u3046<\/td>\n\u30a6\u30a7\u30d6\u30da\u30fc\u30b8\u3078\u306e\u76f4\u63a5\u653b\u6483<\/td>\n<\/tr>\n
            \u30a4\u30f3\u30d1\u30af\u30c8<\/strong><\/td>\n\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3068\u5236\u5fa1<\/td>\n\u30c7\u30fc\u30bf\u306e\u76d7\u96e3\u3068\u64cd\u4f5c<\/td>\n<\/tr>\n
            \u9632\u6b62<\/strong><\/td>\nDNS \u5fdc\u7b54\u306e\u691c\u8a3c<\/td>\n\u5165\u529b\u30b5\u30cb\u30bf\u30a4\u30ba\u3068\u51fa\u529b\u30a8\u30f3\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

            DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306b\u95a2\u3059\u308b\u4eca\u5f8c\u306e\u5c55\u671b\u3068\u6280\u8853<\/h2>\n

            \u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u3068 IoT \u30a8\u30b3\u30b7\u30b9\u30c6\u30e0\u304c\u9032\u5316\u3057\u7d9a\u3051\u308b\u306b\u3064\u308c\u3066\u3001DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u8105\u5a01\u3082\u5897\u5927\u3057\u307e\u3059\u3002\u5c06\u6765\u7684\u306b\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u4e8b\u614b\u304c\u4e88\u60f3\u3055\u308c\u307e\u3059\u3002<\/p>\n

              \n
            1. \n

              \u9ad8\u5ea6\u306a\u56de\u907f\u30c6\u30af\u30cb\u30c3\u30af<\/strong>: \u653b\u6483\u8005\u306f\u3001\u691c\u51fa\u3068\u8efd\u6e1b\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306b\u3001\u3088\u308a\u6d17\u7df4\u3055\u308c\u305f\u65b9\u6cd5\u3092\u958b\u767a\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

            2. \n

              DNS\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u5f37\u5316<\/strong>DNS \u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3068\u30d7\u30ed\u30c8\u30b3\u30eb\u306f\u3001\u3053\u306e\u3088\u3046\u306a\u653b\u6483\u306b\u5bfe\u3059\u308b\u3088\u308a\u5f37\u529b\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u63d0\u4f9b\u3059\u308b\u305f\u3081\u306b\u9032\u5316\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

            3. \n

              AI\u99c6\u52d5\u578b\u9632\u885b<\/strong>\u4eba\u5de5\u77e5\u80fd\u3068\u6a5f\u68b0\u5b66\u7fd2\u306f\u3001DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u3092\u30ea\u30a2\u30eb\u30bf\u30a4\u30e0\u3067\u8b58\u5225\u3057\u3066\u963b\u6b62\u3059\u308b\u4e0a\u3067\u91cd\u8981\u306a\u5f79\u5272\u3092\u679c\u305f\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

              \u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u304c\u3069\u306e\u3088\u3046\u306b\u4f7f\u7528\u3055\u308c\u308b\u304b\u3001\u307e\u305f\u306fDNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u3068\u3069\u306e\u3088\u3046\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u308b\u304b<\/h2>\n

              \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306b\u95a2\u3057\u3066 2 \u3064\u306e\u5f79\u5272\u3092\u679c\u305f\u3057\u307e\u3059\u3002\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u6f5c\u5728\u7684\u306a\u30bf\u30fc\u30b2\u30c3\u30c8\u306b\u3082\u306a\u308a\u3001\u8cb4\u91cd\u306a\u9632\u5fa1\u8005\u306b\u3082\u306a\u308a\u5f97\u307e\u3059\u3002<\/p>\n

                \n
              1. \n

                \u76ee\u6a19<\/strong>: \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u304c\u8aa4\u3063\u3066\u69cb\u6210\u3055\u308c\u3066\u3044\u305f\u308a\u8106\u5f31\u6027\u304c\u3042\u3063\u305f\u308a\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u304c\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u5bfe\u3057\u3066 DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u3092\u958b\u59cb\u3059\u308b\u305f\u3081\u306e\u30a8\u30f3\u30c8\u30ea \u30dd\u30a4\u30f3\u30c8\u306b\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

              2. \n

                \u30c7\u30a3\u30d5\u30a7\u30f3\u30c0\u30fc<\/strong>\u4e00\u65b9\u3001\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u5916\u90e8\u30ea\u30bd\u30fc\u30b9\u9593\u306e\u4ef2\u4ecb\u5f79\u3068\u3057\u3066\u6a5f\u80fd\u3057\u3001\u60aa\u610f\u306e\u3042\u308b DNS \u5fdc\u7b54\u3092\u691c\u51fa\u3057\u3066\u9632\u6b62\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

                OneProxy \u306e\u3088\u3046\u306a\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u306b\u3068\u3063\u3066\u3001DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u304b\u3089\u4fdd\u8b77\u3059\u308b\u305f\u3081\u306b\u30b7\u30b9\u30c6\u30e0\u3092\u7d99\u7d9a\u7684\u306b\u76e3\u8996\u304a\u3088\u3073\u66f4\u65b0\u3059\u308b\u3053\u3068\u304c\u91cd\u8981\u3067\u3059\u3002<\/p>\n

                \u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n

                DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u6b21\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n

                  \n
                1. DNS \u518d\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0 (Dan Kaminsky \u8457)<\/a><\/li>\n
                2. \u30b9\u30bf\u30f3\u30d5\u30a9\u30fc\u30c9\u5927\u5b66\u306b\u3088\u308b DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306e\u7406\u89e3<\/a><\/li>\n
                3. \u30d6\u30e9\u30a6\u30b6 RASP \u306b\u3088\u308b DNS \u518d\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306e\u691c\u51fa<\/a><\/li>\n<\/ol>\n

                  DNS \u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u3084\u305d\u306e\u4ed6\u306e\u65b0\u305f\u306a\u8105\u5a01\u304b\u3089\u8eab\u3092\u5b88\u308b\u306b\u306f\u3001\u6700\u65b0\u306e\u653b\u6483\u624b\u6cd5\u306b\u3064\u3044\u3066\u5e38\u306b\u60c5\u5831\u3092\u5165\u624b\u3057\u3001\u30d9\u30b9\u30c8 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u63a1\u7528\u3059\u308b\u3053\u3068\u304c\u4e0d\u53ef\u6b20\u3067\u3042\u308b\u3053\u3068\u3092\u5fd8\u308c\u306a\u3044\u3067\u304f\u3060\u3055\u3044\u3002<\/p>","protected":false},"featured_media":476922,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-476921","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about DNS Rebinding Attack: An In-Depth Exploration<\/mark>","faq_items":[{"question":"What is DNS rebinding attack?","answer":"

                  DNS rebinding attack is a sophisticated method used by malicious actors to exploit web browsers and their security mechanisms. It leverages the inherent trust in DNS (Domain Name System) to bypass the Same-Origin Policy (SOP) enforced by web browsers. This attack can be used to target users visiting websites that interact with network services, such as routers, cameras, printers, or even internal corporate systems. By manipulating DNS responses, attackers can gain unauthorized access to sensitive information, execute arbitrary code, or carry out other malicious actions.<\/p>"},{"question":"How did DNS rebinding attack originate?","answer":"

                  The concept of DNS rebinding was first introduced by Daniel B. Jackson in his Master's thesis in 2005. However, it gained significant attention after Jeremiah Grossman's blog post in 2007, describing practical implementations to exploit web browsers and devices behind a victim's firewall.<\/p>"},{"question":"How does DNS rebinding attack work?","answer":"

                  DNS rebinding attack involves a multi-step process where attackers trick victims' web browsers into making unintended requests to arbitrary domains. The attack generally follows these steps:<\/p>

                  1. Initial Access: The victim visits a malicious website or clicks on a malicious link.<\/li>
                  2. Domain Resolution: The victim's browser sends a DNS request to resolve the domain associated with the malicious website.<\/li>
                  3. Short-lived Legitimate Response: The DNS response contains an IP address pointing to the attacker's server initially but quickly changes to a legitimate IP, such as that of a router or an internal server.<\/li>
                  4. Same-Origin Policy Bypass: Due to the short TTL of the DNS response, the victim's browser considers the malicious origin and the legitimate origin as the same.<\/li>
                  5. Exploitation: The attacker's JavaScript code can now make cross-origin requests to the legitimate domain, exploiting vulnerabilities in devices and services accessible from that domain.<\/li><\/ol>"},{"question":"What are the key features of DNS rebinding attack?","answer":"

                    DNS rebinding attack exhibits several key features that make it a potent threat:<\/p>

                    1. Stealthiness: It can evade traditional network security measures by leveraging the victim's browser and the DNS infrastructure.<\/li>
                    2. Cross-Origin Exploitation: Attackers can bypass SOP, enabling them to interact with networked devices or services that should be inaccessible from the web.<\/li>
                    3. Short Time Window: The attack relies on the short TTL value to quickly switch between the malicious and legitimate IP addresses, making detection and mitigation challenging.<\/li>
                    4. Device Exploitation: DNS rebinding often targets IoT devices and networked equipment that may have security vulnerabilities, turning them into potential attack vectors.<\/li>
                    5. User Context: The attack occurs in the context of the victim's browser, potentially allowing access to sensitive information or authenticated sessions.<\/li><\/ol>"},{"question":"What types of DNS rebinding attack exist?","answer":"

                      There are different variations of DNS rebinding attack techniques, each with specific characteristics and goals. Some common types include:<\/p>