14 Java Security
14.3 Security Threats
14.3.4 DNS Weaknesses
A significant problem arises in JDK and browser implementation of the policy
that an applet can open a TCP/IP connection back to the server it was
loaded from. While this policy is sound, it is not uniformly enforced. The
policy is enforced as follows:
- Get all the IP addresses of the hostname that the applet came from.
- Get all the IP addresses of the hostname that the applet is trying
to connect to.
- If any addresses match, allow connection.
The problem is in the second step: the applet can ask to connect to any
hostname on the Internet, so it can control which DNS supplies the second
list of IP addresses; information from this untrusted DNS server is used to
make an access control decision. There is nothing that prevents an attacker
from creating a DNS server that lies. Using the attacker's DNS server to
provide a pair of addresses, the applet can connect to any host on the
Internet. This attack is very dangerous if the browser is running behind
a firewall, because the malicious applet can attack any machine behind the
firewall. It can use a lot of known network security problems to break into
other nearby machines.
FIGURE 14.3: A Three Party Attack
Figure 14.3 presents an applet that exploits
the DNS weakness to connect to arbitrary hosts on the Internet.
![[PREV]](../images/Nav/Prev.gif)
![[NEXT]](../images/Nav/Next.gif)
![[UP]](../images/Nav/Up.gif)
![[HOME]](../images/Nav/Home.gif)
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996