Well test it in your browser from this page, and see that NoScript protects you:
http://www.jumperz.net/index.php?i=2&a=1&b=8In short, anti-dns pinning and dns-rebinding attacks can be used to make your browser think it can send information X to site B, since site B belongs to same site as site A (which is some good site). This can be exploited simply over the browser window using javascript, java or flash. Using this kind of attack, the owner of any www-page can get access to your internal network, such as router, external firewall, other computers in your LAN, etc. etc. because your computer is being told that site B is located on the same domain/IP that the site A is (and your computer thinks it safe to send such information there therefore).
Now, browsers have been protected against this kind of attacks for some time now. However, javascript, java and flash arent. They are still vulnerable.
This sound pretty damm serious if you have anything inside your own LAN that is not firewalled or if you dont have good passphrases on your router/modem!!!
More information in here
- »crypto.stanford.edu/dns/
- »www.doxpara.com/DMK_BO2K7_Web.ppt
- »crypto.stanford.edu/dns/dns-rebinding.pdf
Tests
- »www.jumperz.net/index.php?i=2&a=1&b=7
- »www.jumperz.net/index.php?i=2&a=3&b=3
- »www.jumperz.net/index.php?i=2&a=1&b=9
--
pol
P.S. From the implication you will get this online javascript port scanner:
http://www.gnucitizen.org/projects/javascript-port-scanner/enjoy,
D