DNS Rebinding Attack: What it is, why it’s risky, and how to block it

DNS Rebinding Attack

What it is

DNS rebinding is a web trick that makes your browser talk to places it normally shouldn’t - like your home router, NAS, or an internal app - by rapidly changing a site’s DNS answer. You think you’re visiting a normal page; your browser is quietly asked to call your private network.

How it works 

  • You open a booby-trapped website.

  • That site’s DNS first points to the attacker’s server, then quickly “rebinds” to an address on your private network (e.g., 192.168.x.x).

  • Your browser, which can reach your LAN, is used as a proxy to poke internal devices, steal data, or change settings.

What you might notice

  • Router or smart-home settings changed without you doing it

  • Admin pages opening without a login prompt (weak devices)

  • Odd behavior on internal apps after visiting a sketchy site

If you suspect it 

  1. Close the tab and disconnect from suspicious Wi-Fi.

  2. Reboot your router; update its firmware and change the admin password.

  3. Turn off remote admin on routers/IoT and require logins for all internal services.

  4. Scan PCs/phones for malware; review device logs if available.

Prevent it

  • Keep routers, NAS, and IoT updated; disable unauthenticated APIs/admin pages.

  • Use a DNS filter that blocks rebinding (many resolvers have anti-rebinding).

  • Prefer hostnames with authentication for internal apps; avoid exposing them to the internet.

  • Set browser and network CORS/CSRF protections on internal web apps if you run them.

  • Segment your network (separate VLAN/Wi-Fi for IoT) so one device can’t see everything.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • DNS Blocking

        What it is DNS blocking is a simple filter for where devices are allowed to go on the internet. When a user tries to visit a domain on the block list, the DNS resolver refuses or sends them nowhere - so risky or unwanted sites never load. How it ...

      • DNS Firewall

        Why it matters Most attacks start with a click or a background connection. Stopping bad domains at the DNS layer cuts off malware downloads, phishing pages, and command-and-control beacons without slowing users or changing their workflow. How it ...

      • DNS Filtering

        Why it matters Most threats start with a click. Stopping connections at the DNS layer cuts off malware downloads, command-and-control beacons, and fake login pages -without slowing users or breaking trusted sites. How it works Your device asks DNS ...

      • Computer Network Attack

        What it is A computer network attack is a deliberate hit on your systems to break, slow, or quietly take control. Attackers exploit weak spots in apps, devices, or configurations to spread malware, steal data, or flood services with traffic (DDoS) ...

      • NDR (Network Detection And Response)

        What it is Network Detection and Response (NDR) watches live network traffic to spot and investigate suspicious behavior in real time. Instead of relying on signatures, it analyzes patterns and anomalies to catch threats moving across your ...