
Attacking private networks with DNS rebinding - braxxox
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
======
isostatic
One practical thing that could help (beyond the usual patching and setting
passwords) would be to seperate your networks -- client devices on one subnet,
IOT on another, servers/nas etc on another. Ensure that private IPs are
disjointed (say 10.65.34.128/28, 172.29.34.0/27, 192.168.14.208/29 etc). That
adds layers of obscurity.

Enable multicast between them, pretty tricky for a XSS to know which networks
your IOT devices are on.

Other things you can do (like only allowing control of IOT devices from a
separate admin network for instance) is a matter of security vs convenience.

------
pnunesc
Good read!

