Eradicating Attacks on the Internal Network with Internal Network Policy

In this paper we present three attacks on private internal networks behind a NAT and a corresponding new protection mechanism, Internal Network Policy, to mitigate a wide range of attacks that penetrate internal networks behind a NAT. In the attack scenario, a victim is tricked to visit the attacker's website, which contains a malicious script that lets the attacker access the victim's internal network in different ways, including opening a port in the NAT or sending a sophisticated request to local devices. The first attack utilizes DNS Rebinding in a particular way, while the other two demonstrate different methods of attacking the network, based on application security vulnerabilities. Following the attacks, we provide a new browser security policy, Internal Network Policy (INP), which protects against these types of vulnerabilities and attacks. This policy is implemented in the browser just like Same Origin Policy (SOP) and prevents malicious access to internal resources by external entities.