1. DNS/ドメイン名/乗取




-- ToshinoriMaeno 2017-09-08 01:01:31


存在しないドメインを指すNSレコード (visa.co.jp とか消防庁とか)

ドメイン名の乗っ取りに関する注意 https://jprs.jp/registration/domain-hijacking/

このときのツッコミ不足を認識した。 https://twitter.com/qmailjp/status/202698544359026688?s=20


-- ToshinoriMaeno 2017-11-26 02:01:54


1.1. 2019



(緊急)登録情報の不正書き換えによるドメイン名ハイジャックとその対策 について(2015年5月26日更新)


https://jprs.jp/tech/security/2014-11-05-unauthorized-update-of-registration-information.pdf (スライド)


DNS Abuseと、DNS運用者がすべきこと  2018年11月29日Internet Week2018 ランチセミナー https://jprs.jp/tech/material/iw2018-lunch-L3-01.pdf


18 Feb 19 A Deep Dive on the Recent Widespread DNS Hijacking Attacks https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/


1.2. tampering

Why CISA issued our first Emergency Directive

By Christopher Krebs, Director January 24, 2019 https://cyber.dhs.gov/blog/#why-cisa-issued-our-first-emergency-directive

Emergency Directive 19-01

January 22, 2019 Mitigate DNS Infrastructure Tampering https://cyber.dhs.gov/ed/19-01/


Required Actions:

Action One: Audit DNS Records • Within IO business days, for all .gov or other agency-managed domains, audit public DNS records on all authoritative and secondary DNS servers to verify they resolve to the intended location. If any do not, report them to CISA.

Cf SA recommends agencies prioritize NS records and those associated with key agency services offered to organizational users and the public (for example, websites that are central to the agency's mission, MX records, or other services with high utilization).

Action Two: Change DNS Account Passwords • Within 10 business days, update the passwords for all accounts on systems that can make changes to your agency's DNS records. 2

Action Three: Add Multi-Factor Authentication to DNS Accounts • Within IO business days, implement multi-factor authentication (MF A) for all accounts on systems that can make changes to your agency's DNS records.3 IfMFA cannot be enabled, provide CISA with the names of systems, why it cannot be enabled within the required timeline, and when it could be enabled.

CISA recommends using additional factors that are resilient to phishing. Consistent with NIST SP 800-63B, Short Message Service (SMS)-based MF A is not recommended

Moin2Qmail: DNS/ドメイン名/乗取 (last edited 2022-05-12 13:05:07 by ToshinoriMaeno)