Differences between revisions 11 and 12
Revision 11 as of 2022-04-16 23:44:01
Size: 4252
Comment:
Revision 12 as of 2022-04-16 23:45:21
Size: 4253
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
= DNS/ドメイン名乗取 = = DNS/ドメイン名/乗取 =

1. DNS/ドメイン名/乗取

「ドメイン名ハイジャック」とも言われるが、用語としては不適切です。DNS/乗取

  • とは言え、海外でも使われているので、なにを指すかに注意が必要です。

乗取られた状態(結果)を示す言葉である。

  • 詐欺が目的だと思うなら、詐欺の手段でもある。

「キャッシュサーバーに毒を盛る」方法以外に、直接的にドメイン名を乗っ取る方法を調べる。

-- ToshinoriMaeno 2017-09-08 01:01:31

存在しないドメインを指すNSレコード (visa.co.jp とか消防庁とか)

ドメイン名の乗っ取りに関する注意 https://jprs.jp/registration/domain-hijacking/

このときのツッコミ不足を認識した。 https://twitter.com/qmailjp/status/202698544359026688?s=20

DNS/類似ドメイン名により誘導するものは含めないことにする。

-- ToshinoriMaeno 2017-11-26 02:01:54

1.1. 2019

(緊急)米国国土安全保障省によるDNS設定の改ざんに関する緊急指令の公開について

  • 株式会社日本レジストリサービス(JPRS)
    • 初版作成 2019/01/28(Mon)

https://jprs.jp/tech/security/2019-01-28-cisa-emergency-directive.html

(緊急)登録情報の不正書き換えによるドメイン名ハイジャックとその対策 について(2015年5月26日更新)

https://jprs.jp/tech/security/2014-11-05-unauthorized-update-of-registration-information.html

https://jprs.jp/tech/security/2014-11-05-unauthorized-update-of-registration-information.pdf (スライド)

/対策

DNS Abuseと、DNS運用者がすべきこと  2018年11月29日Internet Week2018 ランチセミナー https://jprs.jp/tech/material/iw2018-lunch-L3-01.pdf

/JPRS2018


18 Feb 19 A Deep Dive on the Recent Widespread DNS Hijacking Attacks https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/

https://www.ch.com/2019/01/global-dns-hijacking-campaign

1.2. tampering

Why CISA issued our first Emergency Directive

By Christopher Krebs, Director January 24, 2019 https://cyber.dhs.gov/blog/#why-cisa-issued-our-first-emergency-directive

Emergency Directive 19-01

January 22, 2019 Mitigate DNS Infrastructure Tampering https://cyber.dhs.gov/ed/19-01/

https://cyber.dhs.gov/assets/report/ed-19-01.pdf

Required Actions:

Action One: Audit DNS Records • Within IO business days, for all .gov or other agency-managed domains, audit public DNS records on all authoritative and secondary DNS servers to verify they resolve to the intended location. If any do not, report them to CISA.

Cf SA recommends agencies prioritize NS records and those associated with key agency services offered to organizational users and the public (for example, websites that are central to the agency's mission, MX records, or other services with high utilization).

Action Two: Change DNS Account Passwords • Within 10 business days, update the passwords for all accounts on systems that can make changes to your agency's DNS records. 2

  • CISA recommends the use of password managers to facilitate complex and unique passwords.

Action Three: Add Multi-Factor Authentication to DNS Accounts • Within IO business days, implement multi-factor authentication (MF A) for all accounts on systems that can make changes to your agency's DNS records.3 IfMFA cannot be enabled, provide CISA with the names of systems, why it cannot be enabled within the required timeline, and when it could be enabled.

CISA recommends using additional factors that are resilient to phishing. Consistent with NIST SP 800-63B, Short Message Service (SMS)-based MF A is not recommended

MoinQ: DNS/ドメイン名/乗取 (last edited 2023-03-21 00:12:57 by ToshinoriMaeno)