1. awsdns 乗取

../乗取事例 watchA/awsdns/乗取

/jp

/2021-12-03

1.1. 乗取を疑うドメイン

登録NS(通常は4こ)のうち、3こがREFUSEDを返し、ひとつだけが登録NSではないNSを返すドメイン

公表するのは攻撃者を助けることになるので、控えるしかない。

1.2. lame delegation

The Orphaned Internet

https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/

1.3. Route53の対応

Follow up call with someone from the Route53 team discussing Amazon’s remediation strategy and next steps.

Their plan was three pronged in approach:

Raise awareness by updating existing Route53 documentation to explicitly mention that nameservers should be changed if a zone is deleted from Route53. This was already updated when I had the call with them.

Add a UI warning in the AWS control panel which notifies users of this issue upon a user attempting to delete a Route53 zone.

Reach out to affected customers.

All of the above steps were indeed taken by Amazon.

You now get the following warning when you delete a zone in Route53:

これらの対応で十分だと考えているのなら、技術不足だ。

しかも、いまも乗取られていると思われるドメインが残っている。-- ToshinoriMaeno 2020-05-16 09:48:05

https://securitytrails.com/domain/mozillascience.com/history/ns

<< <  2020 / 12 >  >>
Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/awsdns/乗取 (last edited 2021-12-03 07:34:29 by ToshinoriMaeno)