1. DNS/lame_delegation/GoDaddy

ドメイン名の権利確認はしていない。

$ dig -t ns dnsz.org @ns51.domaincontrol.com

; <<>> DiG 9.16.1-Ubuntu <<>> -t ns dnsz.org @ns51.domaincontrol.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28215
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;dnsz.org.                      IN      NS

;; ANSWER SECTION:
dnsz.org.               3600    IN      NS      ns52.domaincontrol.com.
dnsz.org.               3600    IN      NS      ns51.domaincontrol.com.

;; Query time: 80 msec
;; SERVER: 97.74.105.26#53(97.74.105.26)
;; WHEN: 木 10月 14 09:07:52 JST 2021
;; MSG SIZE  rcvd: 92

dnsz.org.               3600    IN      SOA     ns51.domaincontrol.com. dns.jomax.net. 2021101301 28800 7200 604800 600

<< <  2019 / 10 >  >>
Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

1.1. GoDaddy

https://arstechnica.com/information-technology/2019/01/godaddy-weakness-let-bomb-threat-scammers-hijack-thousands-of-big-name-domains/

GoDaddy weakness let bomb threat scammers hijack thousands of big-name domains Revealed: How domains owned by Expedia, Mozilla, and Yelp sent bomb hoaxes.

Dan Goodin - 1/23/2019, 2:57 PM

117個のNS名がある。

domaincontrol下では3000ドメインあまりのlameドメインを検出した。

観察を続ける気がしないので、これらは気がむいたら、調べます。 午後7:16 · 2019年10月22日

すでに大きな問題が発生していた。DNS/業者/GoDaddy

1.2. Krebs

Ronald Guilmette による報告

https://krebsonsecurity.com/tag/ron-guilmette/

https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com https://network-securitas.com/2019/01/22/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned.


1.3. hackernews

Vulnerability in GoDaddy allowed to "steal" other people's domains hacker, SecurityLAB

https://hackernews.blog/tag/spammy-bear/

https://www.mcclatchydc.com/news/nation-world/national/article224961375.html

GoDaddy weakness let bomb threat scammers hijack thousands of big-name domains

https://arstechnica.com/information-technology/2019/01/godaddy-weakness-let-bomb-threat-scammers-hijack-thousands-of-big-name-domains/

Commandeered by Spammy Bear

An analysis of historical Internet records compiled by independent researcher Ronald Guilmette shows that ...

“The domains that I have identified as being stolen are *not* simply ones that some bad actor has put entirely fraudulent WHOIS data in for,” Guilmette wrote in a preliminary report sent to a handful of reporters.

“The WHOIS data *is* correct, most probably on 100% of the suspect domains I have identified.
 The domains *do* belong to the people and companies reflected in the WHOIS records.
 They have just been temporarily commandeered by Spammy Bear, as I've said from the beginning.”

Half a million domains up for grabs

Two nights ago, Guilmette downloaded a complete copy of the zone file for domains ending in .com and identified 34 million that pointed to GoDaddy DNS servers.

Then he checked to see how many of them weren't resolvable.
  The answer: almost 262,000. 

When considering the 74 million domain names GoDaddy says it manages, Guilmette estimates GoDaddy's weakness left more than 553,000 domains vulnerable to hijacking.

The take-away from all of this is that for two years GoDaddy’s DNS service has supplied some of the most nefarious scammers on the Internet with an almost unlimited number of high-value domains.

While the abuse relied on domain holders not properly locking down their DNS records, Bryant made a compelling argument that it was the DNS providers who are ultimately responsible for the abuse of their services.

“A lot of providers say: ‘It’s not our fault. It’s a user mistake,’” Bryant explained.

“But if the case is that the user is going to make this mistake every time, it’s still a problem and it causes very real issues. Everybody can say: 'It’s this person’s responsibility. It’s not ours.’ But at the end of the day, it’s the providers who are going to have to take responsibility to get it fixed.”

Moin2Qmail: DNS/lame_delegation/共用サービス/GoDaddy (last edited 2021-10-14 00:08:55 by ToshinoriMaeno)