1. DNS/orphaned_internet

Contents

  1. DNS/orphaned_internet
    1. The Managed DNS Vulnerability
      1. The root of this vulnerability
    2. 日本

DNS/lame_delegation

https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/

December 05, 2016

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean 

It turns out this vulnerability affects just about every popular managed DNS provider on the web. 
If you run a managed DNS service, it likely affects you too.

1.1. The Managed DNS Vulnerability

1.1.1. The root of this vulnerability

ドメイン名の権利確認をすることなしにゾーンを作成することを認めている。(2012年に指摘したのだが。)

The root of this vulnerability occurs when a managed DNS provider allows someone to add a domain to their account _without any verification of ownership of the domain name itself._

This is actually an incredibly common flow and is used in cloud services such as AWS, Google Cloud, Rackspace and of course, Digital Ocean.

"AWS responded quickly and fixed the problem." とあるが、今も乗取可能である。-- ToshinoriMaeno 2020-04-28 07:21:12

1.2. 日本

日本では2012年に話題になった。

DNS/共用ゾーンサービス/さくら DNS/domain_owner

Here’s how one guy found out how to hack 120,000 domain names

by Morgan on December 6, 2016

https://morganlinton.com/heres-how-one-guy-found-out-how-to-hack-120000-domain-names/