1. DNS/danglingDNSrecords
Dangling Domains: Security Threats, Detection and Prevalence
By Daiping Liu and Ruian Duan September 16, 2021 at 6:00 AM Category: Unit 42
Tags: dangling domains, DNS, DNS security, domain, domain hijacking, Phishing
https://unit42.paloaltonetworks.com/dangling-domains/
ダングリングドメインによるセキュリティ脅威とその検出および蔓延状況
Executive Summary The Domain Name System (DNS) provides the naming service which maps mnemonic domain names to various resources such as IP addresses, email servers and so on. As one of the most fundamental internet components, DNS and domain names usually serve as trusted anchors for users to access desired internet resources. As a result, threat actors constantly attempt to exploit DNS for illicit online activities. In particular, many attackers try to hijack domains with benign reputations. Several well-known techniques, including cache poisoning, malicious resolvers and domain registrar account hijacking, are used to achieve domain hijacking. However, great efforts like DNSSEC have been made to strengthen the DNS ecosystem in recent decades, and these hijacking techniques have become more challenging to achieve in practice.
役に立たない要約だ。
1.1. 2023
https://dl.acm.org/doi/10.1145/2976749.2978387
Zhang M, Li X, Liu B, Lu J, Zhang Y, Chen J, Duan H, Hao S and Zheng X. (2023). Detecting and Measuring Security Risks of Hosting-Based Dangling Domains.
- Proceedings of the ACM on Measurement and Analysis of Computing Systems. 7:1. (1-28). Online publication date: 27-Feb-2023.
../danglingCNAMEs /BestPractices /awsdns
1.2. 2017
Dangling DNS Records are a Real Vulnerability Nabeel Yoosuf
Jan 2, 2017 · 7 min read https://medium.com/@nabeelxy/dangling-dns-records-are-a-real-vulnerability-361f2a29d37f
1.3. 2019
Dangling DNS is no laughing matter
- 23rd May 2019
Brett Carr headshot
https://nominetcyber.com/dangling-dns-is-no-laughing-matter/
Remove AWS Route 53 Dangling DNS Records https://www.cloudconformity.com/knowledge-base/aws/Route53/dangling-dns-records.html
Tool to tackle problematic dangling domains in Amazon Web Services. https://github.com/tacticaljmp/danglingaws
Fishing the AWS IP Pool for Dangling https://know.bishopfox.com/blog/2015/10/fishing-the-aws-ip-pool-for-dangling-domains
1.4. 2016
All Your DNS Records Point to Us Understanding the Security Threats of Dangling DNS Record
Daiping Liu*, Shuai Hao*†, and Haining Wang
https://www.eecis.udel.edu/~hnw/paper/ccs16a.pdf (2016)
ABSTRACT
In a dangling DNS record (Dare), the resources pointed to by theDNS record are invalid, but the record itself has not yet been purged from DNS.
In this paper, we shed light on a largely overlookedthreat in DNS posed by dangling DNS records. Our work reveals that Dare can be easily manipulated by adversaries for domain hijacking.
In particular, we identify three attack vectors that an adversary can harness to exploit Dares.
In a large-scale measurementstudy, we uncover 467 exploitable Dares in 277 Alexa top 10,000domains and 52edu zones, showing that Dare is a real, preva-lent threat.
By exploiting these Dares, an adversary can take fullcontrol of the (sub)domains and can even have them signed with aCertificate Authority (CA).
It is evident that the underlying causeof exploitable Dares is the lack of authenticity checking for theresources to which that DNS record points.
We then propose three defense
Getting the Alexa top 1 million sites directly from the server, unzipping it, parsing the csv and getting each line as an array.
https://gist.github.com/chilts/7229605