## page was copied from DnsTemplate ##master-page:HelpTempl = takeovers = <> <> https://twitter.com/ataudte/status/1635186454912712704?s=20 https://twitter.com/silentpush/status/1643554158891487232?s=20 ドメイン乗取、ハイジャックなどとも言われる。 どういう状況を指すかはひとに依る。 奪取というのがふさわしい状況を指す名詞らしいので、lame delegation を利用したなりすましとは共存する状況はない。 手段、手法などもはっきり定義されていない。ひとに依る。 ---- [[/guide]] A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers https://blog.projectdiscovery.io/guide-to-dns-takeovers/ Currently known vulnerable DNS services EdOverflow / can-i-take-over-xyz https://github.com/EdOverflow/can-i-take-over-xyz?ref=projectdiscovery-io-blog 5 Ways to Exploit a Domain Takeover Vulnerability Yash Anand October 28, 2021 https://redhuntlabs.com/blog/5-ways-to-exploit-a-domain-takeover-vulnerability.html [[/5ways]] == cloudflare == [[/cloudflare]] == Google == How to take over a subdomain in Google Cloud DNS Mark van Holsteijn on Jan 27, 2022 / https://binx.io/2022/01/27/how-to-take-over-a-subdomain-in-google-cloud-dns/ detect and resolve DNS dangling / sub-domain takeover in GCP Posted on 07-18-2022 05:24 AM https://www.googlecloudcommunity.com/gc/Security/detect-and-resolve-DNS-dangling-sub-domain-takeover-in-GCP/m-p/446094 https://github.com/manasmbellani/athena-cloud-dns-takeover == Marzano == Mining Takeovers for Fun and Profit Artur Marzano 2023-03-02 https://www.linkedin.com/pulse/mining-takeovers-fun-profit-artur-marzano === Introduction === This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains. In this experiment I will show how I was able to find with little effort more than 200 domains that could be theoretically taken over across different providers and parent domains by using data from a public search tool (SecurityTrails) and an open-source repository (can-i-take-over-dns). Please note that I did not find any new vulnerabilities nor develop any sort of attack tools or techniques during this research. I just analyzed what was already there, not being responsible in any way for whatever damages could be caused by the usage of the methods described below. cloudflare は除外したとある。awsdnsは vulnerableではないとの扱いだ。:ー) Azure, NS1, Google Cloud が主なところらしい。 == 2020 == https://internet.watch.impress.co.jp/docs/event/1297384.html == 2018 == もし、ドメイン名が他人にハイジャックされたら? 平成の記憶から学ぶ、その手口と対策 遠山 孝 2018年12月7日 14:35 https://internet.watch.impress.co.jp/docs/event/1157248.html DNSテイクオーバーを題材に~ ランチのおともにDNS === 対策案 === Lame Delegation Cleanup. Registrars Nameserver Segregation. Providers Detection & Response. Providers Developing Awareness. {{{ Vulnerable providers can warn customers explicitly when they try to remove a zone, informing them that they must remove the NS record at their registrar prior to removing the delegated zone. }}} {{{ Finally, about the title of the article - I did have lots of fun doing this, but I didn't really profit anything, so for now I just hope this article was instructive for readers and that this will inspire researchers, registrars and providers to think about the problem =) }}} ---- CategoryDns CategoryWatch CategoryTemplate