DNS/毒盛/攻撃手法/移転インジェクション/確認方法/unbound

DNS/毒盛/移転インジェクション/確認方法/unboundについて、ここに記述してください。

unbound 1.7.0; flip.e-ontap.com に配下の異なる名前を問い合わせることで、

問い合わせ先が変化することを見る。

この変化はquery response中のAuthority/Additional sectionによるキャッシュ上書きが起きていることを示す。

../unbound-0 にあるテスト方法では、途中のNSレコードqueryが発生している可能性があった。
- そのため、Authority Sectionによる上書きが起きなかったという推測ができる。
BINDではリゾルバーから権威サーバーへのNSレコードqueryはまず発生しない。

-- ToshinoriMaeno 2018-04-07 14:05:25

%dig e1.flip.e-ontap.com @127.0.0.2                                     ~

; <<>> DiG 9.11.2 <<>> e1.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56294
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e1.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
e1.flip.e-ontap.com.    45      IN      A       150.42.6.1

;; AUTHORITY SECTION:
flip.e-ontap.com.       3585    IN      NS      ns.flip.internot.jp.

;; Query time: 0 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 15:57:49 JST 2018
;; MSG SIZE  rcvd: 97

15:57f%dig e2.flip.e-ontap.com @127.0.0.2                                     ~

; <<>> DiG 9.11.2 <<>> e2.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6437
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e2.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
e2.flip.e-ontap.com.    60      IN      A       150.42.6.5

;; AUTHORITY SECTION:
flip.e-ontap.com.       3579    IN      NS      ns.flip.internot.jp.

;; Query time: 12 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 15:57:55 JST 2018
;; MSG SIZE  rcvd: 97

15:57f%dig e3.flip.e-ontap.com @127.0.0.2                                     ~

; <<>> DiG 9.11.2 <<>> e3.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33407
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e3.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
e3.flip.e-ontap.com.    60      IN      A       150.42.6.5

;; AUTHORITY SECTION:
flip.e-ontap.com.       3525    IN      NS      ns.flip.internot.jp.

;; Query time: 13 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 15:58:49 JST 2018
;; MSG SIZE  rcvd: 97

15:58f%dig e3.flip.e-ontap.com @127.0.0.2                                     ~

; <<>> DiG 9.11.2 <<>> e3.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31778
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e3.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
e3.flip.e-ontap.com.    11      IN      A       150.42.6.5

;; AUTHORITY SECTION:
flip.e-ontap.com.       3476    IN      NS      ns.flip.internot.jp.

;; Query time: 0 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 15:59:38 JST 2018
;; MSG SIZE  rcvd: 97

15:59f%dig e4.flip.e-ontap.com @127.0.0.2                                     ~

; <<>> DiG 9.11.2 <<>> e4.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34150
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e4.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
e4.flip.e-ontap.com.    60      IN      A       150.42.6.5

;; AUTHORITY SECTION:
flip.e-ontap.com.       3465    IN      NS      ns.flip.internot.jp.

;; Query time: 12 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 15:59:49 JST 2018
;; MSG SIZE  rcvd: 97

15:59f%dig e5.flip.e-ontap.com @127.0.0.2                                     ~

; <<>> DiG 9.11.2 <<>> e5.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45787
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e5.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
e5.flip.e-ontap.com.    60      IN      A       150.42.6.5

;; AUTHORITY SECTION:
flip.e-ontap.com.       3600    IN      NS      ns.flip.e-ontap.com.

;; ADDITIONAL SECTION:
ns.flip.e-ontap.com.    3600    IN      A       150.42.6.1

;; Query time: 12 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 16:00:22 JST 2018
;; MSG SIZE  rcvd: 97

16:00f%dig e6.flip.e-ontap.com @127.0.0.2                                     ~

; <<>> DiG 9.11.2 <<>> e6.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3080
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e6.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
e6.flip.e-ontap.com.    60      IN      A       150.42.6.1

;; AUTHORITY SECTION:
flip.e-ontap.com.       3407    IN      NS      ns.flip.e-ontap.com.

;; ADDITIONAL SECTION:
ns.flip.e-ontap.com.    3575    IN      A       150.42.6.1

;; Query time: 12 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 16:00:47 JST 2018
;; MSG SIZE  rcvd: 97

MoinQ: DNS/毒盛/攻撃手法/移転インジェクション/確認方法/unbound (last edited 2021-05-02 07:23:02 by ToshinoriMaeno)