## page was copied from DnsTemplate ##master-page:HelpTemplate = awsdns 乗取 = <> [[../乗取事例]] [[watchA/awsdns/乗取]] [[/jp]] [[/2021-12-03]] <> == 乗取を疑うドメイン == 登録NS(通常は4こ)のうち、3こがREFUSEDを返し、ひとつだけが登録NSではないNSを返すドメイン こういうのを300件以上把握している。 -- ToshinoriMaeno <> 公表するのは攻撃者を助けることになるので、控えるしかない。 某組織に届けたケースは改善されていない。乗取を確認できたドメイン名は公表したい。 == lame delegation == The Orphaned Internet https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/ == Route53の対応 == Follow up call with someone from the Route53 team discussing Amazon’s remediation strategy and next steps. Their plan was three pronged in approach: {{{ Raise awareness by updating existing Route53 documentation to explicitly mention that nameservers should be changed if a zone is deleted from Route53. This was already updated when I had the call with them. Add a UI warning in the AWS control panel which notifies users of this issue upon a user attempting to delete a Route53 zone. Reach out to affected customers. }}} All of the above steps were indeed taken by Amazon. You now get the following warning when you delete a zone in Route53: ... これらの対応で十分だと考えているのなら、技術不足だ。 しかも、いまも乗取られていると思われるドメインが残っている。-- ToshinoriMaeno <> https://securitytrails.com/domain/mozillascience.com/history/ns <> {{{ }}} ---- CategoryDns CategoryWatch CategoryTemplate