1. what' wrong with jp.sharp domain DNS setting

The jp.sharp domain DNS setting is vulnerable to a new DNS cache poisoning method. This method exploits a side channel attack to guess the source port number in DNS response packets. Once the source port number is known, the attacker can then use this information to poison the DNS cache of the victim.

The vulnerability is caused by the way that jp.sharp handles HTTPS (Type65) RRs. When a client queries for a domain that has an HTTPS RR, jp.sharp returns the IP address of the HTTPS server in the answer section of the DNS response packet. However, the source port number of the DNS response packet is not always the same as the source port number of the original query packet. This means that an attacker can send a spoofed DNS query to jp.sharp, and the response packet will contain the IP address of the HTTPS server, but the source port number will be different.

The attacker can then use this information to poison the DNS cache of the victim. The attacker can do this by sending a spoofed DNS response packet to the victim, with the IP address of the HTTPS server and the guessed source port number. When the victim's DNS cache receives this packet, it will update the cache with the poisoned information. This means that the victim will be redirected to the attacker's website instead of the legitimate website.

The jp.sharp domain DNS setting is also vulnerable to a denial-of-service attack. This attack works by sending a large number of DNS queries to jp.sharp, with the source port number set to a specific value. This will cause jp.sharp to generate a large number of ICMP port unreachable messages, which can overwhelm the victim's network.

The jp.sharp domain DNS setting is a serious security vulnerability. Users of domains hosted on jp.sharp should be aware of this vulnerability and take steps to protect themselves.

Here are some steps that users can take to protect themselves:

If you are a domain owner, you should contact jp.sharp to report the vulnerability. You should also take steps to protect your domain from attack, such as using a different DNS provider or enabling DNSSEC.

1.1. whois

1.2. history

To mitigate this vulnerability, the jp.sharp domain should disable CNAME flattening and remove the HTTPS (Type65) RR record. Additionally, the domain should implement a rate limit on ICMP port unreachable messages.


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/gTLD/sharp/jp.sharp/vulnerable (last edited 2023-08-20 02:18:45 by ToshinoriMaeno)