= DNS/hijacking/thehackerblog = <> <> https://news.ycombinator.com/from?site=thehackerblog.com == thehackerblog == [[/Floating Domains]] – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System August 25, 2016 https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/ ---- https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/index.html The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean December 05, 2016 == The Managed DNS Vulnerability == {{{ The issue occurs when a domain name is used with one of these cloud services and the zone is later deleted without also changing the domain’s nameservers. }}} {{{ This means that the domain is still fully set up for use in the cloud service but has no account with a zone file to control it. In many cloud providers this means that anyone can create a DNS zone for that domain and take full control over the domain. }}} {{{ This allows an attacker to take full control over the domain to set up a website, issue SSL/TLS certificates, host email, etc. Worse yet, after combining the results from the various providers affected by this problem over 120,000 domains were vulnerable (likely many more). }}} == Detecting Vulnerable Domains via DNS == {{{ If the domain is vulnerable then the nameservers will return either a SERVFAIL or REFUSED DNS error. }}} Google Cloud DNS (~2.5K Domains Affected, Patched) どう対応したかは不明。 Amazon Web Services – Route53 (~54K Domains Affected, Multiple Mitigations Performed) Route53 documentation, notifies users of this issue;; You now get the following warning when you delete a zone in Route53: Rackspace (~44K Domains Affected, Won’t Fix)