[dns-operations] FireEye reports long-running DNS hijacking campaign

Cricket Liu cricket at infoblox.com
Sat Jan 12 20:50:24 UTC 2019


Actually, DNSSEC would have helped in the scenario in which the bad guys only compromised the “dashboard” that let them modify the authoritative zone data. Presumably that wouldn’t have allowed them to change the DS RR—that would have required access to their registrar account. 

Cricket

> On Jan 12, 2019, at 12:22 PM, John Levine <johnl at taugh.com> wrote:
> 
> In article <B8FCE660-2F65-474E-8A6B-7BD59985A7A2 at pch.net> you write:
>> Again, DNSSEC validation was the _only_ method that protected anyone in this attack.  Though of course DANE would have as well, had it
>> been available.
> 
> How would DNSSEC help?  If they can break into the victim's registrar
> account, they can change the DS record.
> 
> I agree DNSSEC would fix the #3 scenario where they're rewriting DNS
> records in the middle somewhere, but not #1 and #2.
> 
> R's,
> John
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.dns-2Doarc.net_mailman_listinfo_dns-2Doperations&d=DwICAg&c=CWsWqoUynJrLESJQduOsxQ&r=uA3zJBZARmPCCWmTYBLk07UikWEyE9AKvAmI_Idoujg&m=Cr9Qe0THWo9g5NqF_oYzUx1hH3dWqSJBJKyaPBBghSI&s=cwe21bcs9g4XyS4_AwTB8fuyjmw1xLVhEKLdSi_WZCE&e=
> dns-operations mailing list
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.dns-2Doarc.net_mailman_listinfo_dns-2Doperations&d=DwICAg&c=CWsWqoUynJrLESJQduOsxQ&r=uA3zJBZARmPCCWmTYBLk07UikWEyE9AKvAmI_Idoujg&m=Cr9Qe0THWo9g5NqF_oYzUx1hH3dWqSJBJKyaPBBghSI&s=cwe21bcs9g4XyS4_AwTB8fuyjmw1xLVhEKLdSi_WZCE&e=




More information about the dns-operations mailing list