[dns-operations] FireEye reports long-running DNS hijacking campaign

Bill Woodcock woody at pch.net
Sat Jan 12 21:37:24 UTC 2019



> On Jan 12, 2019, at 12:13 PM, John Levine <johnl at taugh.com> wrote:
> 
> In article <B8FCE660-2F65-474E-8A6B-7BD59985A7A2 at pch.net> you write:
>> Again, DNSSEC validation was the _only_ method that protected anyone in this attack.  Though of course DANE would have as well, had it
>> been available.
> 
> How would DNSSEC help?

It blocked email clients’ access to the IMAP credential-harvesting proxy.

> If they can break into the victim's registrar account, they can change the DS record.

We can all hypothesize other attacks.  If you’re interested in this actual attack, I’m happy to answer the questions that I can.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190112/6f5e954a/attachment.sig>


More information about the dns-operations mailing list