[dns-operations] More detail on the EA/Origin "subdomain hijack"?

Barry Raveendran Greene bgreene at senki.org
Thu Jun 27 10:59:36 UTC 2019 

This vector - if used - would leave finger prints all over the place. It is feasible, but is it criminally practical without getting caught?

> On Jun 27, 2019, at 15:00, Daniel Stirnimann <daniel.stirnimann at switch.ch> wrote:
> 
> I did a little research on this in 2017 [1]. I have not seen any cloud provider trying to prevent this kind of attack. In my experience AWS is better then most others as they add a 10 digit random number to your hostname. However, if you delegate something to AWS and forget to remove your delegation after its use, then it is easy to reclaim that delegation by a third-party. Here is a nice one from Azure: mybrowser.microsoft.com
> 
> Daniel
> 
> [1] https://securityblog.switch.ch/2017/11/14/subdomain-hijacking/
> 
> ________________________________________
> Von: dns-operations [dns-operations-bounces at dns-oarc.net]" im Auftrag von "Viktor Dukhovni [ietf-dane at dukhovni.org]
> Gesendet: Donnerstag, 27. Juni 2019 02:11
> An: dns-operations at dns-oarc.net
> Betreff: [dns-operations] More detail on the EA/Origin "subdomain hijack"?
> 
> Anyone have more detail on:
> 
>    https://arstechnica.com/information-technology/2019/06/security-firms-demonstrate-subdomain-hijack-exploit-vs-eaorigin/
> 
> It seems that it may be possible, with some cloud providers, for a
> new customer to request to use the same cloud DNS name as a previous
> customer?  If so, why?
> 
> --
>        Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list