[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security

To: "[email protected]" <[email protected]>
Subject: Re: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
From: Christian Saunders <[email protected]>
Date: Thu, 21 Feb 2019 21:17:38 +0000
Accept-language: en-GB, en-US
Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/V7pn4Kec27gflEHxUP1N30rkgPs>
Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sjrb.onmicrosoft.com
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=[email protected];
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SJRB.onmicrosoft.com; s=selector1-sjrb-ca; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QOCZkRJNhEvZ2LeTwcsyKgX2W0ubsYRZkO+SwcNSBsg=; b=JYC9+oiQFfAe694qMWl9GLDpJYGoc9OwZ29r1Kg5lvF5zAAoAdjrundLOPm4ETfFUYTde5w7AadUpugzhvSIVxA+BSZVONYNgJ488QFntL7ZMtdCFMHlFKGqI3kt6U2CfV4FV66NXv9EXTaotPRuBH162cNS9RRXN1knTqZzv/I=
In-reply-to: <11662.1550772024@localhost>
List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-help: <mailto:[email protected]?subject=help>
List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
References: <11662.1550772024@localhost>
Thread-index: AQHUyg9+/FJQe03QX0GLYpcr6uqghaXqwZuA
Thread-topic: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1

On 2019-02-21 11:00 a.m., Michael Richardson wrote:

From https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/

"The two people who did get popped, both were traveling and were on their
iPhones, and they had to traverse through captive portals during the hijack
period,” Woodcock said. “They had to switch off our name servers to use the
captive portal, and during that time the mail clients on their phones checked
for new email. Aside from that, DNSSEC saved us from being really, thoroughly
owned.”



--
Michael Richardson <mcr+[email protected]>, Sandelman Software Works
 -= IPv6 IoT consulting =-

_______________________________________________
Captive-portals mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/captive-portals

The active element here seems to be the forced use of insecure DNS servers.

The fact that the insecure DNS configuration was forced in order to navigate a Captive Portal is incidental, though unfortunate.

--
Christian Saunders
Sr. Software Architect, Wireless Core
Shaw Communications Inc.

Follow-Ups:
- Re: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
  - From: Michael Richardson <[email protected]>

References:
- [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
  - From: Michael Richardson <[email protected]>

Prev by Date: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Next by Date: Re: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Previous by thread: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Next by thread: Re: [Captive-portals] poor captive port design --- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Index(es):
- Date
- Thread