[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Deep Dive on the Recent Widespread DNS Hijacking

Subject: A Deep Dive on the Recent Widespread DNS Hijacking
From: hank at efes.iucc.ac.il (Hank Nussbacher)
Date: Mon, 25 Feb 2019 15:16:23 +0200
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On 25/02/2019 11:37, Ask BjÃ¸rn Hansen wrote:
>
>> On Feb 24, 2019, at 22:03, Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
>>
>> Did you have a CAA record defined and if not, why not?
> If the attacker got a CA to issue the cert because they changed the DNS server to be their own, a CAA record wouldnâ??t have helped (or at least been even easier to thwart than DNSSEC).

Yes if an attacker pwned the DNS then game over no matter what. I go 
under the assumption that the attacker was not able to take over the DNS 
system but rather other things along the way, in which case CAA should 
be of some assistance.

-Hank

>
>
> Ask

References:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: kmedcalf at dessus.com (Keith Medcalf)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: woody at pch.net (Bill Woodcock)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: hank at efes.iucc.ac.il (Hank Nussbacher)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: ask at develooper.com (Ask Bjørn Hansen)

Prev by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread