DNS hijacking - null Singapore
Download as PPTX, PDF0 likes1,079 views
The document discusses DNS hijacking and highlights case studies involving domain expirations and phishing attacks on Akamai Technologies. It emphasizes the importance of domain security measures, including domain locking, whois privacy, and implementing two-factor authentication (2FA). Additionally, it outlines Akamai-specific countermeasures for enhancing DNS security and mitigating potential threats.
DNS hijacking - null Singapore
- 1. DNS Hijacking Michael Smith, CISSP-ISSEP APJ Security CTO mismith@akamai.com
- 2. ©2016 AKAMAI | FASTER FORWARDTM DNS Hierarchy Root/”The Dot” .sg. .com.sg. .foo.com.sg. www.foo.com.sg. DNS Resolver Registrar
- 3. ©2016 AKAMAI | FASTER FORWARDTM Whois akamai.com $ whois akamai.com | grep ’^Name Server' Name Server: A1-66.AKAM.NET Name Server: A11-66.AKAM.NET Name Server: A13-66.AKAM.NET Name Server: A28-66.AKAM.NET Name Server: A16-66.AKAM.NET Name Server: A7-66.AKAM.NET …… These are all glue records
- 4. ©2016 AKAMAI | FASTER FORWARDTM Glue Record TTL $dig +trace www.akamai.com . 56955 IN NS f.root-servers.net. com. 172800 IN NS e.gtld-servers.net. akamai.com. 172800 IN NS a5-66.akam.net.
- 5. ©2016 AKAMAI | FASTER FORWARDTM Case Study 1: Oops, Premature Expiration • Marketing and adware company • Catch expired domains and kite them • Registrar expires domains early • ~1500 Domains hijacked • Chaos ensues • Multiple mitigation streams
- 6. ©2016 AKAMAI | FASTER FORWARDTM Basic CDN and DNS Operation
- 7. ©2016 AKAMAI | FASTER FORWARDTM The Magic of DNS CNAMEs and TTLs $ dig www.akamai.com ;; ANSWER SECTION: www.akamai.com. 20 IN CNAME wwwsecure2.akamai.com.edgekey.net. wwwsecure2.akamai.com.edgekey.net. 1576 IN CNAME e8921.dscx.akamaiedge.net. e8921.dscx.akamaiedge.net. 6 IN A 23.74.224.166
- 8. ©2016 AKAMAI | FASTER FORWARDTM Case 2: SEA Brings us “Hacksgiving”
- 9. ©2016 AKAMAI | FASTER FORWARDTM Case 3: Lizard Squad
- 10. ©2016 AKAMAI | FASTER FORWARDTM Whois => Spear Phishing $ whois akamai.com | grep @ Registrar Abuse Contact Email: domainabuse@tucows.com Reseller: hostmaster@akamai.com Registrant Email: hostmaster-billing@akamai.com Admin Email: hostmaster-billing@akamai.com Tech Email: hostmaster-billing@akamai.com Akamai Technologies, hostmaster@akamai.com
- 11. ©2016 AKAMAI | FASTER FORWARDTM The Phish Akamai Technologies Your domain, akamai.com is due to expire. Please <a href=www.wecaptureyourlogin.net>login to renew this domain</a> Thank you --Your Registrar
- 12. ©2016 AKAMAI | FASTER FORWARDTM Prevention • Lock your domains, lock your domains, lock your domains • Whois privacy • site:github.com dns monitoring • 2FA on registrars and other providers • Anti-phishing training for IT admins • Ready to disable third-party content • 2FA on email, VPN
- 13. ©2016 AKAMAI | FASTER FORWARDTM Domain Hijacking Countermeasures DNS Locking – Two Levels ClientUpdateProhibited ClientTransferProhibited ClientDeleteProhibited ServerUpdateProhibited ServerTransferProhibited ServerDeleteProhibited
- 14. ©2016 AKAMAI | FASTER FORWARDTM Akamai-Specific • Forward to Origin SSL • Alerts for minimum traffic level • Edge server DNS purge • Content purging • AkaRegistrar • Portal 2-factor/SAML/ACL access control