[dns-esp] Fwd: [lacnog] Interesante paper de CAIDA sobre posible vector de ataque de DNS
Mauricio Vergara Ereche
mave en cero32.cl
Mar Jul 7 20:34:47 -04 2020
Interesante artículo que comparte Nico sobre por qué es bueno no olvidar
mantener una zona limpia y sin registros olvidados o huérfanos.
---------- Forwarded message ---------
From: Nicolas Antoniello <nantoniello en gmail.com>
Date: Tue, Jul 7, 2020 at 5:11 PM
Subject: [lacnog] Interesante paper de CAIDA sobre posible vector de ataque
de DNS
To: Latin America and Caribbean Region Network Operators Group <
lacnog en lacnog.org>
Les adjunto un link a un interesante paper de CAIDA sobre la importancia de
mantener los archivos de Zona de DNS actualizados y "limpios".
https://www.caida.org/publications/papers/2020/forgotten_side_dns/
The Forgotten Side of DNS: Orphan and Abandoned Records
DNS zone administration is a complex task involving manual work and several
entities and can therefore result in misconfigurations. Orphan records are
one of these misconfigurations, in which a glue record for a delegation
that does not exist anymore is forgotten in the zone file. Orphan records
are a security hazard to third-party domains that have these records in
their delegation, as an attacker may easily hijack such domains by
registering the domain associated with the orphan. The goal of this paper
is to quantify this misconfiguration, extending previous work by Kalafut et
al., by identifying a new type of glue record misconfiguration – which we
refer to as abandoned records – and by performing a broader
characterization. Our results highlight how the situation has changed, not
always for the better, compared to a decade-old study.
Fraterno saludo,
Nico
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
--
Mauricio Vergara Ereche
about.me/mave
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://listas.nic.cl/pipermail/dns-esp/attachments/20200707/130a6b97/attachment.html>
Más información sobre la lista de distribución dns-esp