nanog mailing list archives
Re: A Deep Dive on the Recent Widespread DNS Hijacking
From: Eric Kuhnke <eric.kuhnke () gmail com>
Date: Mon, 25 Feb 2019 11:05:47 -0800
One thing to consider with authentication for domain registrar accounts: DO NOT USE 2FA VIA SMS. This is a known attack vector that's been used by SS7 hijacking techniques for several well documented thefts of cryptocurrency, from people who were known to be holding large amounts of (bitcoin, ethereum, whatever) on exchanges which supported 2FA authentication. In some cases there was no SS7 hijacking going on, but rather social engineering of (t-mobile, sprint, verizon, at&t) customer service representatives to get a new SIM card issued for the attack target's phone. tl;dr: ss7 considered harmful On Mon, Feb 25, 2019 at 10:48 AM Owen DeLong <owen () delong com> wrote:
On Feb 25, 2019, at 09:25 , Paul Ebersman <list-nanog2 () dragon net>wrote:ebersman> If someone owns your registry account, you're screwed. And ebersman> right now, it tends to be the most neglected part of the ebersman> entire zone ownership world. Let's use this opportunity to ebersman> help folks lock down their accounts, not muddying the waters ebersman> with dubious claims. Reread this and felt I should clarify that I realize that John and Doug are not the ones saying DNSSEC is useless. I just hate to see the knee jerk "oh, see, DNSSEC didn't save the day so it's obviously useless". Let's give the world a better explanation.@Paul — I think you meant “registrar account” rather than “registry account” since most domain holders don’t have registry accounts. Registry accounts are primarily held by registrars. If someone owns a registrar’s registry account, then all of their customers (and potentially many many others) are screwed. Owen
Current thread:
- RE: A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- RE: A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Montgomery, Douglas (Fed) (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Sander Steffann (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Owen DeLong (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Eric Kuhnke (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Eric Kuhnke (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Hunter Fuller (Feb 25)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 25)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Rubens Kuhl (Feb 25)
- RE: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 25)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Job Snijders (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Montgomery, Douglas (Fed) (Feb 24)
- RE: A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 24)