Line 32: |
Line 32: |
| ==Vectors== | | ==Vectors== |
| The DSFI-TSG identified seven categories of attack vectors.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref> | | The DSFI-TSG identified seven categories of attack vectors.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref> |
− | * Identity and Access Management: Attacks on and through credential systems result in the modification of registration data, which can lead to [[Domain Hijacking]], traffic interception, and [[social engineering attacks]].
| + | ===Identity and Access Management=== |
− | * Access Control and Authorization Issues | + | * Attacks on and through credential systems result in the modification of registration data, which can lead to [[Domain Hijacking]], traffic interception, and [[social engineering attacks]]. |
− | * Resource Impersonation
| + | * when a registrant’s credentials are compromised, the attacker can impersonate the registrant to |
− | * Code and Protocol Vulnerabilities * Infrastructure Choices
| + | *# Transfer the domain out of the registrant’s control, |
− | * DNS
| + | *# Modify the DNS servers to intercept traffic or redirect it to a criminal destination, |
− | * Denial of Service
| + | *# Modify the Authoritative DNS Servers allowing attackers to monitor, alter or deny queries and redirect end users to malicious endpoints, |
| + | *# Modify [[DNSSEC]]-related data by removing the DS records, |
| + | *# Modify authoritative records of the domain name, domain registration, or DNS service, or |
| + | *# Delete or de-register the domain. |
| + | ===Access Control and Authorization=== |
| + | ===Resource Impersonation=== |
| + | ===Code and Protocol Vulnerabilities=== |
| + | ===Infrastructure Choices=== |
| + | ===DNS=== |
| + | ===Denial of Service=== |
| | | |
| ==History== | | ==History== |