Changes

Jump to navigation Jump to search

DNS Abuse (view source)

Revision as of 19:48, 17 November 2021

1,083 bytes added ,  2 years ago
→‎Vectors
Line 50: Line 50:  
*# Delete or de-register the domain.
 
*# Delete or de-register the domain.
 
===Access Control and Authorization===
 
===Access Control and Authorization===
 +
* Bad actors can gain access to unauthorized services and/or data. In the case of a subdomain takeover, non-authorized users gain access to publish content under a DNS label that they have not been authorized to control.
 
===Resource Impersonation===
 
===Resource Impersonation===
 +
* A bad actor can impersonate a recursive resolver by intercepting traffic to it at the network layer after changing the user's configuration.
 +
* When illegitimate server operators receive DNS queries for an authoritative nameserver, they can return incorrect response data, make it so only certain geographic areas see altered data, and populate a recursive cache with incorrect results.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, pg. 15, ICANN Community]</ref>
 +
* Using look-alike domains relies on similarities in domain names, such as [[gTLD|Domain suffix]] appending, [[Typosquatting]], or [[IDN|internationalized domain name]] homographs, or [[bitsquatting]] to lead users into interacting with a bogus website, generally to carry out a phishing attack.
 
===Code and Protocol Vulnerabilities===
 
===Code and Protocol Vulnerabilities===
 
===Infrastructure Choices===
 
===Infrastructure Choices===
Jessica
Bureaucrats, Check users, lookupuser, Administrators, translator
14,927

edits

Retrieved from "https://icannwiki.org/Special:MobileDiff/1340932"

Navigation menu