OARC 40 & NANOG 87 Workshop

摘要

Public hosting services provide convenience for domain owners to build web applications with better scalability and security. However, if a domain name points to released service endpoints (e.g., nameservers allocated by a provider), adversaries can take over the domain by applying the same endpoints. Such a threat is called hosting-based domain takeover. There have been numerous domain takeover incidents in recent years that have had significant effects; even well-known websites like the subdomains of microsoft.com have been impacted. However, there is currently no effective detection system in place to identify these vulnerable domains on a large scale. In this paper, we present a novel framework, HostingChecker, for detecting domain takeovers. In comparison to previous works, HostingChecker expands the detection scope and improves the detection efficiency by: (i) systematically identifying vulnerable hosting services using a semi-automated method; and (ii) detecting vulnerable domains by passively reconstructing domain resolution chains. We evaluate the effectiveness of HostingChecker and eventually detect 10,351 subdomains from Tranco Top-1M apex domains vulnerable to domain takeover, which are over 8× more than previous findings. Specifically, HostingChecker enables us to detect the subdomains of Tranco sites on a daily basis. Furthermore, we conduct an in-depth security analysis on the affected vendors, like Amazon and Alibaba, and gain a suite of new insights, including flawed implementation of domain validation. We have responsibly reported issues to the security response centers of affected vendors, and some of them have adopted our mitigation.

日期
2月 16, 2023 — 2月 17, 2023
位置
Hybrid in-person and online workshop (Atlanta Marriott Marquis)
265 Peachtree Center Ave NE, Atlanta, 30303

OARC 40 & NANOG 87 Workshop(线上线下结合),我分享了明明最新的研究工作:域名接管。

现场反馈

talk

李想
李想
清华大学博士研究生(网络空间安全)

李想,清华大学网络科学与网络空间研究院四年级博士研究生,导师为李琦副教授和段海新教授。他是网络与系信息安全实验室(NISL)的成员之一,也是奇安信公司的安全研究实习生。目前他作为访问学者在加州大学尔湾分校李洲助理教授研究组进行学术交流。此外,他也是一款开源网络扫描器XMap的开发者与维护者。研究领域涉及网络安全、协议安全、IPv6安全、DNS安全、互联网测量以及网络协议fuzzing。作为第一作者,他目前在网络安全顶级会议发表论文3篇,涵盖USENIX Security、NDSS、DSN。作为合作作者,他也在网络顶级会议发表多篇论文,如USENIX Security和SIGMETRICS。此外,他在工业界顶级安全会议也进行过演讲,如Black Hat。他经常参加相关会议讨论分享最近的研究进展,如IDS、OARC、VehicleSec。在漏洞挖掘领域,他目前已发现多个IPv6和DNS方向的新型重大漏洞并获得140+安全漏洞编号(CVE/CNVD),其中所发现的IPv6漏洞影响了数十家路由器厂商。他也发现了DNS协议设计和实现层面的漏洞,影响了所有DNS的软件和实现。目前他已经获得了多家知名互联网厂商的致谢和奖励(超过$10.6k),包括谷歌、微软、Cloudflare、Akamai等公司,并在积极推进DNS等协议标准的改进(相关工作已被纳入RFC文档)。