security/piyokango - moin.dnsq.info

security/piyokangoについて、ここに記述してください。

https://piyolog.hatenadiary.jp/entry/2020/07/08/025056

対策の部分の主語が問題だ。

1. CNAME orphan

国内でも発生している。

https://twitter.com/piyokango/status/1280256470257332224?s=20

クラウドサービスにCNAME定義されたドメインを狙い、当選詐欺サイトへ誘導するWebサイトの改ざん被害が発生しています。
（大手企業のサブドメインでも被害を確認）

何だか知らんがとにかくよし | 何だか知らんがとにかくよし！ swmazrdev2.jti.co.jp › temedocad56158

なんだかしらんがとにかくよしとは【ピクシブ百科事典】

検索結果ウェブ検索結果

【プロモパックPR】《発展+発破/Expansion+Explosion》【R】 swmazrdev2.jti.co.jp › kuqogubeb33498

swmazrdev2.jti.co.jp.   3600    IN      CNAME   swmazrdevjpe2.cloudapp.net.
swmazrdevjpe2.cloudapp.net. 9   IN      A       13.94.131.121

2. msc.com

https://twitter.com/tiketiketikeke/status/1280312848485236738?s=20

$ dig -t a nwddev.msc.com

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t a nwddev.msc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33261
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;nwddev.msc.com.                        IN      A

;; ANSWER SECTION:
nwddev.msc.com.         3600    IN      CNAME   nwddevmsccom.trafficmanager.net.
nwddevmsccom.trafficmanager.net. 29 IN  CNAME   nwddevmsccom.funblog2019.ru.
nwddevmsccom.funblog2019.ru. 3599 IN    A       94.23.211.10

;; Query time: 431 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jul 07 11:29:11 JST 2020
;; MSG SIZE  rcvd: 145

3. msc.com

$ dig -t a nwddev.msc.com @a.gtld-servers.net

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t a nwddev.msc.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3367
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nwddev.msc.com.                        IN      A

;; AUTHORITY SECTION:
msc.com.                172800  IN      NS      ns02.mscgva.ch.
msc.com.                172800  IN      NS      ns03.mscgva.ch.
msc.com.                172800  IN      NS      ns04.mscgva.ch.

;; Query time: 49 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Tue Jul 07 11:36:25 JST 2020
;; MSG SIZE  rcvd: 109

$ dig -t a nwddev.msc.com @ns02.mscgva.ch.

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t a nwddev.msc.com @ns02.mscgva.ch.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32849
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nwddev.msc.com.                        IN      A

;; ANSWER SECTION:
nwddev.msc.com.         3600    IN      CNAME   nwddevmsccom.trafficmanager.net.

;; Query time: 271 msec
;; SERVER: 193.138.73.100#53(193.138.73.100)
;; WHEN: Tue Jul 07 11:37:28 JST 2020
;; MSG SIZE  rcvd: 88

4. trafficmanamer.net 下

$ dig -t a nwddevmsccom.trafficmanager.net @a.gtld-servers.net

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t a nwddevmsccom.trafficmanager.net @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59797
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nwddevmsccom.trafficmanager.net. IN    A

;; AUTHORITY SECTION:
trafficmanager.net.     172800  IN      NS      tm1.msft.net.
trafficmanager.net.     172800  IN      NS      tm2.msft.net.
trafficmanager.net.     172800  IN      NS      tm1.edgedns-tm.info.
trafficmanager.net.     172800  IN      NS      tm2.edgedns-tm.info.

;; ADDITIONAL SECTION:
tm1.msft.net.           172800  IN      A       204.79.195.41
tm2.msft.net.           172800  IN      A       65.55.117.41

;; Query time: 49 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Tue Jul 07 11:40:14 JST 2020
;; MSG SIZE  rcvd: 184

$ dig -t ns nwddevmsccom.trafficmanager.net @tm1.msft.net.

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t ns nwddevmsccom.trafficmanager.net @tm1.msft.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10397
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
; COOKIE: afa4bca00d23ca09 (echoed)
;; QUESTION SECTION:
;nwddevmsccom.trafficmanager.net. IN    NS

;; ANSWER SECTION:
nwddevmsccom.trafficmanager.net. 30 IN  CNAME   nwddevmsccom.funblog2019.ru.

;; Query time: 144 msec
;; SERVER: 204.79.195.41#53(204.79.195.41)
;; WHEN: Tue Jul 07 15:51:29 JST 2020
;; MSG SIZE  rcvd: 113