Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Many hijacked subdomains #572

Open
TPS opened this issue Feb 9, 2021 · 5 comments
Open

Many hijacked subdomains #572

TPS opened this issue Feb 9, 2021 · 5 comments

Comments

@TPS
Copy link

TPS commented Feb 9, 2021

According to another in a long-term series of articles, various subdomains of a number of Microsoft-owned domains have been hijacked.

Seizing subdomains. How I took over Microsoft subdomains and how to perform such attackshttps://github.com/EdOverflow/can-i-take-over-xyz has quite a lot of details re: & especially combatting this. Some of the problem involves CNAME hacking.

Hard lists of such seem difficult to find, but https://www.google.com/search?q=hijacked%20microsoft%20domains seems to give more pieces to the puzzle. (Perhaps whenever DNSSEC is widely deployed this'll no longer be an issue.)

@TPS TPS changed the title Hijacked Microsoft subdomains Hijacked Microsoft & many other subdomains Mar 12, 2022
@DandelionSprout
Copy link
Member

From how I understand the needed syntax, it unfortunately doesn't seem realistically possible to do with AdGuard DNS Filter, as the chance of false positives of legitimate subdomains on such domains is very high.

@TPS
Copy link
Author

TPS commented Feb 7, 2024

I opened this issue 3ya (!) as an FYI to @AdguardTeam, so it really might be in the wrong repo per their current structure. Still, the problem is quite active (though some mitigations have been implemented by hosts), going by the issues' activity in the linked repo, so maybe the AG team is keeping this open & in mind as they develop more security tools?

@DandelionSprout
Copy link
Member

DandelionSprout commented Feb 7, 2024

I'm surprised myself that they never replied to you, but you can try your luck at https://github.com/AdguardTeam/AdguardFilters/issues, where replies are guaranteed within 1 week or so.

@TPS
Copy link
Author

TPS commented Feb 7, 2024

I'm not concerned. There's only 10 open issues here & (currently) 162 there, all to be triaged in a hurry. As you said, this is a thorny problem, & deserves more thorough attention.

@TPS
Copy link
Author

TPS commented Feb 7, 2024

@DandelionSprout I took your advice @ AdguardTeam/AdGuardDNS#740. 🙇🏾‍♂️

@TPS TPS changed the title Hijacked Microsoft & many other subdomains Many hijacked subdomains Feb 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants