当前位置:网站首页>Checking the wide IP range of SPF records will undermine the security of e-mail
Checking the wide IP range of SPF records will undermine the security of e-mail
2022-07-22 14:41:00 【IDC industry observer】
With some private sectors in Australia 、 Governments at all levels and a university for SPF Extensive in the record IP Scope and make mistakes , Now may be the time to check your records . You have done the right thing for your organization , And ensure DMARC and SPF( Sender Policy Framework ) Record settings , In an effort to reduce email fraud , But if SPF In the IP The scope is too loose , All these good jobs may end .
Can I Phish CEO Sebastian Salla This situation is pointed out , He scanned it 180 Million Australian domain name records , To find security holes in email .
Salla Are looking for SPF Errors in the record , It deals with individual IP Address , But also deal with IP Range . If an organization enters a broad IP Range , And put their email infrastructure in a cloud provider , Cloud providers will reuse IP Address , Unless an organization is an independent IP Address to pay extra , Then it is possible to take over someone else SPF Record the address covered .
Found to have 6 m IP Point to Amazon Web Services (AWS) After each region ,Salla Started to act , And can be in AWS Start the EC2 example , The AWS Provides a IP Address , Another organization said it had controlled the IP Address . This happened 264 Time .
The organizations found include the Australian parliament building 、 University of Sydney 、Mirvac、 Another large real estate investment group and a state government organization .
" Affected by 264 Every organization and its downstream customers are significantly more vulnerable to commercial email leaks and phishing related attacks . Anyone who has a credit card can register one AWS Account , stay EC2 Loop in the instance , Until they get an ideal IP, requirement AWS Cancel any SMTP Limit , And start sending SPF Certified email , It's like they belong to these organizations "Salla writes .
" When we consider the location of some of these organizations , We can better understand this effect . Imagine , A parliamentary staff member received an email that seemed to come from the minister , Or a student receives an email pretending to be a college admissions officer , wait ...... In these cases, the recipient has no technical mechanism to identify the authenticity ".
" because AWS Pricing method , If you keep one IP Address , Then don't use it , You will be punished , And cost one hour ( This is due to Limited IP The nature of ,AWS Don't want customers to keep too much IP)." He said .
" So I suspect , One focuses on each org Cost optimized business unit , It is likely to release unused IP, That means people like me can come in and take them -- If such activities are not communicated between business departments , Will eventually lead to IP Takeover attack .
" The final solution is to list only those email servers that are actively used IP Address -- When redundancy is necessary / In the case of disaster recovery ,AWS There are built-in functions to achieve this , For example, use a load balancer or only a single IP Of NAT gateway ."
See also : Phishing attacks are harder to find on your smartphone . This is why hackers use it more frequently .
ACSC Spokesman said :" Organizations can implement Sender Policy Framework and domain based message validation in their domain name system configuration 、 Reporting and consistency (DMARC) Record , To reduce the possibility that its domain name is used to support fake email .
"DMARC It is one of various control measures , If used together , It is a very effective counter measure , It can prevent attackers from phishing attacks that attempt to completely pretend to send email domain names .
" Ultimately, it is up to each agency to implement the recommendations of the Australian cybersecurity center based on its assessment of the cyber threats it faces ."
The parliamentary services department said , It has dealt with this problem .
It said :" The parliamentary service department has solved the problem of suppliers SPF The problem of incorrect configuration , This has no impact on the network .
Sydney University as usual , Say it takes safety seriously , But will not comment on the details of its network status .
A spokesman said :" We constantly review and improve our system , To manage these threats , And it can be confirmed that the questions raised in the blog have a long history .“
Early last month ,Salla Find a local website development company Precedence Some websites created , These include clients of Queensland Council and federal members , Used in its customer base SPF One is used in the record /16 Address range , It covers more than onemillion IP Address .
Salla say , This range covers almost all of Sydney ap-southeast-2 Launched by the region EC2 example .
Salla writes :" The first one I started EC2 The instance has an authorized IP Address , I can send myself a message from this particular City Council SPF Certified email , It goes directly to my inbox -- Through all the SPF and DMARC Check ."
come from https://cn.bluehost.com/blog/domain-name/15679.html
边栏推荐
猜你喜欢
Uds02 read data service according to identifier [serviceid = 0x22]
KVM虚拟化-创建-桥接-硬盘-快照
Deep learning neural network cyclic neural network (I): RNN (recurrent neural network; 1990)
Mysql語句的RegExp的用法與案例
Some experience of code specification
How to do a good job in analyzing credit derivatives and credit card data scenarios? This time series feature method needs to be learned | what financial and credit analysts must learn
MySQL index classification and its application examples
代码规范的一些经验
Qiu Chengtong college students' Mathematical Competition Mathematical Physics
堆(优先级队列)
随机推荐
Qiu Chengtong college students' Mathematical Competition Mathematical Physics
【微信小程序】选择宝——选择困难症的拯救者
classes.jar: 另一个程序正在使用此文件,进程无法访问。
MySQL index classification and its application examples
蓝桥杯STEMA科技素养 视频等相关资料收集
Cs224w (Figure machine learning) 2021 winter course learning notes 4
IO extension control (system.io.abstractions)
【HMS core】【ML Kit】机器学习服务常见问题FAQ(二)
LabVIEW cluster cannot contain input and output controls at the same time
Single page reference record last sliding position
【服务器数据恢复】华为某型号服务器raid6数据恢复案例
Mysql索引分類及其使用實例
慧通编程第5关 - 魔法学院第7课
Prometheus prometheus+grafana, monitoring setup and basic interface configuration
PyTorch模型训练:设置随机种子,保证每次训练的结果都一样
LeetCode 215:数组中的第K个最大元素
Special analysis of China's third-party payment market in 2022
微波雷达传感器模块,智能感知人体存在,实时感应交互控制应用
中年危机,关于未来的一些思考
官版树莓派Pi Pico和YD-RP2040版本对比