Measuring and Mitigating the Risk of IP Reuse on Public Clouds

Abstract: Public clouds provide scalable and cost-efficient computing through resource sharing. However, moving from traditional on-premises service management to clouds introduces new challenges; failure to correctly provision, maintain, or decommission elastic services can lead to functional failure and vulnerability to attack. In this paper, we explore a broad class of attacks on clouds which we refer to as cloud squatting. In a cloud squatting attack, an adversary allocates resources in the cloud (e.g., IP addresses… Show more

“…If a third-party attacker manipulates these Dare resources, they become insecure and exploitable. Three attack vectors to hijack these resources have been identified in existing works, involving expired domains [97], [134], [130], obsolete cloud IP addresses [16], [116], and third-party hosting services [97], [134].…”

“…As a result, an attacker can launch denial of response by spoofing IP addresses of legitimate users and initiating queries for malicious domains, such that the PDNS servers will reject the users. Second, when rewriting DNS responses, 26 PDNS servers return addresses pointing to dangling cloud infrastructure [16], [116], which enables domain takeover for attackers and re-engages illegal activities. Finally, when queried for harmful domains, 105 PDNS servers return both forged and genuine responses, and clients may still connect to malicious hosts.…”

Understanding the Implementation and Security Implications of Protective DNS Services

“…If a third-party attacker manipulates these Dare resources, they become insecure and exploitable. Three attack vectors to hijack these resources have been identified in existing works, involving expired domains [97], [134], [130], obsolete cloud IP addresses [16], [116], and third-party hosting services [97], [134].…”

“…As a result, an attacker can launch denial of response by spoofing IP addresses of legitimate users and initiating queries for malicious domains, such that the PDNS servers will reject the users. Second, when rewriting DNS responses, 26 PDNS servers return addresses pointing to dangling cloud infrastructure [16], [116], which enables domain takeover for attackers and re-engages illegal activities. Finally, when queried for harmful domains, 105 PDNS servers return both forged and genuine responses, and clients may still connect to malicious hosts.…”

Understanding the Implementation and Security Implications of Protective DNS Services