Aws Unrestricted Dns Access
Description
Detects AWS EC2 security groups that allow unrestricted DNS access (port 53) from any IP address (0.0.0.0/0 or ::/0). This misconfiguration could enable DNS-based attacks, DNS tunneling, or DNS exfiltration by allowing unauthorized access to DNS services.
Detection Strategy
• Examines each security group's inbound rules (IpPermissions)
• Reports a vulnerability when a security group rule allows access to port 53 (either TCP or UDP) from any IPv4 address (0.0.0.0/0) or any IPv6 address (::/0)
• Checks both port ranges that include port 53 and explicit port 53 rules
• Identifies both IPv4 (IpRanges) and IPv6 (Ipv6Ranges) unrestricted access rules
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.