Json Yaml Unrestricted Dns Port 53
Description
Detects unrestricted DNS access (port 53) in EC2 security group rules within CloudFormation templates. Allowing unrestricted DNS access could enable attackers to perform DNS tunneling attacks or exfiltrate data through DNS queries.
Detection Strategy
• Examines EC2 security group ingress and egress rules in CloudFormation templates
• Identifies rules that allow access on port 53 (DNS)
• Flags security group rules that have overly permissive source/destination ranges (like 0.0.0.0/0) for DNS traffic
• Reports violations when both unrestricted IP ranges and DNS port access are found in the same rule
Vulnerable code example
Resources:
VulnerableSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Example of vulnerable security group
VpcId:
Ref: myVPC
SecurityGroupIngress:...✅ Secure code example
Resources:
SecureSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Example of secure security group
VpcId:
Ref: myVPC
SecurityGroupIngress:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.