Closed toniblyx closed 6 years ago
Wow, not sure if I've run into any VPCs with VPC DNS disabled.
If you did add it I'd say you'd want an explicit explanation of why it's a check. This may be more trouble than it's worth for many users. GuardDuty may also provide a control against this as I think it is supposed to analyse AWS DNS logs in your account.
Yeah, I still don't know if this worth it a check. Prowler already checks for GuardDuty and also Route53 logs. It shouldn't be a big problem, and as you say, GuardDuty controls DNS traffic inside the VPC. I'm gonna close this. Thanks for your comment!
I've been thinking about this article here: https://dejandayoff.com/using-dns-to-break-out-of-isolated-networks-in-a-aws-cloud-environment/
And also wondering if it does worth it to add a check that looks for VPC with EnableDnsSupport==true and alert about it.
Query could be like below:
What do you all think?