Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

Discover origin IP of fronted domain

Tags
Network
ATT&CK Tactic
Discovery (TA0007)
Incidents
Fast Company incident
References
https://www.techtarget.com/searchsecurity/tip/How-to-protect-an-origin-IP-address-from-attackershttps://owasp.org/www-chapter-belgium/assets/2016/2016-09-08/CloudPiercerOwasp_20160908.pdf
Last edited
Jan 23, 2024 6:26 PM
Status
Stub
Defenses
CDN

When an organization uses a CDN to front and secure their web services, they must ensure that their origin IP address is not discoverable, as otherwise an attacker could bypass the layers of protection supplied by the CDN provider by directly targeting the endpoint.

Origin IP addresses could be leaked via DNS record history, SSL certificates or subdomain enumeration (if any subdomains point to the origin IP).

Made with 💙 by Wiz

Last Updated: April 3, 2025