Dark Mode

Settings

Capec-598 Detail

DNS Spoofing

Detailed Software

Parents: 194

Threats: T59 T263 T292 T307

Description

An adversary sends a malicious ("NXDOMAIN" ("No such domain") code, or DNS A record) response to a target's route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the target's DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the target's infrastructure uses.

Not present

External ID Source Link Description
CAPEC-598 capec https://capec.mitre.org/data/definitions/598.html
REF-477 reference_from_CAPEC John-Paul Verkamp, Minaxi Gupta, Inferring Mechanics of Web Censorship Around the World, 2012, USENIX
REF-479 reference_from_CAPEC Anonymous, Towards a Comprehensive Picture of the Great Firewall's DNS Censorship, 2014, USENIX

Not present

  1. On/In Path Device

Not present

Low
To distribute email

Not present

  1. Below-Recursive DNS Poisoning: When an On/In-path device between a recursive DNS server and a user sends a malicious ("NXDOMAIN" ("No such domain") code, or DNS A record ) response before a legitimate resolver can.
  2. Above-Recursive DNS Poisoning: When an On/In-path device between an authority server (e.g., government-managed) and a recursive DNS server sends a malicious ("NXDOMAIN" ("No such domain")code, or a DNS record) response before a legitimate resolver can.

We use cookies to ensure you get the best experience on our website.