CAPEC-589: DNS Blocking
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.
前提条件
- This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.
后果影响
影响范围: Availability
技术影响: Other
说明: Preventing DNS from resolving a request denies the availability of a target site or service for the user.
缓解措施
Hard Coded Alternate DNS server in applications
Avoid dependence on DNS
Include "hosts file"/IP address in the application.
Ensure best practices with respect to communications channel protections.
Use a .onion domain with Tor support