CAPEC-598: DNS Spoofing
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary sends a malicious ("NXDOMAIN" ("No such domain") code, or DNS A record) response to a target's route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the target's DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the target's infrastructure uses.
前提条件
- On/In Path Device
所需技能
缓解措施
Design: Avoid dependence on DNS
Design: Include "hosts file"/IP address in the application
Implementation: Utilize a .onion domain with Tor support
Implementation: DNSSEC
Implementation: DNS-hold-open
示例实例
Below-Recursive DNS Poisoning: When an On/In-path device between a recursive DNS server and a user sends a malicious ("NXDOMAIN" ("No such domain") code, or DNS A record ) response before a legitimate resolver can.
Above-Recursive DNS Poisoning: When an On/In-path device between an authority server (e.g., government-managed) and a recursive DNS server sends a malicious ("NXDOMAIN" ("No such domain")code, or a DNS record) response before a legitimate resolver can.