CAPEC 598 DNS Spoofing

Draft Detailed Unknown Risk

Description

An adversary sends a malicious (\'NXDOMAIN\' (\'No such domain\') code, or DNS A record) response to a target's route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the target's DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the target's infrastructure uses.

CAPEC 598 DNS Spoofing

Description

Mitigations

Design: Avoid Dependence On Dns

Implementation: Utilize A .Onion Domain With Tor Support

Implementation: Dns-Hold-Open

Design: Include "Hosts File"/Ip Address In The Application

Implementation: Dnssec

Consequences

Consequence Information

Relationships

Parent CAPECs

CAPEC 598 DNS Spoofing

Description

Mitigations

Design: Avoid Dependence On Dns

Implementation: Utilize A .Onion Domain With Tor Support

Implementation: Dns-Hold-Open

Design: Include "Hosts File"/Ip Address In The Application

Implementation: Dnssec

Consequences

Consequence Information

Relationships

Parent CAPECs

Iscriviti alla newsletter