CAPEC-589

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
DNS Blocking

Description

An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.

Prerequisites

This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.

Mitigations

Hard Coded Alternate DNS server in applications

Avoid dependence on DNS

Include "hosts file"/IP address in the application.

Ensure best practices with respect to communications channel protections.

Use a .onion domain with Tor support