CAPEC-598

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
DNS Spoofing

Description

An adversary sends a malicious ("NXDOMAIN" ("No such domain") code, or DNS A record) response to a target's route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the target's DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the target's infrastructure uses.

Prerequisites

On/In Path Device

Mitigations

Design: Avoid dependence on DNS

Design: Include "hosts file"/IP address in the application

Implementation: Utilize a .onion domain with Tor support

Implementation: DNSSEC

Implementation: DNS-hold-open

Skills Required

[Low] To distribute email