312-50V10 · Question #232
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain when th
The correct answer is C. DNS spoofing. When employees are redirected to an attacker's machine after querying a legitimate domain like Google, the attack is DNS spoofing, where forged DNS responses map valid domain names to malicious IP addresses.
Question
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?
Options
- AMAC Flooding
- BSmurf Attack
- CDNS spoofing
- DARP Polsoning
How the community answered
(46 responses)- A2% (1)
- B2% (1)
- C96% (44)
Why each option
When employees are redirected to an attacker's machine after querying a legitimate domain like Google, the attack is DNS spoofing, where forged DNS responses map valid domain names to malicious IP addresses.
MAC Flooding overwhelms a switch's CAM table so it broadcasts frames to all ports, enabling traffic sniffing - it does not manipulate domain name resolution or redirect connections to an attacker's host.
A Smurf Attack is an amplification-based DDoS technique that uses ICMP echo requests with a spoofed source IP to flood a victim, and has no mechanism for redirecting domain-based traffic.
DNS spoofing (cache poisoning) works by injecting falsified DNS records so that a resolver returns the attacker's IP address for a legitimate domain. When an employee queries google.com, the poisoned DNS server responds with the attacker's IP instead of Google's real address, silently redirecting the browser connection to the attacker's machine without the user's knowledge.
ARP Poisoning maps the attacker's MAC address to a legitimate IP at Layer 2 to intercept local LAN traffic, but the described scenario involves redirecting traffic based on a domain name lookup, which is a DNS-layer attack.
Concept tested: DNS spoofing and malicious domain name resolution redirection
Source: https://www.cisa.gov/news-events/alerts/2019/01/16/dns-infrastructure-tampering
Topics
Community Discussion
No community discussion yet for this question.