nerdexam
EC-Council

312-50V10 · Question #819

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

The correct answer is A. The attacker queries a nameserver using the DNS resolver.. The first step of a DNS cache poisoning attack is the attacker querying a nameserver through the DNS resolver to trigger an authoritative lookup.

Hacking Web Servers

Question

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

Options

  • AThe attacker queries a nameserver using the DNS resolver.
  • BThe attacker makes a request to the DNS resolver.
  • CThe attacker forges a reply from the DNS resolver.
  • DThe attacker uses TCP to poison the ONS resofver.

How the community answered

(61 responses)
  • A
    93% (57)
  • B
    2% (1)
  • C
    2% (1)
  • D
    3% (2)

Why each option

The first step of a DNS cache poisoning attack is the attacker querying a nameserver through the DNS resolver to trigger an authoritative lookup.

AThe attacker queries a nameserver using the DNS resolver.Correct

The attacker initiates the attack by sending a query to a nameserver via the DNS resolver, which forces the resolver to issue a lookup request to the authoritative nameserver. This creates the timing window the attacker needs to inject a forged response before the legitimate reply arrives and is cached.

BThe attacker makes a request to the DNS resolver.

Making a request to the DNS resolver describes a general client action - it is not specific to the attacker's role of querying a nameserver to trigger the resolver's upstream lookup.

CThe attacker forges a reply from the DNS resolver.

Forging a reply from the DNS resolver is a later step that only becomes possible after the resolver has been triggered to send an authoritative query - it cannot occur first.

DThe attacker uses TCP to poison the ONS resofver.

DNS cache poisoning exploits UDP rather than TCP because UDP's connectionless, stateless nature makes it easy to spoof unsolicited replies; TCP's handshake prevents this technique.

Concept tested: DNS cache poisoning attack initiation sequence

Source: https://www.rfc-editor.org/rfc/rfc5452

Topics

#DNS cache poisoning#DNS spoofing#nameserver query#DNS resolver

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice