312-50V10 · Question #819
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
The correct answer is A. The attacker queries a nameserver using the DNS resolver.. The first step of a DNS cache poisoning attack is the attacker querying a nameserver through the DNS resolver to trigger an authoritative lookup.
Question
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
Options
- AThe attacker queries a nameserver using the DNS resolver.
- BThe attacker makes a request to the DNS resolver.
- CThe attacker forges a reply from the DNS resolver.
- DThe attacker uses TCP to poison the ONS resofver.
How the community answered
(61 responses)- A93% (57)
- B2% (1)
- C2% (1)
- D3% (2)
Why each option
The first step of a DNS cache poisoning attack is the attacker querying a nameserver through the DNS resolver to trigger an authoritative lookup.
The attacker initiates the attack by sending a query to a nameserver via the DNS resolver, which forces the resolver to issue a lookup request to the authoritative nameserver. This creates the timing window the attacker needs to inject a forged response before the legitimate reply arrives and is cached.
Making a request to the DNS resolver describes a general client action - it is not specific to the attacker's role of querying a nameserver to trigger the resolver's upstream lookup.
Forging a reply from the DNS resolver is a later step that only becomes possible after the resolver has been triggered to send an authoritative query - it cannot occur first.
DNS cache poisoning exploits UDP rather than TCP because UDP's connectionless, stateless nature makes it easy to spoof unsolicited replies; TCP's handshake prevents this technique.
Concept tested: DNS cache poisoning attack initiation sequence
Source: https://www.rfc-editor.org/rfc/rfc5452
Topics
Community Discussion
No community discussion yet for this question.