nerdexam
EC-Council

312-50V11 · Question #232

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain when th

The correct answer is C. DNS spoofing. DNS spoofing redirects users to attacker-controlled machines by returning fraudulent DNS responses, causing legitimate domain names to resolve to malicious IP addresses.

Sniffing

Question

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

Options

  • AMAC Flooding
  • BSmurf Attack
  • CDNS spoofing
  • DARP Polsoning

How the community answered

(52 responses)
  • A
    8% (4)
  • B
    2% (1)
  • C
    87% (45)
  • D
    4% (2)

Why each option

DNS spoofing redirects users to attacker-controlled machines by returning fraudulent DNS responses, causing legitimate domain names to resolve to malicious IP addresses.

AMAC Flooding

MAC Flooding is a Layer 2 attack that overwhelms a switch's CAM table to force promiscuous forwarding of frames - it does not manipulate DNS resolution or redirect domain-based traffic.

BSmurf Attack

A Smurf Attack is a volumetric DDoS amplification attack that uses spoofed ICMP echo requests to broadcast addresses - it is not a traffic redirection or name-resolution attack.

CDNS spoofingCorrect

DNS spoofing, also known as DNS cache poisoning, involves an attacker injecting forged DNS records so that queries for legitimate domains like google.com resolve to the attacker's IP address instead of the real server. Because the office uses its own DNS server, the attacker can target that server to poison its cache, redirecting all clients that query it. This results in transparent traffic interception without any indication to the user that they have been redirected.

DARP Polsoning

ARP Poisoning corrupts Layer 2 ARP caches to redirect traffic between hosts on the same LAN segment - the scenario describes redirection based on domain name resolution, which is a DNS-layer attack.

Concept tested: DNS spoofing and cache poisoning for traffic redirection

Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/dns-top

Topics

#DNS spoofing#DNS poisoning#traffic redirection#MITM

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice