312-50V11 · Question #459
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains Now wh
The correct answer is C. DNS spoofing. The attacker compromised the office DNS server to redirect employees from legitimate sites to a malicious machine, which is the definition of DNS spoofing.
Question
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?
Options
- AARP Poisoning
- BSmurf Attack
- CDNS spoofing
- DMAC Flooding
How the community answered
(37 responses)- A5% (2)
- B3% (1)
- C92% (34)
Why each option
The attacker compromised the office DNS server to redirect employees from legitimate sites to a malicious machine, which is the definition of DNS spoofing.
ARP poisoning maps an attacker's MAC address to a legitimate IP at Layer 2 to intercept local network traffic, but it does not manipulate DNS name resolution to redirect domain lookups.
A Smurf attack is a DDoS technique using spoofed ICMP broadcast requests to flood a target with traffic - it does not redirect users from one domain to another.
DNS spoofing involves corrupting or hijacking DNS query responses so that a legitimate domain name resolves to an attacker-controlled IP address instead of the real server. Because the office uses its own DNS server, an attacker who gains control of it can manipulate DNS records for any domain - causing google.com to resolve to the attacker's machine. This is the precise definition of DNS spoofing, and the redirection of web traffic via poisoned DNS records is its hallmark.
MAC flooding overwhelms a switch's CAM table to force it into hub-like broadcast mode for passive sniffing - it does not affect DNS responses or cause domain name redirection.
Concept tested: DNS spoofing via compromised DNS server
Source: https://www.cisa.gov/news-events/alerts/2019/01/16/dns-infrastructure-tampering
Topics
Community Discussion
No community discussion yet for this question.