nerdexam
EC-Council

312-50V11 · Question #459

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains Now wh

The correct answer is C. DNS spoofing. The attacker compromised the office DNS server to redirect employees from legitimate sites to a malicious machine, which is the definition of DNS spoofing.

Sniffing

Question

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

Options

  • AARP Poisoning
  • BSmurf Attack
  • CDNS spoofing
  • DMAC Flooding

How the community answered

(37 responses)
  • A
    5% (2)
  • B
    3% (1)
  • C
    92% (34)

Why each option

The attacker compromised the office DNS server to redirect employees from legitimate sites to a malicious machine, which is the definition of DNS spoofing.

AARP Poisoning

ARP poisoning maps an attacker's MAC address to a legitimate IP at Layer 2 to intercept local network traffic, but it does not manipulate DNS name resolution to redirect domain lookups.

BSmurf Attack

A Smurf attack is a DDoS technique using spoofed ICMP broadcast requests to flood a target with traffic - it does not redirect users from one domain to another.

CDNS spoofingCorrect

DNS spoofing involves corrupting or hijacking DNS query responses so that a legitimate domain name resolves to an attacker-controlled IP address instead of the real server. Because the office uses its own DNS server, an attacker who gains control of it can manipulate DNS records for any domain - causing google.com to resolve to the attacker's machine. This is the precise definition of DNS spoofing, and the redirection of web traffic via poisoned DNS records is its hallmark.

DMAC Flooding

MAC flooding overwhelms a switch's CAM table to force it into hub-like broadcast mode for passive sniffing - it does not affect DNS responses or cause domain name redirection.

Concept tested: DNS spoofing via compromised DNS server

Source: https://www.cisa.gov/news-events/alerts/2019/01/16/dns-infrastructure-tampering

Topics

#DNS spoofing#DNS poisoning#traffic redirection#name resolution attack

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice