CAPEC-589

DNS Blocking
Draft
2017-01-12
00h00 +00:00
2020-12-17
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.

Informations CAPEC

Prerequisites

This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.

Mitigations

Hard Coded Alternate DNS server in applications
Avoid dependence on DNS
Include "hosts file"/IP address in the application.
Ensure best practices with respect to communications channel protections.
Use a .onion domain with Tor support

Related Weaknesses

CWE-ID Weakness Name

CWE-300

 Channel Accessible by Non-Endpoint
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

References

REF-473

Censorship in the Wild: Analyzing Internet Filtering in Syria
http://conferences2.sigcomm.org/imc/2014/papers/p285.pdf

Submission

Name Organization Date Date release
Seamus Tuohy 2017-01-12 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns, Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Mitigations