CAPEC-589

DNS Blocking
Draft
2017-01-12
00h00 +00:00
2020-12-17
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.

Informations du CAPEC

Conditions préalables

This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.

Atténuations

Hard Coded Alternate DNS server in applications
Avoid dependence on DNS
Include "hosts file"/IP address in the application.
Ensure best practices with respect to communications channel protections.
Use a .onion domain with Tor support

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-300

 Channel Accessible by Non-Endpoint
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

Références

REF-473

Censorship in the Wild: Analyzing Internet Filtering in Syria
http://conferences2.sigcomm.org/imc/2014/papers/p285.pdf

Soumission

Nom Organisation Date Date de publication
Seamus Tuohy 2017-01-12 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns, Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Mitigations