CAPEC-589 Metadata
Likelihood of Attack
High
Typical Severity
Very High
Overview
Summary
An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.
Prerequisites
This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.
Potential Solutions / Mitigations
Hard Coded Alternate DNS server in applications Avoid dependence on DNS Include "hosts file"/IP address in the application. Ensure best practices with respect to communications channel protections. Use a .onion domain with Tor support
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-300 | Channel Accessible by Non-Endpoint |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-603 | An adversary blocks the delivery of an important system resource causing the system to fail or stop working. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.