Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 19.179 Domain Name System (DNS) Attacks > Flashcards

Section 19.179 Domain Name System (DNS) Attacks Flashcards

Objective 2.4 Given a scenario, you must be able to analyse indicators of malicious activity

1
Q

Domain Name System (DNS)

A

Fundamental component of the internet that is responsible for translating human-friendly domain names into IP addresses that computers can understand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Some of the Various Types of DNS Attacks and Mitigation

DNS Cache Poisoning (DNS Spoofing)

A

Corrupts a DNS resolver’s cache with false information

● Redirects users to malicious websites

Mitigation:

○ Use DNSSEC (Domain Name System Security Extensions) to add digital signatures to DNS data

○ Implement secure network configurations and firewalls to protect DNS servers

Example: An attacker could poison the DNS cache
of a popular online banking website and then cause the bank’s users to be redirected to a fake website where their logging credentials could be stolen by the attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Some of the Various Types of DNS Attacks and Mitigation

DNS Amplification Attacks

A

Overwhelms a target system with DNS response traffic by exploiting the
DNS resolution process

● Spoofed DNS queries sent to open DNS servers

Mitigation:
○ Limit the size of DNS responses

○ Rate limit DNS response traffic to reduce the impact

Example: if an attacker could send a small query
to an open DNS server to request a large amount of data like the entire list of hosts in the domain,
this will be sent to the victim’s IP address which in turn causes a flood of unwanted traffic which can appear to look like a DOS attack against a victim’s system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Some of the Various Types of DNS Attacks and Mitigation

DNS Tunneling

A

Encapsulates non-DNS traffic (e.g., HTTP, SSH) over port 53 to bypass firewall rules for command and control or data
exfiltration

Mitigation

○ Monitor and analyse DNS logs for unusual patterns indicating tunneling

Example: an attacker could use DNS tunneling
to bypass a company’s firewall and to exfiltrate sensitive organizational data Since DNS requests are usually allowed to pass through a firewall without inspection, DNS tunneling is quite effective for sneaking data out of a given network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Some of the Various Types of DNS Attacks and Mitigation

Domain Hijacking (Domain Theft)

A

Unauthorised change of domain registration

● May lead to loss of website control and redirection to malicious sites

Mitigation
○ Regularly update and secure registration account information

○ Use domain registry lock services to prevent unauthorised
changes

Example: if an attacker could hijack a popular e-commerce website domain like amazon.com, they can redirect all of Amazon’s traffic to a fake website where a customer’s payment information could be stolen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Some of the Various Types of DNS Attacks and Mitigation

DNS Zone Transfer Attacks

A

The attacker tries to get a copy
of the entire DNS zone data, which includes all of the DNS records for domain by pretending to be an authorised system making that request.

● Exposes sensitive information about a domain’s network infrastructure

● Could be used for reconnaissance in future attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (238 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions