CAPEC-291: DNS Zone Transfers
An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under certain conditions, it may even be possible to obtain Zone data about the organization's internal network. When successful the attacker learns valuable information about the topology of the target organization, including information about particular servers, their role within the IT structure, and possibly information about the operating systems running upon the network. This is configuration dependent behavior so it may also be required to search out multiple DNS servers while attempting to find one with ZONE transfers allowed.
Last updated
Overview
CAPEC-291 (DNS Zone Transfers) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Access to a DNS server that allows Zone transfers.
Resources required
- A client application capable of interacting with the DNS server or a command-line utility or web application that automates DNS interactions.
Consequences
What a successful CAPEC-291 attack can achieve.
Read Data
Affects: Confidentiality
Frequently asked questions
Common questions about CAPEC-291.
- What is CAPEC-291?
- An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under certain conditions, it may even be possible to obtain Zone data about the organization's internal network. When successful the attacker learns valuable information about the topology of the target organization, including information about particular servers, their role within the IT structure, and possibly information about the operating systems running upon the network. This is configuration dependent behavior so it may also be required to search out multiple DNS servers while attempting to find one with ZONE transfers allowed.
- What weaknesses does CAPEC-291 target?
- CAPEC-291 exploits 1 CWE weakness, including CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- How severe is CAPEC-291?
- MITRE rates CAPEC-291 as Low severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-291
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.