CAPEC-589: DNS Blocking
An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.
Last updated
Overview
CAPEC-589 (DNS Blocking) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.
Consequences
What a successful CAPEC-589 attack can achieve.
Other
Affects: Availability
Preventing DNS from resolving a request denies the availability of a target site or service for the user.
How to mitigate it
Defenses that reduce the risk of CAPEC-589.
- Hard Coded Alternate DNS server in applications
- Avoid dependence on DNS
- Include "hosts file"/IP address in the application.
- Ensure best practices with respect to communications channel protections.
- Use a .onion domain with Tor support
Examples
Full URL Based Filtering: Filtering based upon the requested URL. URL String-based Filtering: Filtering based upon the use of particular strings included in the requested URL.
Frequently asked questions
Common questions about CAPEC-589.
- What is CAPEC-589?
- An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.
- How do you prevent CAPEC-589?
- Hard Coded Alternate DNS server in applications
- What weaknesses does CAPEC-589 target?
- CAPEC-589 exploits 1 CWE weakness, including CWE-300 (Channel Accessible by Non-Endpoint).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-589
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.