An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites.
The help desk escalates the issue to the security team, as these websites were accessible the previous day.
The security analysts run the following command: ipconfig /flushdns, but the issue persists.
Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away.
Which of the following attacks MOST likely occurred on the original DNS server?
A.
DNS cache poisoning Most Voted B.
Domain hijacking C.
Distributed denial-of-service D.
DNS tunneling.
A.
An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites.
The help desk escalates the issue to the security team, as these websites were accessible the previous day.
The security analysts run the following command: ipconfig /flushdns, but the issue persists.
Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away.
Which of the following attacks MOST likely occurred on the original DNS server?
A.
DNS cache poisoning Most Voted
B.
Domain hijacking
C.
Distributed denial-of-service
D.
DNS tunneling.
A.
The symptoms of users being unable to access certain websites suggests that the DNS resolution is failing for those websites. When a user types in a website name in their browser, the computer looks up the IP address associated with that website name by querying a DNS server. If the DNS server is compromised or misconfigured, it can provide incorrect or no information to the user's computer, causing the user to be unable to access the website.
The ipconfig /flushdns command is used to clear the DNS resolver cache on the user's computer. This cache stores DNS information for recently accessed websites and helps to speed up future DNS queries. However, if the DNS server is providing incorrect information, clearing the cache on the user's computer will not solve the issue.
Changing the DNS server for the affected machine is a workaround to the problem. This suggests that the issue was with the original DNS server that was providing incorrect information.
Given the scenario described, the most likely attack on the original DNS server is DNS cache poisoning. DNS cache poisoning is a technique where an attacker can inject false DNS information into a DNS resolver cache. This can cause users to be redirected to malicious websites or be unable to access legitimate websites.
Domain hijacking is the act of changing the registration of a domain name without the consent of the original owner. This would not cause DNS resolution issues for other domains.
Distributed denial-of-service (DDoS) attacks flood a server with traffic to disrupt its normal operations. While a DDoS attack on a DNS server could cause disruption, it is less likely to result in specific DNS resolution issues for certain websites.
DNS tunneling is a technique where an attacker can bypass security measures by encapsulating non-DNS traffic within DNS packets. This would not cause DNS resolution issues for other domains.
Therefore, in the given scenario, the most likely attack on the original DNS server is DNS cache poisoning.