DNS Cache Poisoning
Attack Pattern ID: 142 (Standard Attack Pattern Completeness: Stub)Typical Severity: Very HighStatus: Draft
+ Description


An attacker modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the attacker specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Attackers can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.

+ Attack Prerequisites

A DNS cache must be vulnerable to some attack that allows the attacker to replace addresses in its lookup table.

Client applications must trust the corrupted cashed values and utilize them for their domain name resolutions.

+ Resources Required

The attacker must have the resources to modify the targeted cache. In addition, in most cases the attacker will wish to host the sites to which users will be redirected, although in some cases redirecting to a third party site will accomplish the attacker's goals.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern161Infrastructure Manipulation 
Mechanism of Attack (primary)1000