Enumerate Mail Exchange (MX) Records
Attack Pattern ID: 290 (Standard Attack Pattern Completeness: Stub)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker enumerates the MX records for a given via a DNS query. This type of information gathering returns the names of mail servers on the network. Mail servers are often not exposed to the Internet but are located within the DMZ of a network protected by a Firewall. A side effect of this configuration is that enumerating the MX records for an organization my reveal the IP address of the firewall or possibly other internal systems. Attackers often resort to MX record enumeration when a DNS Zone Transfer is not possible.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Application Layer

Target Attack Surface Localities

Server-side

Target Attack Surface Types: Service

Target Functional Services

Target Functional Service 1: Domain Name Service (DNS)
+ Attack Prerequisites

Access to a DNS server that will return the MX records for a network.

+ Resources Required

A command-line utility or other application capable of sending requests to the DNS server is necessary.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern309Scanning for Devices, Systems, or Routes 
Mechanism of Attack1000
+ References
Stuart McClure, Joel Scambray, George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". 6th Edition. McGraw Hill, ISBN: 978-0-07-161374-3. 2009.