Home > CAPEC List > CAPEC-290: Enumerate Mail Exchange (MX) Records (Version 2.11)  

CAPEC-290: Enumerate Mail Exchange (MX) Records

Enumerate Mail Exchange (MX) Records
Definition in a New Window Definition in a New Window
Attack Pattern ID: 290
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker enumerates the MX records for a given via a DNS query. This type of information gathering returns the names of mail servers on the network. Mail servers are often not exposed to the Internet but are located within the DMZ of a network protected by a Firewall. A side effect of this configuration is that enumerating the MX records for an organization my reveal the IP address of the firewall or possibly other internal systems. Attackers often resort to MX record enumeration when a DNS Zone Transfer is not possible.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Application Layer

Target Attack Surface Localities


Target Attack Surface Types: Service

Target Functional Services

Target Functional Service 1: Domain Name Service (DNS)
+ Attack Prerequisites
  • Access to a DNS server that will return the MX records for a network.

+ Typical Severity


+ Resources Required

A command-line utility or other application capable of sending requests to the DNS server is necessary.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
"Varies by context"
Bypass protection mechanism
Hide activities
+ References
[R.290.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 2: Scanning, pp. 38. 6th Edition. McGraw Hill. 2009.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017