Home > CAPEC List > CAPEC-291: DNS Zone Transfers (Version 2.11)  

CAPEC-291: DNS Zone Transfers

DNS Zone Transfers
Definition in a New Window Definition in a New Window
Attack Pattern ID: 291
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under certain conditions, it may even be possible to obtain Zone data about the organization's internal network. When successful the attacker learns valuable information about the topology of the target organization, including information about particular servers, their role within the IT structure, and possibly information about the operating systems running upon the network. This is configuration dependent behavior so it may also be required to search out multiple DNS servers while attempting to find one with ZONE transfers allowed.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Application Layer

Target Attack Surface Localities


Target Attack Surface Types: Service

Target Functional Services

Target Functional Service 1: Domain Name Service (DNS)
+ Attack Prerequisites
  • Access to a DNS server that allows Zone transfers.

+ Typical Severity


+ Resources Required

A client application capable of interacting with the DNS server or a command-line utility or web application that automates DNS interactions.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Read application data
+ References
[R.291.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 2: Scanning, pp. 34. 6th Edition. McGraw Hill. 2009.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017