Home > CAPEC List > CAPEC-589: DNS Blocking (Version 2.11)  

CAPEC-589: DNS Blocking

DNS Blocking
Definition in a New Window Definition in a New Window
Attack Pattern ID: 589
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.

+ Attack Prerequisites
  • This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.

+ Examples-Instances


Full URL Based Filtering: Filtering based upon the requested URL.

URL String-based Filtering: Filtering based upon the use of particular strings included in the requested URL.

+ Solutions and Mitigations

Hard Coded Alternate DNS server in applications

Avoid dependence on DNS

Include "hosts file"/IP address in the application

Ensure best practices with respect to communications channel protections.

Use a .onion domain with Tor support

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Preventing DNS from resolving a request denies the availability of a target site or service for the user.
+ References
[R.14.2] [REF-3] "Censorship in the Wild: Analyzing Internet Filtering in Syria". Sigcomm. 2014. <http://conferences2.sigcomm.org/imc/2014/papers/p285.pdf>.
+ Content History
Seamus Tuohy2017-01-12External_Submission

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017