Computer Systems Security Planning for Success

A DNS resolved can be tricked into caching incorrect information and serving it to other clients. In this scenario an attacker assumes the role of the authoritative DNS server by responding to a DNS query with a forged source IP. One of the reasons this is possible is because DNS query responses are often single, unauthenticated packets. Once the server has the invalid DNS cache entry it will continue to direct users to the incorrect IP address for the TTL of the entry. DNSSEC

¹

cloud.google.com/dns/docs/dnssec

can be used to mitigate these attacks by forcing authentication on DNS answers.

In this scenario an attacker responds to a Link-Local Multicast Name Resolution (LLMNR) broadcast and impersonates an authentication server. The unexpecting victim fills in their credentials, which are promptly stolen. This attack can be mitigated by disabling LLMNR on the network.