The attacker must be connected to the LAN and sniff the DNS request IDs to respond before the legitimate DNS server is known. This attack is called what?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

The attacker must be connected to the LAN and sniff the DNS request IDs to respond before the legitimate DNS server is known. This attack is called what?

Explanation:
This tests DNS spoofing on an internal network. An attacker who is on the LAN can watch DNS queries and grab the transaction IDs, then send a forged DNS response that matches those IDs and arrives before the real DNS server’s reply. If the resolver accepts the forged answer, it caches the attacker’s IP for that domain, redirecting traffic to the attacker. Because this attack is carried out within the intranet, it’s described as an intranet DNS spoofing attack. The other terms are less precise for this scenario: Internet DNS poisoning usually implies poisoning caches at external or widely distributed resolvers, not confined to the local network; DNS cache poisoning is a general concept and could happen anywhere, but does not specify the intranet context; proxy server DNS poisoning would involve a proxy rather than the DNS resolver directly, which isn’t the described method.

This tests DNS spoofing on an internal network. An attacker who is on the LAN can watch DNS queries and grab the transaction IDs, then send a forged DNS response that matches those IDs and arrives before the real DNS server’s reply. If the resolver accepts the forged answer, it caches the attacker’s IP for that domain, redirecting traffic to the attacker. Because this attack is carried out within the intranet, it’s described as an intranet DNS spoofing attack.

The other terms are less precise for this scenario: Internet DNS poisoning usually implies poisoning caches at external or widely distributed resolvers, not confined to the local network; DNS cache poisoning is a general concept and could happen anywhere, but does not specify the intranet context; proxy server DNS poisoning would involve a proxy rather than the DNS resolver directly, which isn’t the described method.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy