Identify DNS attack type

asked 2019-10-13 12:20:23 +0000

Hi All :)

I am currently learning how to use wireshark, and as part of an exercise relating to Attacks, I was asked to analyse this basic capture file and determine what kind of attack it could potentially be. My initial instincts were that it would be a DoS attack, with IP spoofing, as the MAC address on all the queries is the same, however the IP addresses vary and all the queries were sent within ~2 milliseconds. I also considered that it could be an authentication issue with the server, but this does not explain the varying IP addresses with same MAC.

Is my analysis that this is a DoS attack with IP spoofing correct?

What could the server do to protect against this abnormal behavior?

Capture File: https://ufile.io/xbwmtzjm

edit retag flag offensive close merge delete

add a comment

Identify DNS attack type

Be the first one to answer this question!

Question Tools

Stats

Identify DNS attack type edit

Be the first one to answer this question!

Question Tools

Stats

Identify DNS attack type