Identify DNS attack type

asked 2019-10-13 12:20:23 +0000

JarrodTheBest gravatar image

Hi All :)

I am currently learning how to use wireshark, and as part of an exercise relating to Attacks, I was asked to analyse this basic capture file and determine what kind of attack it could potentially be. My initial instincts were that it would be a DoS attack, with IP spoofing, as the MAC address on all the queries is the same, however the IP addresses vary and all the queries were sent within ~2 milliseconds. I also considered that it could be an authentication issue with the server, but this does not explain the varying IP addresses with same MAC.

Is my analysis that this is a DoS attack with IP spoofing correct?

What could the server do to protect against this abnormal behavior?

Capture File:

edit retag flag offensive close merge delete