Skip to main content

DNS misconfiguration leading to potential compromise

ID:dns_misconfiguration
Data type:DNS
Severity:
Low
MITRE ATT&CK:TA0001:T1189

Description

AlphaSOC detected a DNS misconfiguration vulnerability that indicates an error or problem in DNS settings causing incorrect mapping of domain to IP addresses. Often caused by typographical errors of FQDN (fully-qualified domain name) or misconfigurations, these mistakes can lead systems to connect to unintended or malicious domains. Threat actors can exploit this by registering lookalike domains and monitoring for misdirected traffic, allowing them to intercept or manipulate these requests. Once they identify how the client is communicating (e.g., the specific protocols or port numbers used), attackers can set up a spoofed server to respond as the legitimate service would, potentially hosting malicious payloads.

Impact

DNS misconfigurations can compromise network security by enabling threat actors to intercept sensitive communications and data. When systems connect to unintended domains due to misconfigured DNS settings, attackers can capture authentication credentials, internal network information, and confidential data. This vulnerability also allows adversaries to deliver malware through spoofed servers, potentially leading to broader network compromise and data breaches.

Severity

SeverityCondition
Low
DNS misconfiguration detected

Investigation and Remediation

Investigate the specific DNS configuration issues identified by AlphaSOC. Review DNS server settings. Correct any misconfigurations immediately.

Known False Positives

  • Testing environments using alternative DNS configurations for development purposes