The scenario describes a classic case of Domain Name System (DNS) poisoning, also known as DNS spoofing. In this attack, a malicious actor corrupts the data in a DNS server's cache, causing it to return an incorrect IP address for a legitimate domain name. When the administrator attempts to navigate to the administrative website, their system queries the compromised DNS server, which then resolves the domain to the IP address of the fake website. This effectively redirects the user's traffic to the attacker-controlled site without their knowledge, matching the described outcome perfectly.

A. Buffer overflow: This is a memory-based vulnerability exploitation technique used to execute arbitrary code or crash a system, not to redirect network traffic via domain names.

B. Denial of Service (DoS): This type of attack aims to make a network resource or website unavailable to its intended users, typically by flooding it with traffic, rather than redirecting users to a different site.

C. Birthday attack: This is a cryptographic attack that exploits probability theory to find collisions in hash functions, primarily used for forging digital signatures, and is unrelated to website redirection.

1. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. In Chapter 21.5

"DNS Attacks

" the text describes DNS poisoning as an attack where "an attacker is able to intercept a DNS request and reply with a forged DNS response... The forged response redirects the user to a different Web site."

2. Kuhrer

M.

Hupperich

T.

Holz

T.

& Rossow

C. (2014). Going Wild: Large-Scale Classification of Open DNS Resolvers. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC '14). Association for Computing Machinery

New York

NY

USA

233–246. The paper discusses DNS vulnerabilities

stating

"An attacker can poison the cache of a DNS resolver to redirect clients to a malicious server" (Section 2.1

DNS Cache Poisoning). DOI: https://doi.org/10.1145/2663716.2663733

3. MIT OpenCourseWare. (2014). 6.858 Computer Systems Security

Lecture 15: Network Security. Massachusetts Institute of Technology. The lecture notes explain DNS spoofing: "Goal: get victim to talk to a malicious server

by sending a fake DNS reply with a bad IP address." (Section 3

DNS Spoofing).

4. National Institute of Standards and Technology (NIST). (2010). NIST Special Publication 800-81-2: Secure Domain Name System (DNS) Deployment Guide. Section 2.2

"DNS Vulnerabilities

" details how cache poisoning allows an attacker to "redirect unsuspecting users to a malicious Web site."