Joseph was the Web site administrator for the Mason Insurance in New York, whose main...

In this scenario, users outside the organization (like Smith and Joseph on dial-up) see the defaced site, while Joseph on the internal corporate network sees the legitimate site. Tripwire confirms that the files on the actual web server are intact. This clearly indicates that the attack was not on the server itself, but rather on how external users are being directed to a malicious server.

This behavior is indicative of a DNS poisoning attack. The attacker poisoned the DNS cache of an external DNS resolver, redirecting www.masonins.com to a malicious server. Internal DNS servers, unaffected by the poisoning, still resolved to the correct IP address.

From CEH v13:

Module 3: DNS Poisoning and Spoofing

Module 5: Vulnerability Analysis

CEH v13 Study Guide states:

“DNS poisoning involves injecting false information into a DNS resolver’s cache, causing users to be redirected to malicious websites without changing the actual web server’s content.”

Incorrect Options:

A: ARP spoofing affects local network address resolution, not global DNS.

B: SQL injection is used to exploit databases, not alter DNS records.

D: Routing table injection affects traffic routes, but wouldn’t explain DNS-level redirection discrepancies.