What describes the attack where legitimate domains point to harmful IP addresses?

The situation described in the question pertains to DNS poisoning, which is a method used by attackers to manipulate the Domain Name System (DNS) in order to direct users from a legitimate domain to a malicious IP address. In essence, when a user attempts to access a legitimate website, DNS poisoning alters the resolution so that the domain name does not point to the correct server but instead to an attacker-controlled server. This allows the attacker to potentially harvest sensitive information, distribute malware, or engage in phishing activities.

DNS poisoning takes advantage of the way data is stored in DNS caches, and when a DNS cache becomes corrupted with harmful information, it can lead users unknowingly to dangerous sites. This technique can be executed through various methods, including sending false DNS responses or compromising DNS servers.

Other options may involve different types of attacks, but they do not specifically involve redirecting legitimate domain requests to harmful IPs through the manipulation of DNS records. Understanding DNS poisoning is vital for recognizing how attackers can exploit DNS to conduct various types of cyber attacks and emphasizes the importance of maintaining secure DNS infrastructures.