Common Network Attacks

Why Learn Attacks?

• Cryptography protects data
• TLS secures communication
• Firewalls control access

But security engineers follow one important rule:

You cannot defend what you do not understand.

To truly understand networking, you must see the Internet from the attacker's persepective.

The Fundamental Reality

The Internet was designed for:

• openness
• connectivity
• cooperation

Not security.

Many protocols assumed users were trustworthy.

Attackers exploit these assumptions.

Categories of Network Attacks

Most attacks fall into four major goals:

We will explore attacks matching each goal.

1 Man-in-the-Middle (MITM) Attack

The Idea

An attacker secretely places themselves between two communicating parties.

Instead of:

Alice  ←→  Server

It becomes:

Alice ←→ Attacker ←→ Server

Both sides think they talk directly.

Story Example

Alice connects to cafe Wi-Fi.

Attacker controls the network.

Alice sends login request.

Attacker can:

• read messages
• modify responses
• steal credentials

Why It Works

Early protocols lacked:

• authentication
• encryption

Devices trusted the network blindly.

Modern Defenses

• TLS certificates
• HTTPS verification
• Certificate pinning
• VPNs

TLS largely prevents MITM when used correctly.

2 ARP Poisoning (Layer 2 Attack)

Recall from earlier modules

ARP maps:

IP Address → MAC Address

But ARP has no authentication.

Any device can send ARP replies.

Attack Concept

Attacker sends fake ARP messages saying:

"I am the router."

Victims update their ARP tables.

Now traffic flows through attacker.

Result

Attacker can:

• intercept packets
• analyze traffic
• launch MITM attacks

Why Vulnerable?

ARP was designed for trusted LANs.

Security wasn't considered.

Defenses

• Dynamic ARP Inspection (switch feature)
• Static ARP entries (critical systems)
• Network segmentation

3 DNS Spoofing / DNS Cache Poisoning

DNS Reminder

DNS converts:

google.com → IP address

You computer trusts DNS answers.

Attack Idea

Attacker tricks DNS resolver into returning fake IP.

bank.com → attacker server

User sees correct domain name but wrong server.

Result

Victim enters password on fake website.

Credentials stolen.

Defenses

• DNSEEC
• HTTPS certificate validation
• Secure DNS (DoH/DoT)

4 Packet Sniffing (Evesdropping)

Attackers capture network traffic using packet analyzers.

On unsecured networks:

Packets = readable data

They can see:

• passwords
• cookies
• emails

Why Possible?

Network transmite data through shared infrastructure.

Anyone with access to the path may observe traffic.

Defense

• Encryption (TLS, SSH, VPN)

Encryption turned sniffing from trivial -> nearly useless.

5 Denial of Service (DoS) Attack

Goal

Not stealing data.

Instead:

Make service unavailable.

How It Works

Attacker floods server with massive requests.

Millions of requests → Server overload → Crash

Legitimate users cannot connect.

Distributed DoS (DDoS)

Even worse.

Attack comes from thousands of infected machines (botnet)

Many computers → One target

Real Effects

• websites go offline
• online services disrupted
• financial losses

Defense

• Rate limiting
• Load balancing
• CDN protection
• Traffic filtering

6 Port Scanning (Reconnaissance)

Before attacking, attackers explore targets.

They scan ports to discover:

• running services
• open vulnerabilities

Example:

Port 22 open → SSH running
Port 3306 open → Database exposed

Defense

• Firewalls
• Close unused ports
• Intrusion detection system

7 Session Hijacking

After login, websites issue session cookies.

If attacker steals cookie:

Cookie = authenticated identity

They impersonate user without password.

Defenses

• HTTPS-only cookies
• Secure flags
• Short session lifetimes