Common Network Attacks: DoS, Spoofing, and MITM
Identify denial-of-service, IP/ARP spoofing, and man-in-the-middle attacks, and understand the network controls that detect or prevent each.
Denial-of-Service Attack Fundamentals
A Denial-of-Service (DoS) attack aims to make a system, service, or network unavailable to legitimate users by overwhelming it with traffic or exploiting a vulnerability that causes it to crash. DoS attacks target the Availability pillar of the CIA triad. A single-source DoS is relatively easy to block by rate-limiting the source IP; however, many modern attacks use multiple sources simultaneously to make mitigation much harder.
Distributed Denial-of-Service (DDoS)
A DDoS attack uses thousands or millions of compromised devices (a botnet) to flood a target from many different source addresses simultaneously. This makes blocking by source IP impractical. DDoS attacks are categorized as volumetric (floods bandwidth, e.g., UDP flood), protocol (exhausts stateful resources, e.g., SYN flood), or application-layer (exhausts server capacity with valid-looking HTTP requests, e.g., Slowloris). Mitigation services like Cloudflare, Akamai, and AWS Shield absorb volumetric attacks before they reach the origin.
# Types of DDoS attacks:
# Volumetric: UDP flood, ICMP flood, DNS amplification
# Protocol: SYN flood, Ping of Death, Smurf attack
# Application: HTTP flood, Slowloris, R.U.D.Y
# SYN flood defense: SYN cookies
# sysctl -w net.ipv4.tcp_syncookies=1All lessons in this course
- TCP/IP Model and Common Ports
- Firewalls: Packet Filtering vs Next-Gen
- Network Segmentation and VLANs
- Common Network Attacks: DoS, Spoofing, and MITM