Section 15: Network Attacks

DoS Attack

Denial of Service attack that floods a network or system with excessive traffic to cause downtime.

DDoS Attack

Distributed Denial of Service attack that uses multiple devices (botnets) to amplify the attack.

Volumetric Attack

A type of DDoS attack that overwhelms bandwidth with excessive traffic.

SYN Flood

A DoS attack where the attacker sends multiple SYN requests to a server but never completes the handshake, overloading the server.

MAC Flooding

A technique that overloads a network switch’s MAC address table with fake MAC addresses, forcing it into flooding mode.

Port Security

A method to prevent MAC flooding by limiting the number of MAC addresses that can be learned on a port of a switch.

ARP Spoofing

An attack that tricks devices into sending traffic to the attacker’s MAC address, enabling Man-in-the-Middle attacks.

Dynamic ARP Inspection (DAI)

A security feature that helps to prevent ARP attacks by validating ARP responses.

VLAN Hopping

Exploiting misconfigured VLANs to gain unauthorized access to traffic on another VLAN.

DNS Poisoning (Spoofing)

An attack that injects false DNS records into a cache, redirecting users to malicious sites.

MitM Attack (On-Path Attack)

An attack where a malicious actor intercepts and manipulates communication between two parties.

Evil Twin Attack

A rogue Wi-Fi access point that mimics a legitimate access point to steal credentials.

Phishing Attack

A social engineering attack where attackers masquerade as trusted entities to steal sensitive information.

Spear Phishing

A targeted phishing attack that uses personalized information to trick a specific victim.

Whaling

A phishing attack that targets high-profile individuals such as CEOs and executives.

Ransomware

Malware that encrypts files on a victim’s device and demands ransom for restoration.

DNS Amplification Attack

A DDoS technique that exploits vulnerabilities in DNS or NTP to multiply attack traffic.

Trojan Horse

Malware disguised as legitimate software, containing a harmful payload.

WIDS (Wireless Intrusion Detection System)

A system used to monitor wireless networks for unauthorized access points.

Storm Control

A feature on switches that helps to prevent MAC flooding by blocking excessive traffic.

Firewall

A security device or software that monitors and controls incoming and outgoing network traffic.

Malware

Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems.

Encryption

The process of encoding information to prevent unauthorized access, commonly used to secure communications.

Static ARP Entries

Fixed mappings of IP addresses to MAC addresses that help prevent ARP spoofing.

TLS/SSL

Protocols used to secure communications over computer networks.

DNSSEC

A suite of extensions to DNS which adds a layer of security by enabling DNS responses to be verified.

Vishing

Voice phishing, a type of social engineering attack conducted over the phone to steal personal information.

Tailgating

A social engineering technique where an unauthorized person follows an authorized person into a restricted area.

Baiting

A social engineering attack that exploits human curiosity to lure victims into a trap.

Emergency Language in Emails

Urgent wording often used in phishing emails to manipulate victims into acting quickly.

Software Update/ Patching

Regularly updating application software to protect against vulnerabilities.

Rogue Access Points

Unauthorized wireless access points that can compromise network security.

Botnets

Networks of compromised computers used to execute DDoS attacks or spread malware.

Generic Greetings in Phishing Emails

Commonly used phrases in phishing attempts that lack personalization, often a red flag.

Smurf Attack (ICMP Flood)

Occurs when an attacker pings a subnet broadcast with a spoofed source IP, making the victimized server appear as the source

Data Snooping

Occurs when an attacker captures sensitive data by forcing the switch to broadcast traffic

Double Tagging

A method where the attacker tries to reach a different VLAN using vulnerabilities in the trunk port configuration

Switch Spoofing

Occurs when an attack attempts to use the Dynamic Trunking Protocol (DTP) to negotiate a trunk port with a switch

MAC Table Overflow Attack

Allows VLANs to no longer be enforced, will make the switch acts as a hub

DNS Tunneling

Involves using the DNS protocol to encapsulate non-DNS traffic to attempt to bypass the org’s firewall rules

Domain Hijacking

Involves changing the registration of a domain name without the permission of the original registrant

DNS Zone Transfer Attacks

An attack in which the attacker tries to get a copy of the entire DNS zone data by pretending to be an authorized system

On-path Attack

Attack where the attacker or pentester places their workstation between two hosts to capture, monitor, and relay communications

Replay Attack

Occurs when an attacker captures valid data and repeats it either immediately or with a delay

Relay Attack

Occurs when the attacker is able to insert themselves between two hosts and become part of the conversation

SSL Stripping

Redirecting HTTPS requests to HTTP in an attempt to trick the encryption application

Downgrade Attack

An attack in which the attacker attempts to have a client or server abandon its higher security mode in favor of a lower security mode

Rogue Devices

Unauthorized device or service on a corporate or private network that allows unauthorized individuals to connect to that network

Network Tap

Physical device that is attached to cabling to record packets passing over the network segment

Worm

A piece of malicious software that can replicate itself without user interaction

RAT

• Remote Access Trojan

• Provides the attacker with remote control of a victim machine

Rootkit

Malicious software (malware) designed to gain unauthorized access to a computer or network while hiding its presence. Rootkits often allow attackers to take control of a system, steal data, install additional malware, and bypass security measures.