NETWORK ATTACKS

🔍 Ping Sweep (ICMP Sweep)

Scenario:
An attacker pings a range of IPs (192.168.1.0/24) to see which devices reply — mapping out live hosts before deeper scanning.
Defense:
Block unnecessary ICMP traffic, use intrusion detection, and monitor network scans.

⚡ ARP Spoofing / ARP Cache Poisoning

Scenario:
A hacker can trick devices by sending false ARP messages, pretending to be the router (gateway).
Defense:
Use dynamic ARP inspection, static ARP tables, or secure switch configs (DHCP snooping + port security).

⚡ DHCP Starvation Attack

Scenario:
An attacker floods the DHCP server with thousands of fake “IP requests” until all available addresses are used. Real clients can’t get IPs and lose connectivity (DoS).
Defense:
Enable DHCP snooping, limit MAC addresses per port, and set rate limits.

⚡ DHCP Spoofing Attack

Scenario:
A rogue DHCP server gives victims fake settings (wrong gateway/DNS), redirecting traffic through the attacker.
Defense:
DHCP snooping, trusted ports, and network segmentation.

⚡ DNS Cache Poisoning

Scenario:
Attacker tricks a DNS server to save a fake record: bank.com → 10.0.0.13 (attacker’s site). Users get redirected to a phishing site that looks real.
Defense:
Use DNSSEC, validate DNS responses, and restrict external zone transfers.

🌊 DNS Amplification (DDoS Reflection)

Scenario:
Attacker sends small forged DNS queries using the victim’s IP; open DNS servers reply with huge responses, overwhelming the victim.
Defense:
Block open resolvers, use rate limiting, and implement response filtering.

🕵‍♂️ DNS Tunneling

Scenario:
Malware hides stolen data inside DNS queries (e.g., filedata.evil.com). It looks like normal DNS traffic, bypassing firewalls.
Defense:
Use DNS monitoring tools (like Cisco Umbrella), block unusual query patterns.

🕸 Fast Flux / Domain Shadowing / DGA

Scenario:
Hackers rapidly change IPs or DNS servers so their phishing sites stay hidden. Some malware randomly generates domain names every day.
Defense:
Use threat-intelligence feeds, DNS monitoring, and domain reputation filters.

🌐 Man-in-the-Middle (MITM)

Scenario:
Attacker secretly intercepts communication between two devices (e.g., user and router, or browser and website). Can steal credentials or inject malware.
Defense:
Use HTTPS/TLS, VPNs, and certificate pinning.

💥 DoS / DDoS Attack

Scenario:
Servers get flooded with fake requests — users can’t reach them.
Defense:
Use rate limiting, firewalls, CDNs, and load balancers.