Cyber Security Network Attacks

This page moves beyond reconnaissance to explain the active attacks that target network infrastructure and services. It focuses on attacks that aim to disrupt, deny, or degrade network functionality, with a primary emphasis on Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks. The core idea is that even if data isn’t stolen, making a service unavailable can be a devastating attack with financial and reputational damage.

Key Learning Points Overview

The page categorizes network attacks and explains their mechanisms and impacts.

1. Denial-of-Service (DoS) Attacks

• What it is: An attack aimed at shutting down a machine or network, making it inaccessible to its intended users.
• How it works: The attacker overwhelms the target with a flood of illegitimate traffic or requests, consuming its resources (like bandwidth, CPU, or memory).
• Goal: To disrupt service, cause downtime, and inflict financial or reputational harm.

2. Distributed Denial-of-Service (DDoS) Attacks

• What it is: A more powerful and complex version of a DoS attack.
• How it works: The attacker uses a botnet—an army of compromised computers (zombies) distributed across the internet—to launch a coordinated attack from thousands of sources simultaneously.
• Why it’s more dangerous:
  • Harder to Stop: Because the traffic comes from many different IP addresses, it’s difficult to filter out without blocking legitimate users.
  • Massive Scale: A botnet can generate far more traffic than a single attacker.

3. Common Types of DoS/DDoS Attacks

The page explains the different methods used to overwhelm a target:

• Volume-Based Attacks:
  • Goal: To consume all available bandwidth.
  • Example: UDP Flood. The attacker sends a massive number of UDP packets to random ports on the target. The target checks for applications listening on those ports and, finding none, sends back “Destination Unreachable” packets. This process consumes network resources.
• Protocol Attacks:
  • Goal: To consume the actual processing capacity of network infrastructure (like servers, firewalls, or load balancers).
  • Example: SYN Flood. This exploits the TCP three-way handshake.
    1. The attacker sends a flood of TCP SYN packets.
    2. The server responds with SYN-ACK packets and waits for the final ACK.
    3. The attacker never sends the ACK, leaving the server with half-open connections until its connection table is full and it can’t accept new legitimate connections.
• Application Layer Attacks:
  • Goal: To overwhelm a specific application rather than the entire server.
  • Example: HTTP Flood. The attacker sends a high volume of seemingly legitimate HTTP GET or POST requests to a web server. These requests are expensive for the server to process, eventually exhausting its ability to respond to real users.

4. Other Network Attacks Mentioned

The page also briefly covers other common network-level threats:

• DNS Spoofing/Poisoning: Corrupting a DNS server’s cache to redirect users from a legitimate website to a malicious one.
• Man-in-the-Middle (MitM) Attacks: An attacker secretly intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other.
• ARP Spoofing: A technique used to perform a MitM attack by sending fake Address Resolution Protocol (ARP) messages onto a local network.

5. The Cybersecurity Connection: Motivation and Impact

The page explains why these attacks are launched:

• Extortion: Demanding a ransom to stop the attack.
• Hacktivism: Attacking for political or social reasons.
• Competitive Sabotage: Disrupting a competitor’s business.
• A Smokescreen: Launching a DDoS to distract the security team while a more subtle attack (like data theft) is carried out.

Study Material & Learning Plan

Here’s a structured plan to master the concepts of network attacks.

Phase 1: Understand the Core Concepts (Foundation)

1. Goal: Grasp the fundamental purpose and mechanics of DoS vs. DDoS attacks.
2. Action: Read the page carefully. Focus on the analogies used (e.g., overwhelming a shop with prank calls).
3. Self-Check Questions:
   • What is the single most important difference between a DoS and a DDoS attack?
   • What is a botnet and why is it critical for a DDoS?
   • What resource does a SYN Flood attack primarily target: bandwidth, server memory, or the application itself?

Phase 2: Analyze the Attack Types (Technical Deep Dive)

1. Goal: Understand how different DDoS attacks work at a technical level.
2. Action: Create a table comparing the three main DDoS categories.
   • Columns: Attack Type, Target Resource, How it Works, Real-World Analogy.
   • Example Row:
     • Attack Type: SYN Flood
     • Target Resource: Server Connection Table
     • How it Works: Exploits the TCP handshake by not sending the final ACK.
     • Analogy: A crowd of people starting conversations with a shopkeeper but then walking away, leaving the shopkeeper unable to help real customers.

Phase 3: Connect to Defenses (Analytical Thinking)

1. Goal: For each attack, identify the primary mitigation strategy.
2. Action: Research how the following defenses work:
   • Rate Limiting: Limiting the number of requests a server will accept from an IP address in a given time frame.
   • DDoS Mitigation Services: Specialized services (like Cloudflare, AWS Shield) that scrub malicious traffic at a network edge before it reaches the target.
   • Firewalls & IPS: Can be configured to detect and block protocol-based attacks like SYN floods by using techniques like SYN cookies.
   • Network Monitoring: Using tools to establish a baseline of normal traffic so that anomalies (like a massive spike) can be detected quickly.

Phase 4: Practical Observation (Awareness)

1. Goal: Relate these concepts to real-world events.
2. Action:
   • Research Major DDoS Attacks: Look up famous DDoS attacks like the 2016 Dyn attack that took down major websites like Twitter and Netflix. Understand the scale and impact.
   • Use Monitoring Tools (Optional): If you have access to a home router with traffic graphs, observe the normal traffic patterns. This helps you understand what a “baseline” looks like.