- COURSES
- SPECIALS
- BLOG
- MEMBERS
- SHOP
- BOOKSHELF
- ABOUT
- ENROLL HERE
Table of Contents
Cyber attacks and network attacks are malicious activities that target computer networks, systems and users. These attacks can cause data loss, service disruption, unauthorized access and financial damage. In this lesson, we will learn the most common cyber attacks and network attacks such as DoS, TCP SYN Flood, Ping of Death, Smurf and Man-in-the-Middle (MITM) attacks along with basic mitigation methods. Understanding cyber attacks is important for network engineers, cybersecurity students and IT professionals. By learning how these attacks work, you can better protect networks, servers and devices against modern security threats.
So, what are the types of Network Attacks (Cyber Attacks)?
Denial of Service (DoS) Attack is a cyber attack type that aims to maket he victim system unusable. There are different types of DoS Attacks according to their type:
Vulnerability DoS Attacks are done to crash the system by determining and focusing its vulnerable parts.
The aim of Bandwidth Flooding DoS Attacks are to clog the victim system with too much requests, traffic etc.
Lastly Connection Flooding DoS Attacks are done with too much half or full open connections. After a while system can not reply to these requests.
There is also an enhanced version of DoS Attacks. These are DDoS (Distributed DoS) Attacks. With DDOS Attacks, attacker attacks from many devices o the victim device. So, it is difficult to detect the source of this attacks.
By the way let’s also define an important term, Botnet. Botnet is a private computer that has infected form any malicious software and because of this, it is controlled without the victim’s knowledge to do malicious attacks to others. DDoS (Distributed DoS) Attacks are done over such systems.
There are different namings for specific types of DoS Attacks. These are:
TCP SYN Flood Attack is the attack with which attacker sends too much connection request to the target and if it gets reply, attacker never replies back. Waiting for timeout and too much requests fills the victim system queues.
To protect your system form TCP SYN Flood, you can use firewall that stops incoming SYN packets. Another proactive solution is increasing the size of the connection queue and decreasing the connection timeout value.
Ping of Death is the attack type that sends ping packet to the victim over maximum 65535 value. And before sending this, attacker fragments the packet because this size is not allowed. At the other end, the victim, reassembeles this packet and its buffer crashes.
To protect your system from Ping of Death, you can use a firewall and on firewall you can check fragmented packets, if their size is normal or not.
Teardrop Attack is the attack that is done via packet length and fragmentation offset parts. Attacker sends fragmented packets like ping of death. The target, can not reassible this packet because of a bug about TCP/IP fragmentation. The packets overlap and the system crashes.
Smurfing is the attacks type that is done via too much ICMP Echo (Ping) and aims to exhaust system resources. With Smurfing, attackers behaves like a victim’S trusted IP address and sends many ICMP Echo messages to a broadcast address. All the devices in this broadcast domain sends ICMP Reply to this ECMP Echos. So, in a short time the system traffic increase and resoruces exhaust.
Man-in-the-Middle Attacks (MiTMs) are one of the most widely used attack types for today’s Cyber Attacks. It is also known as Eavesdropping (Snooping). In a Man-in-the-Middle Attack there are three players. These players are:
In normal communcation, client connect to the server and the data traffic occurs. But with Man-in-the-Middle Attack, the attacker enters between the Client and the Server. The attacker achieves this with various techniques and because of that victim is unaware of what is going on. He/She thinks that, the connection is still towards the destination. But after a successfull Man-in-the-Middle Attack, the data traffic comes to the attacker’s device not the exact destination.
Man-in-the-Middle Attacks are mainly used for stealing valuable information about the victims. This can be important passwords, banking details or any other secret information. Man-in-the-Middle Attacks can be done on different layers of the well-known OSI Model.
According to its affect type, we can devide Man-in-the-Middle Attacks into two. These Man-in-the-middle Attacks types are :
In Passive Man-in-the-Middle Attacks, the attacker only listens the traffic between the victim and the other end. Attacker listens, captures and records the traffic between these two ends, but it do not make any modification on the packets. Packets are tranfered unchanged between these two ends again but with a big problem. The problem is an unauthorized person, attacker knows whole the communication between these two ends.
In Active Man-in-the-Middle Attacks, the attacker listens, captures and records the traffic between two end points again. But here, there is another big problem. The attacker, damages the integrity of the data, it manuplates the packets. Modified and changed packets are send to each end. So, Active Man-in-the-Middle Attacks are more dangerous that Passive Man-in-the-Middle Attacks. With this attacks, the attacker make any victim to do what the attackers want with manuplated packets.
The are also some different namings for specific MiTM Attacks. These are:
Session Hijacking is an old cyber attack type with which the attacker receives the traffic between two victioms by capturing the session between them. In this type of attacks, receiver and sender things that they are communication directly with the other end. But, in real, their traffic goes to the attacker.
Replay Cyber Attacks are the attacks with which the attacker eavesdrops the traffic between two points, intercepts the traffic and sends requests as he/she is a legitimate user. By doing this, attacker receies the requested data from the destination. Source of the request and the answered destination do not aware of this process. The attacker receives all the information requested.
For example if you request a payment with your credentials and if your data is intercepted by the hacker with a replay attack, then, attacker can imitate your request and send it to the destination as he/she is the legitimate user. At the destination, your reuest will processed and your requested money will sent to the attackers account.
IP Spoofing is the process of tricking a victim via trusted IP packets. Here, the attacker sends a modified IP packet that has a trusted IP Source address to the victim host. The host accepts this packet because of the fact that it assumes that it is coming from a secure end. After that, the traffic from the victim goes to the attacker instead of the real trusted destination.
Attackers do IP Spoofing by having a trusted range IP addresses. These IP addresses are in your IP address range. After having such an IP addresses, it is easy to enter your network. So, they acks as they are in your network, they can change configurations, they can send emails, they can do anything like any other user in this network. IP Spoofing is a very dangerous attack.
To protect your company network from IP Spoofing, you can use Access-lists. With Access-lists, you can limited incoming traffic from the outside. But what if this attack is done from inside? So, Access-lists can not be a certain solution for IP Spoofing.
As you know ARP is the protocol tat links IP addresses to MAC addresses. With ARP processes in OSI layer 2, devices in the network learnes their MAC addresses each other and create ARP tables that includes IP-ARP machings. After this learning process, communication is done through this ARP table instead of asking “What is x.x.x.x IP’s MAC?” question every time.
In ARP spoofing, attacker link its own MAC address with a trusted IP address in that network. By doing this, attacker manuplates the ARP table. When the victim host want to send a packet to that IP address according to records of ARP table, it sends the traffic to the attacker. From the victim’s point of view, everything seems normal. ARP table seems secure and it sends the packet according to the ARP table. It do not know that, IP-MAC linking in the ARP table, will send its traffic to the attacker’s malicious device. Dynamic ARP Inspection can be a good solution to protect your network from such attacks.
DNS is the mechanims that resolves Domain names to IP addresses. With DNS Spoofing attack, the attacker manuplated the DNS cache information of the victim’s and forces the victim to go to another website instead of the exact destination website. Here, victim thinks that, he/she is in a tursted exact website but at the backplane he/she is not.
The main aim of this DNS Spoofing attacks are stealing the Authentication information of the user. User write his/her usernames, passwords etc. on the fake website, and the attacker sees all the details clearly. After this attack type, with their Authentication information, attacker can login to the system and can do malicious activities.
As you know, HTTPS is a secure protocol and developed as an enhanced version of HTTP. Many website on Internet, especially e-commerce website uses HTTPS to confirm their website safe and secure. With HTTPS Spoofing, this safe websites can be imitated. An attacker tricks the browsers and force the browser to accept the unsecure malicious attacker website as safe. It does a redirection and victim find himself/herself in a malicious website. Here, the aim is stealing Authentication information of the users.
Password Attacks are the attacks that tries to steal your passwords and access your systems via this passwords.
Attackers can use many different programs for Password Attacks. With this programs they can try to guess your password with many attemps. If an attacker use such a way to have yor passwords, this is called Brute Force Attack.
To protect your system from such cyber attacks, you should use strong passwords. This can be also forced on the companies that has many users. Because weak passwords are easy to guess and they are easy to captured via different Brute Force Attack Programs. So, your passords must be a value that can not be guessed.
Malware Attacks are done via malicious softwares that is loaded to your system without your permission. And with this action, it aims to damage your system, steal your information or for other malicious behaviors.
There are different harmful Malwares. Some of them aregiven below:
Viruses are softwares that requires user actions to be activated. This can be a program that you have download to your computer or it can be a Email that contains this malicious softwares.
Worms are the malicious softwares that is different than Viruses. They are not attached to any program like viruses, Worms are self-contained programs. They are distributed via emails generally and whenever you open the attachment, you acitivate the worm. After that, it acts and spread itself to your contacts.
Trojan Horses are the programs that hides in useful programs. Trojan Horses are not self-replicated like viruses. They are used to do a required action for an attacker. This can be openning a port, creating a backdoor.
Adware is a software application with which companies do their marketing. They put their banners and advertisements to your system or in the program that you are using. They can be downloaded while you are downloading another program.
Spyware is a software application that is used to collect information about you. It sends all your activities to the attacker. You can download Spywares during downloading another program.
Reconnaissance Attacks are the attacks that aims to gather information. With these attacks, hackers tries to collect information about the victim. Reconnaissance Attacks are also the preparation step of worse attacks.
There can be vairous information collection methods for an attacker. Some of these are:
Packet Sniffing is capturing and analyzing the traffic of the victim. With various tools, packet sniffing can be done and the details of the user traffic can be seen.
Port Scanning is the technique that check a backdoor in the victim’s system for the attacker. Various tools are used for Port Scanning and before any attack, hackers use this type of tools too much. Because, such programs shows all the vulnerable parts of the system, open ports etc.
Phishing is the attack type that you have seen too much everyday. This type of attack is done through emails. With this emails, attacker creates an email like a trusted company or corporate and send an email to you via an email address that seems a real company email. With this email, attacker sends you a link, route you to enter your credit card information, passwors etc. After this, attackers capture your credentials.
Social Engineering is collection information about the victim on various platforms. At recent years users are using social media and online platforms too much. So, hackers can collect too much data about the victim form various online platforms.
Dumster Diving is collecting important information from the trash locations. Important datas can be forgotten in such locations and these information can include very sensitive data that an attacker can use.
Usenet Tools is collecting data from the company websites, from thier partners and employees. These information can be open to public but they can be also critical for an attacker.
DNS Reconnessaince is done by gathering critical information from the DNS Server. DNS Servers store a lot of critical information for an hacker like important IP addresses. So, this type of cyber attacks are very important especially before other cyber attacks.
To secure any network, firstly we should determine that “Who can acccess this entwork?”. This is called Authentication. The second action will be, “What can he/she do with his/her account?” This is Authorization. So, in a network users who can access to the network and their roles, user levels must be known.
A user that access to a network with his/her credentials called Authenticated user. If this user acts as its user level, it is called Authorized Access. In the security profiles all his/her roles are defined and the actions that he/she do are legal fort he company.
But sometimes, users or any attackers tries to access unauthorized abilities. On Linux/Unix system, they can do this activitie by gaining access as a Root user. With Root user, they can do anything that they are not allowed. They can reach secret passwords, files, configurations etc. So, this type of access is called Unauthorized Access.
For Unauthorized access, TACACS+ Servers are used. Before accessing to a system, user need to pass this TACACS+ Server’s Authentication and Authorization processes.
WareZ is the distribution of licenced softwares over internet illegaly. As you know different softwares are being developed with excellent effors and after this effors they are sold with licences. Anyone who can have these licences, can use these softwares. Developers and companies earn from these licence sales.
But some of the attackers or inside users steal these softwares and distribute on internet illegally. The aim of this can be different . They sell this software sor they purt these software on internet free. Both behaviour are harmful fort he developers of these softwares. So, to prevent these, activation passwords, licence keys can be used to activate the software. Although these proactive measures, it is very difficult to prevent WareZ. Especially in some countries, there is no enough penalties for such activities. This make impossible to prevent WareZ.
Rerouting is an attack type that is mainly done via the attackers that has Network Engineering experience. As you know routing is very popular in networking World and network engineers are very eager to learn routing. Some attackers use this knowledge badly and they can manuplate routing activities.
To manuplate the routing activities of a network, attackers’s focus is Routing Table. As you know, Routing Tables has all the routes to any destiantions. By manuplating Routing Table, attacker aims to change the route directions. They route traffics to their server sor any other node different than the exact destination. This type of attacks are called Reroute Attacks as its name implies.
A cyber attack is an attempt to gain unauthorized access, damage or disrupt systems, networks or devices.
Common network attacks include DoS attacks, TCP SYN Flood, MITM, Smurf attacks and Ping of Death.
A threat is a potential danger, while a vulnerability is a weakness that attackers can exploit.
Cyber attacks can be mitigated using firewalls, IDS/IPS systems, strong passwords, MFA and security awareness.
Leave a Reply