Types Of Network Attacks

Types of Network Attacks

Network attacks exploit vulnerabilities in protocols, configurations, or human behavior to compromise confidentiality, integrity, or availability. Understanding attack vectors is critical for implementing proper security controls and passing CCNA Security objectives.

Attack Categories by Target

Physical Layer Attacks:

  • Wiretapping - Direct access to transmission media (copper/fiber)
  • Cable cutting - Denial of Service through physical destruction
  • Rogue access points - Unauthorized wireless devices creating security gaps
  • Device theft - Physical compromise of network infrastructure

Data Link Layer Attacks:

  • MAC flooding - Overwhelming switch CAM tables to force hub-like behavior
  • ARP spoofing/poisoning - Sending false ARP replies to redirect traffic
  • VLAN hopping - Exploiting trunk configurations to access unauthorized VLANs
  • STP manipulation - Forcing topology changes to intercept traffic

Network Layer Attacks:

  • IP spoofing - Forging source IP addresses to bypass access controls
  • ICMP attacks - Using ping/traceroute for reconnaissance or DoS
  • Routing table poisoning - Injecting false routes to redirect traffic
  • Smurf attacks - Amplified ICMP floods using broadcast addresses

Transport/Application Layer Attacks:

  • Port scanning - Systematic probing to identify running services
  • Session hijacking - Taking over established TCP connections
  • Man-in-the-middle - Intercepting and potentially modifying communications
  • Buffer overflow - Exploiting poor input validation in applications

Attack Methods by Intent

Attack Type Primary Goal Common Techniques Mitigation Strategy
Reconnaissance Information gathering Port scans, DNS queries, SNMP walks Disable unnecessary services, implement ACLs
Access Gain unauthorized entry Password attacks, privilege escalation Strong authentication, principle of least privilege
DoS/DDoS Disrupt availability Traffic floods, resource exhaustion Rate limiting, traffic filtering, redundancy
Data Exfiltration Steal information Covert channels, protocol tunneling DLP solutions, network monitoring

Social Engineering Attacks

Human factor is often the weakest link in security - technical controls mean nothing if users can be manipulated:

  • Phishing - Fraudulent emails requesting credentials or malware installation
  • Pretexting - Creating false scenarios to extract information (e.g., “IT support” calls)
  • Baiting - Leaving infected USB drives or offering free downloads
  • Tailgating - Following authorized personnel through secure doors
  • Dumpster diving - Searching discarded materials for sensitive information

Wireless-Specific Attacks

802.11 Vulnerabilities:

  • Evil twin - Rogue AP with legitimate-sounding SSID to capture credentials
  • WEP cracking - Exploiting weak encryption (RC4 key reuse)
  • WPS attacks - Brute forcing 8-digit PIN instead of complex passphrase
  • Deauthentication floods - Forcing clients to disconnect and reconnect
  • Wardriving - Mobile reconnaissance to map wireless networks

For example, WEP can be cracked in minutes due to IV (Initialization Vector) reuse, while WPA2 with strong passphrases remains computationally infeasible to break.

Vocabulary

Attack Vector - Specific method used to gain unauthorized access or cause damage Payload - Malicious code or action delivered after successful exploitation
Zero-day - Previously unknown vulnerability with no available patch APT (Advanced Persistent Threat) - Long-term, stealthy attack campaign Botnet - Network of compromised computers controlled remotely C&C (Command and Control) - Infrastructure used to manage compromised systems Threat Actor - Individual or group conducting attacks (insider, criminal, nation-state) Attack Surface - Total exposure of systems and services to potential attacks

Common Attack Tools and Signatures

Network Scanners:

  • Nmap for port discovery (nmap -sS target for SYN scan)
  • Nessus for vulnerability assessment
  • Wireshark for packet analysis and protocol debugging

Reconnaissance Indicators:

  • Multiple connection attempts to sequential ports
  • ICMP sweeps across network ranges
  • Unusual DNS queries (zone transfers, reverse lookups)
  • SNMP community string enumeration attempts

Key Pattern: Legitimate traffic typically shows established communication patterns, while attacks often exhibit systematic or anomalous behavior (sequential scans, unusual protocols, timing patterns).

Notes

  • Defense in depth is critical - no single security control stops all attacks
  • Monitor for baseline deviations rather than trying to identify every specific attack signature
  • Physical security is foundational - network security means nothing if attackers have console access
  • Social engineering awareness training is as important as technical controls
  • Wireless networks expand attack surface significantly - treat as untrusted by default
  • Keep attack surface minimal: disable unnecessary services, close unused ports, remove default accounts
  • Assume breach mentality - design networks assuming attackers will gain some level of access
  • Regular security assessments help identify vulnerabilities before attackers do
  • Incident response planning is crucial - knowing how to respond is as important as prevention
  • Update and patch management directly correlates with security posture - unpatched systems are low-hanging fruit for attackers