Select Page

Overview of Network Attacks and Mitigation

CISSP

  1. Denial of Service (DoS)
    • Definition: An attack designed to interrupt service or deny legitimate users access to resources by exploiting system flaws, overloading connections, or flooding traffic.
  2. Distributed Denial of Service (DDoS)
    • Definition: A large-scale DoS attack using multiple computers, often part of a botnet, to overwhelm the target with traffic.
  3. Smurf Attack
    • Mechanism: Utilizes ICMP with three components: attacker, victim, and amplifying network. The attacker spoofs packet headers to appear as if they originated from the victim, and the amplifying network broadcasts the message.
    • Countermeasures: Disable broadcast at border routers, restrict ICMP traffic, and prevent packets from originating within the network.
  4. Fraggle Attack
    • Mechanism: Similar to Smurf but uses UDP instead of ICMP.
    • Countermeasures: Disable broadcast at border routers, restrict UDP traffic, employ IDS, apply patches, and block UDP ports 7 and 9.
  5. Land Attack
    • Mechanism: Sends a spoofed TCP SYN packet with the target’s IP address and an open port as both the source and destination, causing the machine to reply to itself continuously.
    • Effect: This can cause the machine to crash or become unresponsive.
  6. SYN Flood
    • Mechanism: Sends TCP connection requests (SYN packets) with a spoofed source address, causing the target system to wait for replies that never come, overwhelming system resources.
    • Countermeasures: Use sync cookies or proxies to mitigate the impact.
  7. Teardrop Attack
    • Mechanism: Modifies the length and fragmentation offset fields of sequential IP packets, confusing the target system and causing it to crash.
    • Effect: Exploits a flaw in TCP/IP fragmentation to crash systems.
  8. Session Hijacking (Spoofing)
    • Mechanism: Alters a TCP packet to appear as if it comes from a trusted source, giving the attacker access to the network. Common methods include intercepting cookies and using TCP sequence number attacks.
    • Effect: The attacker can take over an existing session, gaining unauthorized access.

These attacks highlight the importance of implementing robust network security measures, such as firewalls, IDS/IPS, and proper network configuration, to protect against various types of threats.

Latest Post:

Pin It on Pinterest