Go Back
Network Security
Service Denial Attack: DoS and DDoS
A Denial of Service (DoS) attack attempts to make a system or network service unavailable by exhausting its resources.
A Distributed Denial of Service (DDoS) attack extends this concept by generating attack traffic from multiple compromised systems.
Key Characteristics
- Targets system availability rather than confidentiality or integrity.
- Consumes bandwidth, CPU, memory, or connection tables.
- Often asymmetric: attackers spend fewer resources than defenders.
Common Attack Types
- Network-level floods: ICMP, UDP, SYN flooding
- Application-level attacks: HTTP request floods, expensive queries
- Reflection/amplification: DNS, NTP abuse using spoofed source IPs
Defensive Approaches
- Rate limiting and traffic filtering
- Load balancing and redundancy
- DDoS mitigation services and upstream filtering
- Monitoring and anomaly detection
Sniffing Attack
A sniffing attack involves capturing network traffic to observe sensitive information such as credentials,
session tokens, or internal data. This attack is typically passive and difficult to detect.
Security Implications
- Plaintext protocols expose credentials directly.
- Session tokens can be reused to impersonate users.
- Internal network traffic is not inherently trusted.
Prevention
- Use encrypted protocols (HTTPS, SSH, TLS)
- Disable legacy plaintext services
- Apply switch security (ARP inspection, port security)
- Use VPNs on untrusted networks
Spoofing Attack
Spoofing attacks involve impersonating a trusted system or user by falsifying identity information
at various network protocol layers.
Types
- IP spoofing
- ARP spoofing
- DNS spoofing
- Email spoofing
Defense
- Ingress/egress filtering
- ARP inspection and static mappings
- DNSSEC and secure resolvers
- Strong authentication over IP-based trust
Session Hijacking
Session hijacking occurs when an attacker takes control of an authenticated session
by stealing or predicting session identifiers.
Common Methods
- Sniffing unencrypted session cookies
- XSS-based token theft
- Session fixation
Mitigation
- HTTPS enforcement
- Secure cookie attributes (HttpOnly, Secure)
- Session regeneration after login
- Timeouts and logout invalidation
Wireless Security
Wireless networks transmit data over radio signals, making them inherently more exposed
than wired networks and easier to intercept.
Threats
- Eavesdropping
- Rogue access points
- Evil twin attacks
- Weak encryption exploitation
Best Practices
- Use WPA2/WPA3 encryption
- Separate guest and internal networks
- Disable open Wi-Fi
- Monitor for rogue APs