Network Attacks - 2.4

Denial of Service (DoS)

An attack aimed at overwhelming a service to cause it to fail and become unavailable.
Typically malicious, but it can also occur accidentally in a non-malicious way, such as when a legitimate service experiences a surge in traffic.
Does not need to be complicated; it can be generally defined as any event causing a service to become unavailable due to resource exhaustion.

An asymmetric attack that uses a large amount of distributed resources (often compromised devices) from across the globe to target systems, overwhelming them with traffic and rendering their services unavailable.
Amplification/Reflection: An attack method where a small input results in a disproportionately large output, e.g., sending a small query to a misconfigured system that generates a large response, amplifying the attack's impact.

Attacks aimed at redirecting traffic to a malicious site or stealing information by tampering with the Domain Name System (DNS).
Modifying DNS records to point to a malicious IP address, effectively redirecting users to fake websites.
Modifying client host files to point to a malicious IP address, which can trick a computer into connecting to a malicious site instead of the intended one.
DNS Cache Poisoning: This attack involves inserting false DNS entries into a DNS server's cache, causing users to be redirected to malicious sites.
Domain hijacking: Gaining unauthorized access to a domain's management account, allowing the attacker to alter DNS settings or transfer ownership.
URL hijacking: Also known as typosquatting, where attackers register domain names similar to popular sites, exploiting users's typing errors to redirect them to malicious sites.

DoS-based attacks aim to disrupt Wi-Fi networks by interfering with access point management frames, causing network disruption.
- 802.11 - An older Wi-Fi standard that, depending on the specific version (e.g., 802.11a, 802.11b, etc.), may have weaker security measures compared to modern standards.
- 802.11ac - A more recent Wi-Fi standard that includes stronger encryption and security features, offering better protection against attacks.
The term "In the Clear" refers to data transmitted over a network without encryption, making it vulnerable to interception and eavesdropping.

DoS attacks aimed at denying communication over a large area by jamming the radio frequency spectrum with interference, often referred to as "noise." This can disrupt wireless communication by preventing devices from successfully transmitting or receiving signals.

A malicious actor intercepts communication between two parties on the internet, monitoring or altering the data exchanged between them. This attack was previously known as a man-in-the-middle (MITM) attack.
The attacker can steal or manipulate data between parties or collect it for future attacks, such as credential replay.
Typically, this type of attack is difficult to detect because it often goes unnoticed by the victim(s).

The act of taking captured credentials (e.g., from an on-path attack) and reusing them to gain unauthorized access to systems, effectively impersonating the legitimate user.
Examples:
- Pass the Hash: An attack where the attacker captures the hash of a password and uses it to authenticate without needing the actual password.
- Session (ID) Hijacking: An attack where the attacker steals a valid session ID and uses it to gain unauthorized access to a system or application.