Network Vulnerabilities and Attacks
| English | Chinese | Pinyin |
|---|---|---|
| ARP poisoning | 地址解析投毒 | dì zhǐ jiě xī tóu dú |
| on-path attack | 中间人攻击 | zhōng jiān rén gōng jī |
| MAC flooding | 物理地址泛洪 | wù lǐ dì zhǐ fàn hóng |
| switch | 交换机 | jiāo huàn jī |
| eavesdropping | 窃听 | qiè tīng |
| DNS poisoning | 域名投毒 | yù míng tóu dú |
| denial of service | 拒绝服务 | jù jué fú wù |
| distributed denial of service | 分布式拒绝服务 | fēn bù shì jù jué fú wù |
| rogue access point | 非法接入点 | fēi fǎ jiē rù diǎn |
On-path and flooding attacks
- ARP poisoning 地址解析投毒: fake ARP messages send traffic to the adversary — an on-path attack 中间人攻击.
- MAC flooding 物理地址泛洪: overloading a switch 交换机 so it broadcasts all traffic (eavesdropping 窃听).
- The adversary reads or alters messages between two parties.
Redirection and denial
- DNS poisoning 域名投毒: a fake record redirects users to a malicious site.
- Smurf attack: an ICMP flood — a denial of service (DoS) 拒绝服务.
- Many machines at once = a distributed denial of service (DDoS) 分布式拒绝服务.
Identify the network attack
Each attack has a distinct trace: ARP=two MACs for one IP; MAC flooding=switch overload; DNS=redirect; smurf=ICMP flood.
An adversary secretly sitting between two parties, reading their traffic, performs a(n)...
This is an on-path / man-in-the-middle attack.
One IP address shown with two different MAC addresses in a log suggests...
Duplicate MAC for one IP = ARP poisoning.
An unauthorised access point plugged into an open port is a ____ access point.
A rogue access point bypasses the firewall.
Which attacks let an adversary eavesdrop on traffic? (Choose all)
A UPS failure is not an eavesdropping attack.
How networks get exploited
- An open port lets an attacker install a rogue access point 非法接入点.
- A rogue AP bypasses the firewall entirely.
- We rate risk by impact and the skill an exploit needs.
In an on-path (man-in-the-middle) attack, both parties think they are talking directly to each other. They are actually each talking to the adversary, who quietly reads or changes every message.
When many machines flood a target at once, it is a distributed denial of service (DDoS).
Many attackers at once = DDoS.
In ARP poisoning, the adversary tells the network "the target's IP belongs to MY hardware address." Traffic meant for the target now flows through the adversary first. The tell-tale sign in a log: one IP shown with two different MAC addresses.
Key network attacks: ARP poisoning and MAC flooding (eavesdrop via an on-path position), DNS poisoning (redirect), and smurf/DoS/DDoS (flood). Weak or open ports let an adversary add a rogue access point that bypasses the firewall.