Describe these network attacks: Denial of Service, Distributed Denial of Service, Man-in-the-MiddleImplementing Cisco Cybersecurity Operations (210-255)
Denial of Service
A Denial of Service (DoS) attack has the goal of preventing normal operations of an asset. This can be accomplished by either rendering an asset unavailable due to a crash or reboot, or by overwhelming the asset so that it cannot respond to valid requests. An example of a Denial of Service attack would be an attacker using an exploit to cause the Apache software on a webserver to crash leaving the website unavailable.
A Distributed Denial of Service (DDoS) attack is generally associated with attacks that use overwhelming amounts of requests to render services unavailable. Often they are conducted using networks of zombie hosts that were infected previously by the attacker. These zombie hosts form a botnet that responds to the command and control of the attackers.
Man-in-the-Middle (MitM) attacks use various exploits to intercept network traffic between a client and a server. One such attack involves using a PC located on the same network as the targets to send invalid ARP responses. The attacker can poison the ARP cache of the clients making them think that the attacker’s PC is the default gateway or the server. This forces all of the packets to the attacker’s PC where they can collect them or alter them. Usually the attacker then modifies the packet and sends them along to the original recipient with the attacker listed as the source. This allows the attacker to see the entire conversation while the victim is unaware of the snooping.