our next type of attacks that we're gonna take a look at are going to be non wireless attacks. These are actual attacks against our network. Now. Our first type of attack is going to be a denial of service attack. Now, a denial of service attack is an intentional attack against the service's or the Net. Our network functionality,
shut down our network or shut down the service, is that we're providing to someone. For example, if we're hosting a Web server, a denial of service attack may be just an endless flood of data to that Web server in an endless request of responses and so many so many requests such that
our red server can't service anybody else.
So now our Web server isn't able to do its job. It's not ableto provide a service. Thus, a denial of service attack. This can be done against Web servers. It can be done against phone service providers, Internet service providers. A lot of different service is pretty much anything that is out there
on as a network device or as a network in general,
we can issue a denial of service attack against a denial of service attack could be something as simple as walking up to a building and cutting the Internet. The cable that comes into the building for the Internet service provider that's a denial of service were intentionally disrupting Internet service
to a building by just cutting the Internet cables. That's a denial of service attack.
when we're talking about denial of service attack traffic on our network, what we may want to do if it's just a singular denial of service attack is attempt to block the host, generating the traffic. If we're able to narrow down where the traffic is coming from, we may want to block that host. If there's a particular I P address that the traffic's coming from,
if there is a particular source or particular Mac address that the traffic is coming from,
maybe intentionally, maybe unintentionally we want to block that, take it off the network or prevent that device are filter that device from even sending traffic into our network. Maybe through the use of a firewall. If it's a public device that's trying to send that network data to our Web server, we may want to just set up a firewall rule
that just drops all traffic from that device.
So it's very important to be able to identify our network traffic and see where. What's generating that denial With service Network traffic
our next step up from denial of service is are distributed denial of service and a distributed denial of service. Attack is much harder to you to deal with than just a standard denial of service attack. Because a distributed denial of service attack a d d o s a. D dos attack
is going to be multiple hosts attempting to perform denial of service attacks.
This could be anything from multiple hosts that are all intentionally provided a performing denial of service attacks on us. Or it could be hosts that were infected with malware. Aah! Lot of Mao authors were right. Malware that just goes out to different computers, infects them and then sits very quietly.
And there's nothing on those computers
until that that author decides they have what's called a botnet, and that author decides, okay, I want to perform a distributed denial of service attack against cyber ery or against this company. Please don't distribute denial of service, attack us.
They decide they want to perform a distributed denial of service attack against
ah particular company or a particular website. So
now they tell all of their butt bots to come alive. They issue commands all of their bots. And then these dozens, hundreds, thousands, even of devices around the world even begin sending traffic and begin trying to disrupt and nice service for a particular in point.
Now, this is a lot harder to deal with because our
blocking hosts strategy isn't gonna work. We can't just go out and we can't. We can't block this traffic for thousands and thousands of hosts
because that they meant those hosts may not even be intentionally doing this. They may be doing that because they are infected with malware
or they may be sending us traffic that looks completely legitimate. There may just be thousands of hosts now, just sending repeated requests, repeated get requests for Web page and all. We just can't handle all of these thousands of computers because they can send
thousands of requests each. So we have these millions and millions of requests that are coming in that we just can't handle
and we don't want to say block all of these I p addresses. They're sending us get requests because those there could be there could be legitimate traffic coming in. And now we're blocking legitimate customers that are trying to get to our Web page. Or so our best bet here for a distributed denial of service attack.
It's to do something, something like identifying the traffic traffic traffic signature.
We want to try to track down exactly what that traffic packet that is coming to us looks like. But again, if it's something legitimate, like a website, get request. We can't filter that out. We can't say, Oh, I'm not going to accept any traffic to my Web server.
Well, been now it's best you pretty much just denial of service yourself. You're just falling right into what the what? The author of the tack The attack wants to happen. They want to shut down your website. So if you stop offering Web service is then yes, you're not you're not having that attack being effective against you anymore because you've essentially just
you essentially called it quits. You've said we're just gonna shut down our web server now
because we can't service anybody so
distributed denial of service attacks are a lot harder to fill throughout, but you could. You can try to mitigate them with some devices. Some load balancers and some proxy servers may be able to help with filtering out some distributed denial of service attacks, so there may be additional devices that can help to identify
may help to identify if they have the same same destination hosts over and over and over, requesting traffic after so many requests, they may say, OK, you are your traffic. This hosts Traffic is going to be blocked for the next three hours
because we're just experiencing an influx of this attack.
So, um, this host you've requested over the past hour you've requested 50 times to get this Web page on average over the past hour, an average host at the most. The top 90% of our users on Lee request only Do website Web page get requests
15 times in an hour. So you're almost doing that almost doing five times as many requests is them. So you're gonna be blocked for the next three hours because there's something fishy going on here, so it's rules like that. It's traffic signatures like that that we may need to implement, but again, if we don't have a dedicated team that is experienced with
stopping those distributed denial of service attacks. If we don't have a team that is used to writing rules to filter out and narrow down that traffic, these could be very heart attacks to mitigate and very heart attacks to handle.
Next. We have man in the middle attacks.
Main in the middle attacks are attacks where we essentially have someone who is we're trying to send were essentially trying to send data from Point A to point B.
But there's a point. See who's sitting in the middle
intercepting our data
and then passing along to point B. So it's point A to point C to Point B, and then when the traffic is sent back, it's going from point B to point C to point A rather than directly to us. Now. These are dangerous because it allows the attacker to listen to our traffic. It allows our allows the attacker to capture our traffic,
maybe even capture certain credentials that we're trying to pass,
because if we're passing information directly, what we think is directly to point B. This may be sensitive information this maybe credentials information. But if where it's going through point C first, then it may be compromised. So
that point c maybe doing things like passing false certificates. So even though we're running over https, they may actually be using a false certificate. They maybe falsifying a certificate and capturing our data that we're putting into an https Web page.
So we need to be careful who out there is on a network
man in the middle. Attacks can occur through things such as someone who goes out and they impersonate the router. They're performing an AARP attack where they're going out and our computers asking, Okay, I'm looking for the router. Who's the router? And then a computer on the network says, Oh, I am.
And when they're really they're not, they're performing a man in the middle attack,
and now our computer begins sending that computer traffic, and then that computer goes through all of our traffic looks at everything, captures it, and then Pat keeps a copy and then passes it along to the router. So it's sitting there, and it may be able to do it just as fast as if we were directly connecting to the router.
But now that that man in the middle computer is able to read this,
read that traffic is able to see our information and is able to look at all of the information and all the all of the credentials that we're passing
now, man in the middle attacks may not just be occurring on our network. They could be occurring on online as well. We haven't We may have malware that infects our computer and then changes our proxy settings so that we connect. Remember, a proxy server is the first connection that we connect to, and we send our data through that server to the Internet.
So malware that changes our proxy settings
is changing where we send our Internet connections to when we connect out to the Internet. We don't connect directly to facebook dot com. We don't cornett connect directly to cyber dot i t. We first connect to a proxy server in
lengthy Lithuania or organ or
Europe or whatever, or England or wherever, wherever this proxy server is. Wherever the malware author told us to send the data first, it connects to that proxy server and then connects to where we want to go. And so its able to see all of our traffic is able to read all of our data and see what we're doing. So we need to be very careful of man. The middle attacks
in ways that we can be careful of these
is we can implement devices on our network works. We can implement firewalls or routers that can do things such as checking for I p spoofing devices that can check for I p spoofing help mitigate man in the middle attacks by keeping a record of the known address of the known Mac addresses of devices
and then checking and listening for anybody
who is not that Mac address passing off information and pretending that they are a different i p address so we can help drop those packets. It can help take those packets that are trying to be passed around and caught and block them to prevent to prevent these men in the middle attacks from occurring on our network.
So that's these. This man in the middle attack prevention
can be done in the form of dropping I p spoofing packets because Essentially, this device is trying to spoof its I p address and pretend it's an I P address that it's not.
We also want to check to make sure that on our local computers that we don't have any odd proxy settings that are set in our in our Internet net options because those proxy settings, if we didn't set them and they aren't intention, intentional proxy settings, maybe connecting us to somewhere else. First,
we want to check and make sure that we aren't getting certificate warnings
when we're trying to connect two pages over https. The certificate warnings could be telling us that this is not a valid certificate for this Web page, so it could mean that someone is performing a man in the middle attack, and we also want to act. Even if the certificate warning does not pop up every once in a while, we may want to click and see
who is issuing the certificate for the Web site that we're on.
And if the certificate looks a little fishy, certificate doesn't look quite right or looked expired, then there may be an issue going on there, and it may be someone falsifying certificates and actually sitting in the middle and listening to our https traffic, listening to our secure traffic. So be careful of these and watch out for that. And
when Alison when Alice is talking to Bob, we always gotta watch out
for Charlie or Carol trying to listen in and see what's going on.