Main Types of Network Attacks You Should Know

While you are reading this article, there is a real war going on across the internet. Hundreds of thousands of bots scan the network for vulnerable systems, access weak passwords, open databases, and send tons of spam with malicious attachments. In addition, millions of infected devices in huge botnets are ready to send terabytes of traffic to put some resources out of action.

Today, we’ll try to equip you with knowledge about different types of network attacks and how to protect yourself and your data on the internet.

Let’s go!

Don’t forget that you can always stay safe if you use the decentralized anonymous Utopia P2P ecosystem. Read more here.

What are internet and network attacks?

A network attack or internet attack is a specific action to gain control of any local or remote computing system or computer. The attack may also involve:

  • Increasing the rights of an account in a particular network.
  • Destabilizing the network.
  • Obtaining personal data of people who are users of the World Wide Web.

Network attacks are as diverse as the systems they target. Some attacks are very complex, while others can be done by ordinary operators who do not even realize what consequences their activities may lead to. To evaluate the types of attacks, you need to know some limitations inherent in the TPC/IP protocol.

What is a network attack

The internet was created for communication between government agencies and universities to assist the educational process and scientific research. Unfortunately, the creators of this network had no idea how widespread it would become. As a result, the early Internet Protocol (IP) specifications lacked security requirements. This is why many IP implementations are inherently vulnerable.

After many years and many complaints, people finally began to implement security tools for IP. However, because IP security was not initially developed, all its implementations were supplemented with a wide variety of network procedures, services, and products that reduce the risks inherent in this protocol.

Read more about hacker attacks here.

What are the types of network attacks?

At the moment, there are several criteria by which we can classify network attacks:

  • By the nature of the impact on the network

By the type of impact on the network, you can distinguish between active and passive attacks. The passive type does not directly affect the system’s operation, but it can violate its security. This type is difficult to detect because it does not have a substantial effect on the network.

Active attacks involve a direct effect on the network, including limiting its performance or changing settings. Its main difference from the first type is that it assumes it will be detected and leaves traces behind.

  • By goal

The purpose may be to disrupt the functioning, integrity, or confidentiality of the network. The primary purpose of any attack is to gain access to classified information and intercepting or distorting it. The first option involves getting access to data without the possibility of changing it, whereas the second includes the possibility of altering data for malicious purposes.

  • By the presence of feedback with the attacked object

The criterion is about the presence of feedback or its absence when the attack is unidirectional. The attacking subject can exchange data with the attacked object, and feedback occurs between them, allowing the subject to have up-to-date information about the object’s state. Attacks without feedback are carried out when there is no need for the attack to react to changes in the object’s state.

  • According to the condition of the beginning of the impact

The conditions that trigger the effect can be different. Among the main ones: 

  • On request from the object.
  • On the occurrence of a certain action.
  • On the object’s side.
  • Attack without a condition. 

Accordingly, an unconditional attack is made at any time. On demand access involves waiting for a certain type of request from the attacked object.

  • By the location of the subject of the attack relative to the attacked object

This criterion refers to an “intersegment” and “intrasegment” arrangement. The first type means that the object and the subject are located in different network segments, and the second means they are in the same part. A segment is usually understood as physically connected hosts (computers).

Types of network attacks

Next, we will briefly look at how hackers carry out certain types of attacks usually used against IP networks and list ways to deal with them.

How do hackers attack networks?

Packet Sniffer

Currently, sniffers work in networks on a completely legal basis. They are used for troubleshooting and traffic analysis. However, because some network applications transmit data in text format (Telnet, FTP, SMTP, POP3, etc.), you can use the sniffer to find useful and sometimes confidential information (for example, usernames and passwords).

The way to reduce the threat:

  • Authentication. Strong authentication tools are the most important way to protect against packet sniffing. An example of such authentication is One-Time Passwords (OTP).
  • Dial-up infrastructure. Another way to deal with packet sniffing in your network environment is to create a dial-up infrastructure. If, for example, the entire organization uses switched Internet, hackers can only access the traffic coming to the port to which they are connected. The switched infrastructure does not eliminate the threat of sniffing, but it significantly reduces its severity.
  • Antisniffers. The third way to deal with sniffing is to install hardware or software that recognizes sniffers running on your network. These tools cannot eliminate the threat, but they are included in the overall protection system like many other network security tools.
  • Cryptography. This is the most effective way to deal with packet sniffing. Although it does not prevent interception and does not recognize sniffers’ work, it makes this work useless. If the communication channel is cryptographically secure, then the hacker intercepts the encrypted text (that is, an incomprehensible sequence of bits).

IP Spoofing

IP spoofing occurs when a hacker, inside or outside a corporation, impersonates an authorized user. This can be done in two ways: a hacker can use either an IP address within the range of authorized IP addresses or an authorized external address that is allowed access to certain network resources.

IP spoofing attacks are often the starting point for other attacks. A classic example is a DoS attack that starts with someone else’s address, hiding the hacker’s true identity.

The way to reduce the threat:

  • Access control. The easiest way to prevent IP spoofing is to configure access control properly. To reduce the effectiveness of IP spoofing, configure access control to cut off any traffic coming from an external network with a source address that should be located inside your network.
  • RFC 2827 filtering. You can stop attempts to spoof other people’s networks by users of your network (and become a good network citizen). To do this, you must reject any outgoing traffic whose source address is not one of your organization’s IP addresses.


DoS attacks are different from other types of attacks. They are not intended to gain access to your network nor to obtain any information from it. Still, a DOS attack does make your network inaccessible for normal use by exceeding the permissible limits of the network, operating system, or application.

You can read more about DDoS attacks here.

Password Attacks

Hackers can conduct password attacks using various methods, such as brute force attacks, Trojan horse, IP spoofing, and packet sniffing. Although the username and password can often be obtained by IP spoofing and packet sniffing, hackers usually try to guess the password and login through multiple access attempts. This approach is called a simple brute force attack.

Hackers attack networks

Often, such an attack uses a special program that tries to access a public resource (for example, a server). If, as a result, the hacker is granted access to resources, then he receives it as a normal user whose password was recognized.

The way to reduce the threat:

Password attacks can be avoided if you do not use passwords in text form. One-time passwords and/or cryptographic authentication can virtually negate the threat of such attacks. Unfortunately, not all applications, hosts, and devices support the above authentication methods.

Learn how to choose the right passwords here.

Man-in-the-Middle Attacks

For a Man-in-the-Middle attack, a hacker needs access to packets transmitted over the network. Such access to all packets transmitted from a provider to any other network can, for example, be obtained by an employee of this provider. Packet sniffers, transport protocols, and routing protocols are often used for this type of attack.

Attacks are carried out to steal information, intercept the current session, gain access to private network resources, analyze traffic, obtain information about the network and its users, carry out DoS-type attacks, distort the transmitted data, and enter unauthorized information into network sessions.

The way to reduce the threat:

The only way to effectively deal with Man-in-the-Middle attacks is to use cryptography. If a hacker intercepts the data of an encrypted session, he will not see an intercepted message on the screen but a meaningless set of characters.

Application-Level Attacks

Application-level attacks can be carried out in several ways. The most common of them is the use of well-known weaknesses of server software (sendmail, HTTP, FTP). Using these weaknesses, hackers can gain access to the computer on behalf of the user working with the application (usually this is not a simple user, but a privileged administrator with system access rights).

The main problem with application-level attacks is that hackers often use ports allowed to pass through the firewall. For example, a hacker exploiting a known weakness of a web server often uses TCP port 80 during an attack. Since the web server provides web pages to users, the firewall must provide access to this port. From the firewall point of view, the attack is treated as standard traffic for port 80.

The way to reduce the threat:

It is impossible to exclude attacks at the application level completely. Hackers are constantly discovering and publishing new vulnerabilities of application programs on the internet. The most important thing here is good system administration.

Network Intelligence

Network intelligence is the collection of information about a network using publicly available data and applications. When preparing an attack against a network, a hacker usually tries to get as much information about it as possible. Network intelligence is conducted in the form of DNS queries, echo testing, and port scanning.

DNS queries help you understand who owns a particular domain and what addresses are assigned to that domain. Echo testing of DNS-exposed addresses allows you to see which hosts actually work in a given environment. After obtaining a list of hosts, the hacker uses port scanning tools to compile a complete list of services supported by these hosts. Finally, the hacker analyzes the characteristics of the applications running on the hosts. As a result, it extracts information that can be used for hacking.

The way to reduce the threat:

It is impossible to get rid of network intelligence completely. If, for example, you disable ICMP echo and echo response on peripheral routers, you will get rid of echo testing. However, you will also lose the data needed to diagnose network failures. You can reduce this threat through the following steps:

  • Use the latest versions of operating systems and applications and the latest correction modules (patches).
  • Use attack recognition systems (IDS) — there are two complementary ID technologies:
  • The IDS network system (NIDS) tracks all packets passing through a specific domain. When the NIDS system sees a packet or series of packets matching the signature of a known or probable attack, it generates an alarm and/or terminates the session.
  • The IDS system (HIDS) protects the host with software agents. This system only fights attacks against a single host.

Confidence Abuse

Strictly speaking, this type of action is not an attack or assault. It is a malicious use of the trust relationships that exist in the network. A classic example of such abuse is the situation in the peripheral part of the corporate network.

This segment often hosts DNS, SMTP, and HTTP servers. Since they all belong to the same segment, hacking any of them leads to hacking all the others, since these servers trust other systems on their network.

Network attacks protection methods

The way to reduce the threat:

The risk of trust abuse can be reduced by more tightly controlling the levels of trust within your network. Systems located on the outside of the firewall should under no circumstances enjoy the absolute trust of the systems protected by the firewall.

Port Forwarding

Port forwarding is a form of abuse of trust, where a compromised host is used to send traffic through the firewall that would otherwise be necessarily rejected. For example, imagine a firewall with three interfaces, each of which is connected to a specific host.

The external host can connect to the shared access host (DMZ), but not to the one installed on the inside of the firewall. A shared host can connect to both an internal and an external host. If a hacker hijacks a shared host, they can install software on it that redirects traffic from the external host directly to the internal host.

The way to reduce the threat:

The main way to deal with port forwarding is to use strong trust models (see the previous section). In addition, the host system IDS (HIDS) can prevent a hacker from installing their software on the host.

Unauthorized Access

Unauthorized access cannot really be considered a separate type of attack since most network attacks are carried out precisely for the sake of obtaining unauthorized access. For example, to pick up a Telnet login, a hacker must first get a Telnet prompt on their system. After connecting to the Telnet port, the message “authorization required to use this resource” appears on the screen.

If the hacker continues to attempt access, they will be considered unauthorized. The source of such attacks can be both inside the network and outside.

The way to reduce the threat:

The ways to deal with unauthorized access are quite simple. The main thing here is to reduce or completely eliminate the hacker’s ability to gain access to the system using an unauthorized protocol.

Viruses and  “Trojan Horses”

We’ve already provided a comprehensive discussion of the topic of various viruses and worms. You can find it here.

Protection methods against network attacks

Methods involve certain actions aimed at protecting the integrity and confidentiality of data:

  • Implement data encryption and the use of secure ports. If these are not present, the vulnerability of the network increases.
  • Use the anonymous Utopia P2P ecosystem, where no hacker can attack you or gain access to sensitive data.
  • Use antivirus programs and scanners.
  • Install blockers, sniffers and rootkits.
  • Use a firewall.


Leave a Reply

Leave a comment

Your email address will not be published.