4.2 Summarize various types of attacks and their impact
Network Attacks
📘CompTIA Network+ (N10-009)
1. Definition
An On-path attack, also called a Man-in-the-Middle (MITM) attack, happens when a cyber attacker secretly intercepts or alters communication between two devices on a network.
- The devices think they are talking directly to each other.
- In reality, the attacker is listening, stealing, or changing the data in between.
Key point: The attacker is “on the path” of communication, hence the name.
2. How It Works (IT Environment)
Think of two computers on a corporate network or a cloud environment:
- Normal communication:
- Computer A sends a request to a server (like logging into Azure portal).
- Server responds back to Computer A.
- With an On-path attack:
- Attacker places themselves between Computer A and the server.
- All traffic from A passes through the attacker before reaching the server.
- The attacker can read, modify, or capture credentials and sensitive data.
3. Types of On-Path Attacks
Here are the common types in IT networks:
a) ARP Spoofing (or ARP Poisoning)
- Works on local networks (LAN).
- Attacker sends fake ARP messages to associate their MAC address with the IP address of another device (like a server or router).
- Result: All traffic meant for that device is sent to the attacker first.
b) DNS Spoofing / DNS Hijacking
- Attacker intercepts or modifies DNS requests.
- When a user tries to access
portal.azure.com, the attacker sends back the IP of a malicious server instead of the real server. - This lets the attacker capture credentials or inject malicious content.
c) HTTPS Spoofing / SSL Stripping
- Attacker downgrades HTTPS traffic to HTTP so that it is not encrypted.
- This allows them to read sensitive information like usernames and passwords.
d) IP Spoofing
- Attacker sends packets pretending to be a trusted device.
- This can let the attacker intercept responses meant for another device.
4. Indicators of an On-Path Attack
In a network, these signs can indicate an on-path attack:
- Users experience slow network performance unexpectedly.
- Certificate warnings appear in browsers when visiting secure sites (HTTPS).
- Unusual ARP table entries in the local network (for ARP attacks).
- Unexpected redirects to malicious sites.
5. How to Prevent On-Path Attacks
Preventing these attacks in IT networks requires multiple layers:
Network Layer
- Use switches instead of hubs, because switches send traffic only to intended devices.
- Enable port security to limit which devices can connect.
Encryption
- Use HTTPS, TLS, and VPNs to encrypt all network traffic.
- This prevents attackers from reading or modifying data, even if intercepted.
Authentication and Validation
- Implement DNSSEC to protect DNS from spoofing.
- Use multi-factor authentication (MFA) to secure accounts even if passwords are intercepted.
Monitoring
- Monitor ARP tables for suspicious entries.
- Use intrusion detection systems (IDS) to spot abnormal traffic patterns.
6. Exam Tips
For the AZ-104 exam, remember these key points:
- Definition: On-path = attacker intercepts traffic between two devices.
- Impact: Can steal credentials, modify data, redirect users.
- Common types: ARP spoofing, DNS spoofing, HTTPS/SSL stripping, IP spoofing.
- Prevention: Encryption (HTTPS, TLS), secure network configuration, MFA, monitoring.
7. Quick Summary Table
| Feature | On-Path Attack (MITM) |
|---|---|
| What it is | Attacker intercepts communication between two devices |
| Goal | Eavesdrop, steal credentials, alter data |
| Common types | ARP spoofing, DNS spoofing, SSL stripping, IP spoofing |
| Indicators | Slow network, certificate warnings, abnormal ARP entries |
| Prevention | HTTPS/TLS, VPNs, MFA, DNSSEC, IDS, port security |
✅ Tip for remembering for the exam:
Think “on the path” = attacker is in the middle of communication, just like a “silent listener” who can also tamper with messages.
