4.2 Summarize various types of attacks and their impact
Network Attacks
📘CompTIA Network+ (N10-009)
Definition:
- DoS (Denial of Service):
A DoS attack happens when an attacker intentionally overloads a server, network, or application with so much traffic that legitimate users cannot access the service. - DDoS (Distributed Denial of Service):
A DDoS attack is a DoS attack that comes from multiple computers at the same time. These computers are often part of a network of compromised machines called a botnet. Because the attack comes from many sources, it is harder to stop than a single-source DoS attack.
How DoS / DDoS Attacks Work
- Target: The attacker chooses a network, server, or application to attack.
- Flooding: The attacker sends massive amounts of fake traffic or requests to the target.
- Examples: HTTP requests, TCP connections, ICMP (ping) requests.
- Resource Exhaustion: The target’s CPU, memory, or network bandwidth becomes overloaded.
- Service Disruption: Legitimate users cannot connect or use the service until the attack ends.
Types of DoS / DDoS Attacks
- Volume-Based Attacks:
- These attacks flood the network with huge amounts of data.
- Measured in bits per second (bps).
- Examples:
- UDP floods
- ICMP floods (Ping flood)
- Protocol Attacks:
- Exploit weaknesses in network protocols to consume server resources.
- Measured in packets per second (pps).
- Examples:
- SYN flood (exploits TCP handshake)
- Ping of Death (sending oversized packets)
- Application Layer Attacks:
- Target web servers, applications, or databases directly.
- Goal: Make the application unable to respond to users.
- Measured in requests per second (rps).
- Examples:
- HTTP floods
- Slowloris (slowly sending partial HTTP requests)
Impact of DoS / DDoS Attacks
- Service Outage: Users cannot access the application, website, or network services.
- Revenue Loss: For businesses with online services, downtime can cause financial loss.
- Reputation Damage: Users may lose trust if services are often unavailable.
- Resource Drain: Network and server resources are overused, possibly damaging hardware.
- Security Risks: Attackers may use DoS/DDoS as a smokescreen to hide other attacks like data theft or malware installation.
Common Prevention and Mitigation
- Firewalls and ACLs: Block suspicious traffic.
- Rate Limiting: Limit the number of requests a user or IP can make.
- DDoS Protection Services: Use cloud-based solutions like Azure DDoS Protection, AWS Shield, or other mitigation services.
- Traffic Analysis: Monitor traffic patterns to detect abnormal spikes early.
- Redundancy and Load Balancing: Spread the load across multiple servers or data centers.
Exam Tips for CompTIA Network+
- Know the difference between DoS (single source) and DDoS (multiple sources).
- Remember the three types of DDoS attacks: Volume-based, Protocol, and Application Layer.
- Understand the impact: service disruption, financial loss, reputation damage.
- Be familiar with basic mitigation techniques: firewalls, rate limiting, DDoS protection services.
✅ Key Takeaways (Easy Version for Non-IT Learners)
Defense = special protections, monitoring, and spreading the load.
DoS = one computer overloads a server.
DDoS = many computers overload a server at once.
Goal = make the service unavailable for real users.
Impact = downtime, lost money, and frustrated users.
