Week 10: Network Attacks and Vulnerabilities

1. Denial of Service (DoS) Attacks

A Denial of Service (DoS) attack is a malicious attempt to disrupt the normal traffic of a
targeted server, service, or network by overwhelming the target with a flood of traffic or by
sending malicious data to cause the target system to crash or become unresponsive. DoS attacks
can significantly impact the availability and reliability of systems, causing downtime, loss of
revenue, and damage to reputation.

1.1 Types of Denial of Service (DoS) Attacks

1. Flood Attacks: These attacks aim to overwhelm a target system by sending excessive
amounts of traffic or requests, causing the system to become slow or unresponsive.
o ICMP Flood (Ping Flood): This involves sending a large number of ICMP
Echo Request (ping) packets to a target system, which can exhaust system
resources and lead to service unavailability.
o SYN Flood: A SYN flood attack exploits the TCP three-way handshake
process. By sending a flood of SYN packets (the first step in establishing a TCP
connection) with spoofed source addresses, the attacker keeps the target
system's connection table full and prevents legitimate users from establishing
connections.
o UDP Flood: The attacker sends a large number of UDP packets to random ports
on the target system. When the system receives these packets, it responds with
ICMP "Destination Unreachable" messages, consuming system resources.
2. Resource Exhaustion Attacks: These attacks aim to deplete the resources of the
targeted system, such as CPU, memory, or bandwidth.
o Memory Exhaustion: Attackers can exploit vulnerabilities in a program to
cause excessive memory consumption, eventually leading to a system crash or
slowdowns.
o CPU Exhaustion: Attackers can exploit infinite loops or resource-heavy
processes to saturate the CPU and prevent other tasks from executing.
3. Application Layer Attacks: These attacks target specific applications, services, or
protocols running on a system, rather than focusing on the network or transport layers.
 o HTTP Flood: The attacker sends seemingly legitimate HTTP requests to the
target web server, overwhelming it and preventing it from responding to real
user requests.
o Slowloris Attack: In this attack, the attacker keeps many connections open to
the target server and sends incomplete HTTP requests, consuming server
resources and rendering it unable to process legitimate connections.

1.2 Distributed Denial of Service (DDoS) Attacks

A Distributed Denial of Service (DDoS) attack is a variant of the DoS attack where the attack
traffic originates from multiple compromised systems, typically part of a botnet (a network of
infected devices). By distributing the attack across many systems, a DDoS attack can be much
more powerful and difficult to mitigate than a simple DoS attack.

• Botnets: These networks of compromised devices are often used to launch DDoS
attacks. The botnet may consist of IoT devices, computers, and servers that have been
infected with malware and can be remotely controlled by the attacker.
• Types of DDoS Attacks:
o Volumetric Attacks: These attacks overwhelm the network's bandwidth by
sending a massive volume of traffic.
o State-Exhaustion Attacks: These attacks exploit a specific state of a system,
such as TCP connection tables or other stateful resources, in order to exhaust
the available memory and processing power.
o Application-Layer Attacks: These attacks target the application layer,
attempting to exploit vulnerabilities in the targeted application to slow down or
crash the system.

1.3 Mitigation Techniques for DoS and DDoS Attacks

1. Firewalls and Intrusion Prevention Systems (IPS): Configuring firewalls and IPS
systems to block malicious traffic or known attack signatures can help mitigate DoS
and DDoS attacks.
2. Traffic Filtering: Implement rate-limiting, CAPTCHAs, or Web Application Firewalls
(WAF) to filter out illegitimate traffic.
 3. Redundancy and Load Balancing: Use multiple servers or services to distribute the
traffic load, helping to reduce the impact of a DoS attack on a single system.
4. Cloud-based DDoS Protection: Use cloud services that specialize in mitigating DDoS
attacks, such as Cloudflare or AWS Shield, which can absorb large volumes of traffic
and protect your network from attacks.
5. Content Delivery Networks (CDN): CDNs distribute content across multiple servers,
making it harder for an attacker to overload any one server with traffic.

2. SQL Injection Attacks

SQL Injection (SQLi) is one of the most common web application vulnerabilities. It occurs
when an attacker inserts or manipulates malicious SQL queries into input fields of a web
application, typically to interact with a database. If the application does not properly validate
or sanitize user input, these malicious queries are executed directly against the database, often
resulting in unauthorized access, data theft, or deletion.

2.1 How SQL Injection Works

• User Input Fields: SQL injection typically occurs in user input fields, such as login
forms, search bars, or contact forms. For instance, if a login form simply uses user input
to form an SQL query like:
• SELECT * FROM users WHERE username = 'input' AND password = 'input';

An attacker could input the following into the username or password fields:

' OR 1=1 --

The resulting SQL query would become:

SELECT * FROM users WHERE username = '' OR 1=1 -- AND password = '';

This query would always return a valid user, allowing the attacker to bypass
authentication and gain unauthorized access.

2.2 Types of SQL Injection

 1. Error-based SQL Injection: In this type of attack, the attacker causes the database to
produce an error message that reveals valuable information, such as the structure of the
database or the existence of specific tables or columns.
2. Union-based SQL Injection: This type allows the attacker to combine the results of
multiple SELECT queries into one result set, potentially allowing the attacker to
retrieve data from other tables in the database.
3. Blind SQL Injection: When the application does not return error messages or detailed
information, attackers can use blind SQL injection. The attacker makes an assumption
about the data and uses logical operators (e.g., AND or OR) to infer whether the
assumption is true or false based on the behavior of the application.
4. Time-based Blind SQL Injection: The attacker sends a query that causes a time delay
in the response. By measuring how long it takes for the application to respond, the
attacker can infer whether the query returned true or false.

2.3 Preventing SQL Injection

1. Prepared Statements (Parameterized Queries): Prepared statements separate SQL

logic from data input, ensuring that user input is treated as data rather than executable
code. This is the most effective defense against SQL injection.
o Example (using PHP and MySQLi):
o $stmt = $mysqli->prepare("SELECT * FROM users WHERE username = ?
AND password = ?");
o $stmt->bind_param("ss", $username, $password);
o $stmt->execute();
2. Input Validation and Sanitization: Ensure that all user inputs are validated against
expected patterns (e.g., alphanumeric characters for usernames). Input sanitization
involves removing or escaping special characters like quotes (', ") and semicolons (;).
3. Least Privilege Principle: Ensure that the database account used by the application
has the least privilege necessary to perform its tasks. For example, avoid using accounts
with administrative privileges to connect to the database.
4. Web Application Firewalls (WAF): A WAF can detect and block SQL injection
attempts by analyzing web traffic and blocking requests that match known attack
patterns.

3. Cross-Site Scripting (XSS) Attacks

Cross-Site Scripting (XSS) is a type of security vulnerability typically found in web
applications, where an attacker injects malicious scripts into web pages that are viewed by other
users. The injected script can be executed by the victim’s browser, leading to various attacks,
such as data theft, session hijacking, or defacement of the web page.

3.1 Types of XSS Attacks

1. Stored XSS: In a stored XSS attack, the attacker injects a malicious script into a
website’s database (e.g., through a comment section, forum post, or contact form).
When other users access the page that retrieves the stored data, the malicious script
executes in their browser.
2. Reflected XSS: In a reflected XSS attack, the malicious script is reflected off the web
server and immediately executed in the user's browser. This typically happens when the
attacker tricks the victim into clicking on a link with the malicious script in it.
3. DOM-based XSS: In this type of attack, the malicious script modifies the Document
Object Model (DOM) of a page. The vulnerability exists in the client-side script itself,
rather than in the server-side application.

3.2 How XSS Attacks Work

The attacker typically crafts a URL or a form submission containing malicious JavaScript code.
When the target user clicks on the link or submits the form, the script is executed within the
victim's browser, leading to the execution of unauthorized actions or data theft.

For example, an attacker may inject a script into a comment section of a website, like so:

<script>alert('Your session cookie is: ' + document.cookie);</script>

When another user views the comment, the script runs, potentially stealing their session cookie.

3.3 Preventing XSS Attacks

1. Output Encoding: Encode user input before displaying it on the webpage. This
prevents the browser from interpreting the input as executable code.
o Example: In HTML, special characters such as <, >, &, and " should be encoded
as &lt;, &gt;, &amp;, and &quot;.
 2. Content Security Policy (CSP): Implement a CSP that restricts the types of content
that can be executed on a webpage. This can prevent the execution of malicious inline
scripts.
3. Sanitizing Input: Sanitize all user inputs to ensure that they do not contain malicious
code. This can include removing or escaping HTML tags from input fields.
4. HTTP-Only and Secure Cookies: Ensure that cookies containing sensitive
information are marked as HttpOnly and Secure, preventing them from being accessed
by JavaScript.

Conclusion

In Week 10, we covered important network attacks and vulnerabilities that can compromise
the integrity and availability of systems. Denial of Service (DoS) attacks, SQL Injection, and
Cross-Site Scripting (XSS) are among the most common and impactful security threats faced
by organizations today. By understanding these attacks and employing mitigation strategies
such as input validation, proper configuration, and web application firewalls, security
professionals can help protect systems and applications from exploitation.