Common Network Attack Types and Defense Mechanisms
Resul Daş Abubakar Karabade
Department of Software Department of Software
Engineering, Technology Faculty Engineering, Technology Faculty
Firat Univ., 23119 Elazığ, Turkey Firat Univ., 23119 Elazığ, Turkey
rdas@firat.edu.tr karabadeabubakar@gmail.com
Abstract – For every organization having a well secured
network is the primary requirement to reach their goals. A
network is said to be secure if it can protect itself from
sophisticated attacks. Due to the rapid increase in the number of
network users, security becomes the main challenge in the area of
network field. Most security related threats target the layers of the
OSI reference model. Sophisticated attack types such as
Distributed Denial of Service (DDoS), Man-in-the-Middle and IP
spoofing attacks are used to attack these layers. In this paper, we
analyze most of the attack types that cause serious problems in
computer networks and defense techniques to stop or prevent
these attacks.
Keywords: Network attacks; network defense mechanisms;
attack analysis; attacks detection.
I. INTRODUCTION
The Open Systems Interconnection (OSI) reference model
consists of seven of layers and plays a key role in computer
networks. In the OSI reference model, each layer performs
different tasks and passes the packet to the next layer until it
reach to the destination layer: physical or application layer. In
the last decade, computer networks have started to be
widespread. However, in parallel with this and due to the
change in the information security space, security-related
concerns have arisen severely due to the increasing awareness
among people. Different from the past when simple exploitation
to deface web sites or a destructive worm was the norm,
nowadays, most attackers try to access to sensitive data [1]. The
techniques used by talented attackers are efficient that they are
hardly visible and generally not noticed. Due to these reasons,
many organizations are concerned about how they will protect
their network against the attackers and hackers, and provide
confidentiality, integrity and availability of their valuable data
[2].
In this paper, common network attack types and defense
mechanisms that can be used to prevent these attack types from
damaging computer networks are analyzed. The remainder of
this paper is as follows. Common network attack types and
defense techniques to stop or prevent these attack types are
reviewed in Section II. Section III concludes the paper.
978-1-4673-7386-9/15/$31.00 ©2015 IEEE
Gurkan Tuna
Department of Computer
Programming, Trakya University,
22020, Edirne, Turkey
gurkantuna@trakya.edu.tr
II. NETWORK ATTACKS AND DEFENSE
TECHIQUES
The network attacks are used to disrupt and exhaust the
legitimate traffic and in this way prevent the users from
accessing sensitive data. This section analyzes common
network attack types which are directed to the OSI reference
model and reviews defense techniques against these attack
types.
A. MAC Flooding Attacks
Media Access Control (MAC) can be seen as an identifier given
to the network interfaces to provide communication in a
physical network segment. MAC flooding attack is an attack
technique used to compromise the security of a network switch.
As shown in Figure 1, in a MAC flooding attack, a network
switch is fed many Ethernet frames by the attacker with
different source MAC addresses. The aim is to consume the
limited memory set aside in the switch and in this way force
legitimate MAC addresses out of the MAC address table. As a
result, the switch becomes unable to learn new MAC address
and large quantities of incoming frames are flooded out on all
ports. Therefore, attackers can hear the traffic flow through the
switch [3, 4].
Defense Mechanisms: To mitigate MAC flooding attacks,
switch-related counter measures are used.
Port security: It allows network administrators to specify the
number of MAC addresses for a particular switch port.
IEE 802.1X suite Application: It provides packet filtering rules
to be installed.
Source MAC : xxx.xxx.xxx
Source MAC : xxx.xxx.xxx
Source MAC : xxx.xxx.xxx
Attacker floods the CAM table
with malicious invalid source
Attacker
MAC address.
Fig. 1. MAC Flooding Attacks
B. IP Spoofing Attack
Internet Protocol (IP) spoofing attack or IP address spoofing is
the creation of IP packets with a source IP address. Its aim is to
conceal the identity of the sender or impersonate another
computing system [5, 6]. As shown in Figure 2, this way, a
“backdoor” is created and hackers are allowed to have access to
the destination host. The figure 2 shows IP spoofing attacks.
User1
192.102.45.0
User2 Server
193.145.0.129 195.45.12.10
IP Spoofing
Attacker
Fig. 2. IP Spoofing Attack
Defense Mechanism: To mitigate or prevent IP spoofing
attacks, router based filters or intrusion detection tools are used.
Router based filter: It is done by matching incoming traffic
interface with associated normal interface of IP source traffic in
the MAC table.
Intrusion detection tools: Bad ARP messages are maintained
and the stability of the MAC table is detected.
C. Session Hijacking Attacks
Session hijacking can be described as the exploitation of a
valid computer session to gain unauthorized access to
information or services in a computer system. As shown in
Figure 3, when the attacker accesses the session, he pretends to
be the original user and can do whatever the original user is
authorized to do on the network [7, 8].
Session ID
Server
victim
Sniffing good session
Attacker
Fig. 3. Session Hijacking Attacks
Defense Mechanism: To prevent session hijacking attacks,
router based filters or intrusion detection tools are used.
String as Session key: It prevents an attacker from guessing a
valid session key through the Brute Force attack.
Encryption: It prevents the attacker from learning valid IP
addresses.
D. Man-in-the-Middle Attacks
As shown in Figure 4, Man-in-the-Middle Attack is an attack
type where the attacker secretly relays and possibly alters the
communication between two communicating parties who
believe they are directly communicating with each other [9, 10].
Attacker
Source
Router
Destination
Fig. 4. Man-in-the-Middle Attack
Defense mechanism: Man-in-the-Middle Attacks are generally
prevented using cryptographic techniques.
E. DHCP Starvation Attack
As shown in Figure 5, Dynamic Host Configuration Protocol
(DHCP) starvation attacks work by broadcasting DHCP
requests with spoofed MAC addresses. If enough requests are
sent, the network attackers can exhaust the address space
available to the DHCP servers for a period of time [11, 12].
Since the clients are starved of the DHCP resources, DHCP
starvation attack can be classified as a Denial of Service (DoS)
attack. Then, the attackers can set up a rogue DHCP server on
the system and in this way force the clients to use the rogue
DHCP server. They can also perform man- in-the-middle
attacks or sniff packets by simply setting their machine as the
default gateway.
Defenses Mechanism: To prevent DHCP starvation attacks,
DHCP snooping technique is employed.
1. Reducing the number of MAC address allowed on the
switch ports.
2. Limiting the number of hosts allowed on the switch ports.

DHCP Server
DHCP Server
DHCP Server
Router
Client
Attacker sends many
difference DHCP request
with many MAC address
Attacker
Fig. 5. DHCP Starvation Attack.
F. ICMP Attack
While Internet Control Message Protocol (ICMP) is commonly
used for diagnostic purposes, error reporting and querying
servers, it is now used by attackers for malicious goals. As
shown in Figure 6, ICMP attacks are realized by sending
spoofed ICMP messages from the original host gateway to the
destination in order to intercept the packets [13, 14].
Victim
The attacker sends compromise packet
ICMP responses message then forwards
Attacker
Fig. 6. ICMP Attack
Defense Mechanism: To prevent or mitigate ICMP attacks,
generally Intrusion Detection System (IDS) and firewalls are
used.
G. DoS/DDoS Attack
Denial of Service (DoS) or Distributed DoS (DDoS) attack is
an attempt to make a server or network resource unavailable to
its intended users.A DoS attack can be seen as a set of attempts
to temporarily or permanently interrupt or suspend services of
a server connected to the Internet [15-17].
Different from DoS attacks, DDoS attacks are indirectly
launched with many compromised system [18-20].The DDoS
attacks divided into three categories:
1. Volume based attacks: They generally include ICMP
floods and User Datagram Protocol (UDP) floods and aim
at consuming the bandwidth of the victim host.
2. Protocol based attacks: They generally include SYN
floods, fragmented packet attacks, Ping of death attacks,
and Smurf attacks.
3. Application layer based attack: Zero-day attack is an
example of application layer based attack. It is generally
targeted to Windows and Apache servers. Figure 7
illustrates a DDoS attack.
Zombies
Server
Attacker Internet
Fig. 7. DDoS attack
Defense mechanism: To prevent or mitigate DDoS attacks, a
number of devices and techniques including firewall, IDS, IP
trace back, push back and Packet filters can be used. These
defense mechanisms typically limit the rate of traffic.
H. Telnet Attack
The telnet protocol does not have a built-in encryption
mechanism and is unsecure. Therefore, its weaknesses can be
used by the attackers to get remote access to the network system
and compromise the network.
Defense mechanism: To prevent Telnet attacks, a number of
techniques including the use of strong passwords, shutting
down unused ports, controlling physical access device, IDS and
firewalls can be used.
İ. Wireless Evil Twin Attack
While the availability of Wi-Fi provides great flexibility and
availability to network users, it provides an opportunity to
attackers to use unsecure services to attack the organizations.
Basically, the evil twin attack can imitate any hot spot Wi-Fi.
Then, the attacker can make the hot spot Wi-Fi like free network
service and the connected users become open to numerous
attacks [21].
Defense mechanism: To prevent wireless evil attacks, multi-
hop detection can be used.
 III. CONCLUSION
In this paper, we reviewed common and well-known network
attack types directed to computer networks. We specifically
paid attention to and analyzed network attack types used to
eavesdrop traffic, manipulate data and deny the flow of
information, which include MAC flooding attacks, DHCP
starvation attack, IP spoofing and DDoS attacks. In addition, we
investigated defense mechanisms used to protect computer
networks against the most common attack types. In the future
work of this study we are planning to simulate the most
common attack types and analyze their behavior in a set of case
studies.
[18] Sandeep, Rajneet.(2014). “ A Study of DoS & DDoS – Smurf Attack and
Preventive Measures”, “International Journal of Computer Science and
Information Technology Research”, Vol. 2, 1-6.
[19] Beitollahi, H., Deconinck, G.(2012). “A Four-Step Technique for
Tackling DDoS Attacks”, “The 3rd International Conference on Ambient
Systems, Networks and Technologies (ANT-2012)”, Procedia Computer
Science 10 ( 2012 ) 507 – 516, 1-10.
[20] Gündüz, M.Z., Daş, R., "Kablosuz Yerel Alan Ağlarına Sızma
Uygulaması ve Temel Güvenlik Önerileri", 7. Uluslararası Bilgi
Güvenliği ve Kriptoloji Konferansı (7th International Conference on
Information Security and Cryptology - ISCTURKEY 2014), pp.295-300,
17-18 Ekim 2014, İstanbul Teknik Üniversitesi, İstanbul.
[21] Salsabil, Um, Tanseer, m, al, manrul, MD, Is A pratical approach to asses
a fatal attacks in enterprise newtowrk to identify effective mitigation
techaniques (2014) . 1-8.

REFERENCES
[1] Futoransky, A., Notarfrancesco,L., Richarte, G., Sarraute C.(2003)
“Building Computer Network Attacks”, “Core Security Technologies” 1-
10.
[2] Yang, G., “Introduction to TCP/IP Network Attacks”, 1-10., 2010.
[3] Buhr, A., Lindskog, D., Zavarsky, P., Ruhl R., “Media Access Control
Address Spoofing Attacks against Port Security”, 1-8., 2011.
[4] Lundberg, S., “VLAN Hopping”, “Advanced LAN Technologie” 1-8.,
2014.
[5] Abdur Rahman, Md. F., Kamal, P., “Holistic Approach to ARP Poisoning
and Countermeasures by Using Practical Examples and Paradigm”,
“International Journal of Advancements in Technology”,Vol. 5, 1-10.,
2014.
[6] Bruschi, D., Ornaghi, A., Rosti, E. (2013). “S-ARP: A Secure Address
Resolution Protocol”, “Italian Dept. of Education and Research F.I.R.S.T.
Project”, 1-9.
[7] Prasad, B., K., M., Reddy, A., R., M., Venugopal R., K., “DoS and DDoS
Attacks: Defense, Detection and Traceback Mechanisms -A Survey”,
“Global Journal of Computer Science and Technology: E Network, Web
& Security”, Vol. 14, 1-19., 2014.
[8] Choudhary, Kavita, Meenaksh, and Shilpa. Smurf Attacks: Attacks Using
ICMP (2011): 1-3, 2011.
[9] Duany, Z., Yuan, X., Chandrashekar, J., “Controlling IP Spoong Based
DDoS Attacks Through Inter-Domain Packet Filters”, “IEEE INFOCOM
2006”, Vol. 5, 1-30, 2006.
[10] Mirkovic, J., Jevtic, N., Reiher, P., “A Practical IP Spoofing Defense
through Route-Based Fltering”, 1-14, 2005.
[11] Geneiatakis, D., Vrakas, N., Lambrinoudakis, C. (2009). “ Utilizing
Bloom Filters for Detecting Flooding Attacks against SIP Based
Services”, “Computer security”, 1-14.
[12] Maj, S. P., Veal, D., Makasiranondh, W. (2010). “Using State Model
Diagrams to Manage Secure Layer 2 Switches”, “International Journal of
Computer Science and Network Security”, Vol. 10, 1-4.
[13] Prasad, B., K., M., Reddy, A., R., M., Venugopal R., K. (2014). “DoS
and DDoS Attacks: Defense, Detection and Traceback Mechanisms -A
Survey”, “Global Journal of Computer Science and Technology: E
Network, Web & Security”, Vol. 14, 1-19.
[14] Karabade, A., Daş, R., “Analysis of the Data Link and Network Layer
Attacks and Defence Mechanisms”, The Third International Symposium
on Digital Forensics and Security (ISDFS 2015), 11-12 May, 2015, Gazi
University, Ankara.
[15] Gtakhbayar, N., Battulga, D., Sodbileg, Sh. (2012). “Classification of
Artificial Intelligence IDS for Smurf Attack”, “International Journal of
Artificial Intelligence & Applications (IJAIA)”, Vol. 3, 1-5.
[16] Alomar, E., Gupta, B., B., Ppayah, S., K. (2012). “Botnet-based
Distributed Denial of Service (DDoS) Attacks on Web Servers:
Classification and Art”, 1-6.
[17] Elleithy, K., M.(2011). “Denial of Service Attack Techniques: Analysis,
Implementation and Comparison”, “Systemics, Cybernetics and
Informatics”, Vol. 3, 1-6.