upgrade
upgrade

🕸️Networked Life

Types of Network Attacks

Study smarter with Fiveable

Get study guides, practice questions, and cheatsheets for all your subjects. Join 500,000+ students with a 96% pass rate.

Get Started

Why This Matters

In Networked Life, you're not just learning about how networks connect—you're learning about the vulnerabilities that emerge from that connectivity. Network attacks exploit the fundamental properties of networked systems: trust relationships, information asymmetry, protocol weaknesses, and the human nodes within the system. Every attack type you study demonstrates a core principle about how networks function and fail.

When exam questions ask about network security, they're testing whether you understand attack vectors (how threats enter systems), exploitation mechanisms (what vulnerability is being leveraged), and network effects (how attacks scale across connected systems). Don't just memorize attack names—know what each one reveals about network architecture and human behavior in networked environments.

Attacks That Exploit Network Infrastructure

These attacks target the technical architecture of networks themselves—the protocols, servers, and data pathways that make communication possible. They succeed because network infrastructure must remain accessible to function, creating inherent vulnerabilities.

Distributed Denial of Service (DDoS)

  • Overwhelms target servers with traffic from multiple sources—exploits the fact that servers have finite capacity while attackers can coordinate distributed resources
  • Botnet-powered attacks leverage networks of compromised devices, demonstrating how network scale becomes a weapon
  • Cascading economic damage occurs because networked businesses depend on availability—downtime affects every connected user and transaction

Packet Sniffing

  • Captures data packets traveling across a network—exploits the broadcast nature of many network protocols
  • Intercepts unencrypted credentials and sensitive data, making unsecured networks particularly vulnerable
  • Passive attack profile means detection is difficult—the attacker observes without disrupting traffic flow

Man-in-the-Middle (MitM)

  • Intercepts communication between two parties who believe they're communicating directly—exploits trust assumptions in network protocols
  • Session hijacking and packet manipulation allow attackers to read, modify, or inject data in real-time
  • Breaks confidentiality and integrity simultaneously, demonstrating why encryption alone isn't sufficient without authentication

Compare: Packet Sniffing vs. MitM—both intercept network traffic, but sniffing is passive observation while MitM actively positions the attacker between communicating parties. If an FRQ asks about confidentiality breaches, sniffing is your example; for integrity violations, use MitM.

Attacks That Exploit Code Vulnerabilities

These attacks target weaknesses in how software processes input and executes code. They succeed because applications must accept user input to be useful, but validating that input perfectly is extraordinarily difficult.

SQL Injection

  • Inserts malicious database queries through input fields—exploits applications that concatenate user input directly into SQL commands
  • Database manipulation capabilities range from viewing sensitive data to deleting entire tables
  • Input validation failure is the root cause—demonstrates why never trust user input is a foundational security principle

Cross-Site Scripting (XSS)

  • Injects malicious scripts into web pages that execute in other users' browsers—exploits the trust browsers place in website content
  • Steals session tokens and cookies by running attacker code in the context of a legitimate site
  • Persistent vs. reflected variants show how attacks can be stored server-side or delivered through malicious links

Compare: SQL Injection vs. XSS—both are injection attacks exploiting poor input handling, but SQL Injection targets the server's database while XSS targets other users' browsers. This distinction matters for understanding where damage occurs in the network.

Attacks That Exploit Human Psychology

These attacks recognize that humans are nodes in every network, often the most vulnerable ones. They succeed because security systems ultimately depend on human decisions, and human cognition has predictable weaknesses.

Phishing

  • Tricks users into revealing credentials through deceptive emails or websites mimicking legitimate services
  • Social engineering at scale—uses network reach to target thousands of potential victims simultaneously
  • Gateway attack that enables subsequent technical exploits once credentials are compromised

Social Engineering

  • Manipulates human trust and authority through impersonation, pretexting, and psychological pressure
  • Bypasses technical controls entirely—targets the human element that even the strongest encryption cannot protect
  • Exploits network position by targeting individuals with privileged access or information

Compare: Phishing vs. Social Engineering—phishing is a specific technique within the broader category of social engineering. Phishing scales through network distribution; other social engineering attacks (like pretexting calls) are more targeted but potentially more effective against high-value targets.

Attacks That Exploit Software Distribution

These attacks leverage the way software spreads and executes across networked systems. They succeed because networks enable rapid distribution, and users must install software to accomplish tasks.

Malware (Viruses, Worms, and Trojans)

  • Viruses attach to legitimate programs and spread when users share infected files—require human action to propagate
  • Worms replicate independently across networks, exploiting the connectivity that makes networks valuable
  • Trojans disguise malicious code as useful software, exploiting user trust in downloaded applications

Zero-Day Exploits

  • Target unknown vulnerabilities before patches exist—exploits the time gap between discovery and defense
  • Information asymmetry advantage gives attackers who discover vulnerabilities first a window of unopposed access
  • Dark web marketplace for zero-days demonstrates how vulnerability information itself becomes a networked commodity

Compare: Worms vs. Viruses—both are self-replicating malware, but viruses require human action (opening files, running programs) while worms spread autonomously through network connections. Worms demonstrate pure network propagation; viruses show human-network interaction.

Attacks That Exploit Authentication Weaknesses

These attacks target the mechanisms systems use to verify identity. They succeed because authentication must balance security against usability, and users consistently choose convenience.

Password Attacks (Brute Force and Dictionary)

  • Brute force systematically tests all combinations—exploits the mathematical limits of short or simple passwords
  • Dictionary attacks use common passwords and phrases, exploiting predictable human password choices
  • Computational feasibility improves constantly, making previously "secure" password lengths vulnerable over time

Compare: Brute Force vs. Dictionary Attacks—brute force is exhaustive but slow; dictionary attacks are faster but only work against common passwords. This tradeoff illustrates the security principle that attack efficiency depends on assumptions about the target.

Quick Reference Table

ConceptBest Examples
Infrastructure exploitationDDoS, Packet Sniffing, MitM
Input validation failuresSQL Injection, XSS
Human psychology exploitationPhishing, Social Engineering
Network propagationWorms, Viruses, Trojans
Authentication weaknessesBrute Force, Dictionary Attacks
Information asymmetryZero-Day Exploits, MitM
Passive vs. active attacksPacket Sniffing (passive), MitM (active)
Scale through networksDDoS, Phishing, Worms

Self-Check Questions

  1. Which two attack types both exploit poor input validation, and what distinguishes their targets within a networked system?

  2. Compare how worms and phishing attacks leverage network connectivity differently—one exploits technical propagation, the other exploits human-network interaction. Explain the distinction.

  3. If a system has perfect encryption but users choose weak passwords, which attack categories remain effective? Why does this illustrate the "weakest link" principle in network security?

  4. An FRQ asks you to explain why zero-day exploits are particularly dangerous in networked environments. What concept about information asymmetry and patch distribution should your answer emphasize?

  5. Categorize DDoS, social engineering, and SQL injection by whether they primarily exploit network architecture, human behavior, or software implementation. Which attack could arguably fit multiple categories, and why?