Analysis of Common Types of Network Attacks, and Factors Enabling their Successful Implementation

Authors

DOI:

https://doi.org/10.15407/intechsys.2025.02.055

Keywords:

computer network, cyberattack, information security, Internet protocols

Abstract

Introduction. A survey of common types of network attacks, i.e. cyberattacks carried out through a computer network, is presented. The purpose of the work is to expose factors enabling attacks to be fulfilled successfully.

Methods. To expose the factors, common types of network attacks were analysed on the basis of sources open to general use.

Results. As a summary, it was found out that attackers have in their arsenal: brute force, malicious software, knowledge on various vulnerabilities and flaws on a victim’s side, social engineering tools, and detailed knowledge on how both network equipment and victim’s software function. It is significantly that due to their knowledge on how network equipment and applications connected to a network function attackers can realize their malicious intentions while behaving themselves as legitimate users regarding the network protocols and regarding the attacked services and without even looking for flaws in the protective resources or software vulnerabilities on the victim’s side. It turned out, that such factor as flaws in network software designing relates every type of attack considered.

Conclusions. Taking into account the results of the analysis, the directions of intensifying the resilience to network attacks are outlined: improving the working out of projects of network software and applications that operates in a network in order to prevent arising vulnerabilities which attackers can exploit; improving the existing computer security systems and developing novel ones; network users’ conversance with information security requirements and the threats of social engineering means.

References

Shirey, R. Internet Security Glossary. URL: https://www.rfc-editor.org/info/rfc2828 [Accessed May. 2000]

Information Security. URL: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

r1.pdf

NIST Special Publication 1800-26A. URL: https://www.nccoe.nist.gov/publication/1800-26/VolA/index.html

Understanding Denial-of-Service Attacks. URL: https://www.cisa.gov/news-events/news/understanding-denial-service-attacks

Computer networks / Andrew S. Tanenbaum, David J. Wetherall. – 5th ed.. URL: https://csc-knu.github.io/sys-prog/books/Andrew%20S.%20Tanenbaum%20-%20Computer%20Networks.pdf

Distributed Denial of Service Attacks. The Internet Protocol Journal, Vol. 7 (4). URL: https://web.archive.org/web/20190826143507/https:/www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-30/dos-attacks.html

DDoS Mitigation using Cumulus Linux. URL:

https://www.hyperscalers.com/how-to-implement-DDoS-mitigation-cumulus-linux-bare-metal-switches-BMS-100G-networking

Mor Sides, Anat Bremler-Barr, Elisha Rosensweig. Yo-yo attack: vulnerability in auto-scaling mechanism. SIGCOMM – 15: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, 103–104. https://doi.org/10.1145/2785956.2790017

Amazon 'thwarts largest ever DDoS cyber-attack' 18 June 2020. BBC News, Jun 18, 2020. URL: https://www.bbc.com/news/technology-53093611

AWS Security Blog. AWS Shield Threat Landscape report is now available. By Mário Pinho, 29 May. 2020. URL: https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available

The Cloudflare Blog. Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack 2023-02-13. By Omer Yoachimik, Julien Desgats, Alex Forster. URL: https://blog.cloudflare.com/cloudflare-mitigates-record-breaking-71-million-request-per-second-ddos-attack

The Cloudflare Blog. The New DDoS Landscape 2017-11-23 By Junade Ali. URL: https://blog.cloudflare.com/the-new-ddos-landscape

Kubernetes Autoscaling: YoYo Attack Vulnerability and Mitigation. Ronen Ben David, Anat Bremler Barr. URL: https://arxiv.org/abs/2105.00542

Xiaoqiong Xu, Jin Li, Hongfang Yu, Long Luo, Xuetao Wei, Gang Sun. Digital Towards Yo-Yo attack mitigation in cloud auto-scaling mechanism. Communications and Networks, 2020, Vol. 6 (3), 369–376. https://doi.org/10.1016/j.dcan.2019.07.002

Video games company hit by 38-day DDoS attack. Gold, Steve (21 August 2014).SC Magazine UK. URL: https://web.archive.org/web/20170201181833/https:/www.scmagazineuk.com/video-games-company-hit-by-38-day-ddos-attack/article/541275

38-Day Long DDoS Siege Amounts to Over 50 Petabits in Bad Traffic. URL: https://news.softpedia.com/news/38-Day-Long-DDoS-Siege-Amounts-to-Over-50-Petabits-in-Bad-Traffic-455722.shtml

Slow Read DDoS Attacks. URL: https://www.netscout.com/what-is-ddos/slow-read-attacks

Slow Post Attacks. URL: https://www.netscout.com/what-is-ddos/slow-post-attacks

TTL Expiry Attack Identification and Mitigation. URL: https://sec.cloudapps.cisco.com/security/center/resources/ttl_expiry_attack.html

UDP-Based Amplification Attacks. URL: https://www.cisa.gov/news-events/alerts/2014/01/17/udp-based-amplification-attacks

What Is a CC Attack? URL: https://support.huaweicloud.com/en-us/antiddos_faq/antiddos_01_0020.html

The method of defence CC attack, Apparatus and system. URL: https://patents.google.com/patent/CN106161451A/en

CC (Challenge Collapsar) attack protection method and device. URL: https://patents.google.com/patent/CN106330911A/en

Voice over IP. URL: https://www.cse.wustl.edu/~jain/cis788-99/h_8voip.htm

Voice over IP: Protocols and Standards, Rakesh Arora. URL: https://www.cse.wustl.edu/~jain/cis788-99/ftp/voip_protocols

[Review] MyDoom Virus: The Most Destructive & Fastest Email Worm. URL: https://www.minitool.com/backup-tips/mydoom-virus.html?amp

Geoffrey Cheng. Analysis on DDOS tool Stacheldraht v1.666. URL: https://www.giac.org/paper/gcih/229/analysis-ddos-tool-stacheldraht-v1666/102150

Fork bomb. URL: http://catb.org/~esr/jargon/html/F/fork-bomb.html

The Jargon File, Version 4.2.2, 20 Aug 2000. Editor: Eric S. Raymond, Guy L. Steele . URL: https://www.gutenberg.org/cache/epub/3008/pg3008-images.html

Slowloris DDoS attack. URL: https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris

Slowloris attack. URL: https://www.invicti.com/learn/slowloris-attack

Degradation of Service Attack. By Editorial Staff. URL: https://www.devx.com/terms/degradation-of-service-attack/#:~:text=A%20Degradation%20of%20Service%20Attack%20is%20a%20type%20of%20cyber,to%20access%20for%20legitimate%20users

Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou, Jeffrey Voas. DDoS in the IoT: Mirai and Other Botnets. Computer, 2017, Vol. 50 (7), 80–84. https://doi.org/10.1109/MC.2017.201

LAND Attacks. URL: https://www.imperva.com/learn/ddos/land-attacks/#:~:text=A%20LAND%20Attack%20is%20a,processed%20by%20the%20TCP%20stack

Understanding LAND Attacks: Risks and Mitigation . URL: https://www.indusface.com/learning/land-attacks

Tfreak. URL: https://hackepedia.org/?title=Tfreak

What is a Smurf DDoS attack? By Martin Pramatarov. URL: https://www.cloudns.net/blog/what-is-smurf-ddos-attack

Permanent Denial-of-Service Attack Sabotages Hardware. By Kelly Jackson Higgins. URL: https://web.archive.org/web/20081208002732/http:/www.darkreading.com/security/management/showArticle.jhtml?articleID=211201088

“BrickerBot” Results In Permanent Denial-of-Service. URL: https://www.radware.com/security/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service

Prolexic Distributed Denial of Service Attack Alert. URL: https://web.archive.org/web/20070803175513/http:/www.prolexic.com/news/20070514-alert.php

Peer-to-peer networks co-opted for DOS attacks. Robert Lemos. URL: https://www.theregister.com/2007/05/30/p2p_dos_attacks

Denying distributed attacks. Fredrik Ullner . URL: https://dcpp.wordpress.com/2007/05/22/denying-distributed-attacks

SACK Panic and Other TCP Denial of Service Issues. URL: https://web.archive.org/web/20190619100453/https:/wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

CVE-2019-11479. URL: https://web.archive.org/web/20190621224631/https:/cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479

Yu Chen, Kai Hwang and Yu-Kwong Kwok, "Filtering of shrew DDoS attacks in frequency domain," The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l, Sydney, NSW, Australia, 2005, 8–793. https://doi.org/10.1109/LCN.2005.70

Vinicius de Miranda Rios, Pedro R M Inacio, Damien Magoni, Mario M Freire. Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey. IEEE Access, 2022, Vol. 10, 76648–76668. https://doi.org/10.1109/ACCESS.2022.3191430

Kuzmanovic, Aleksandar, Knightly, Edward W. Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. ACM. Conference on Applications, technologies, architectures, and protocols for computer communications SIGCOMM’03, August 25–29, 2003, Karlsruhe, Germany, 75–86. https://doi.org/10.1145/863955.863966

CERT Advisory CA-1997-28 IP Denial-of-Service Attacks. URL: https://vuls.cert.org/confluence/display/historical/CERT+Advisory+CA-1997-28+IP+Denial-of-Service+Attacks

UPnP Forum. UPnP Specifications Named International Standard for Device Interoperability for IP-based Network Devices. URL: https://web.archive.org/web/20140401035712/http://upnp.org/news/documents/UPnPForum_02052009.pdf

New DDoS Attack Method Demands a Fresh Approach to Amplification Assault Mitigation by Avishay Zawoznik, Johnathan Azaria, Igal Zeifman. URL: https://www.imperva.com/blog/archive/new-ddos-attack-method-demands-a-fresh-approach-to-amplification-assault-mitigation

Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS. By Marek Majkowski. URL: https://blog.cloudflare.com/ssdp-100gbps

How does a SSDP Attack work? URL: https://www.cloudflare.com/learning/ddos/ssdp-ddos-attack

Stress-Testing the Booter Services, Financially. URL: https://krebsonsecurity.com/2015/08/stress-testing-the-booter-services-financially/

ARP Cache Poisoning (Gibson Research Corporation). URL: https://www.grc.com/nat/arp.htm

David C. Plummer. An Ethernet Address Resolution Protocol – or – Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware. URL: https://datatracker.ietf.org/doc/html/rfc826

ARP Vulnerabilities: The Complete Documentation. URL: https://web.archive.org/web/20110305160956/http:/www.l0t3k.org/security/tools/arp/

APE – The ARP Poisoning Engine. URL: https://web.archive.org/web/20120709235815/http:/www.megapanzer.com/2012/04/11/ape-the-arp-poisoning-engine/

Windows 10 ARP Spoofing with Ettercap and Wireshark. URL: https://cybr.com/cybersecurity-fundamentals-archives/windows-10-arp-spoofing-with-ettercap-and-wireshark/

Richard Dezso. How to Perform an ARP Poisoning Attack. May 13, 2024. URL: https://www.stationx.net/how-to-perform-an-arp-poisoning-attack/

Fact Sheet: Machine-in-the-Middle Attacks . URL: https://www.internetsociety.org/resources/doc/2020/fact-sheet-machine-in-the-middle-attacks/

SQL Injection. URL: https://learn.microsoft.com/en-us/previous-versions/sql/sql-server-2008-r2/ms161953(v=sql.105)?redirectedfrom=MSDN

Michael Kerner. How Was SQL Injection Discovered? URL: https://www.esecurityplanet.com/networks/how-was-sql-injection-discovered/

OWASP. Blind SQL Injection . URL: https://owasp.org/www-community/attacks/Blind_SQL_Injection

Kirsten S. OWASP. Cross Site Scripting (XSS). URL: https://owasp.org/www-community/attacks/xss/

Happy 10th birthday Cross-Site Scripting! URL: https://learn.microsoft.com/en-ca/archive/blogs/dross/happy-10th-birthday-cross-site-scripting

2000 CERT Advisories. URL: https://insights.sei.cmu.edu/documents/507/2000_019_001_496188.pdf

Leyden John. Facebook poked by XSS flaw. URL: https://www.theregister.com/2008/05/23/facebook_xss_flaw/

Cross Site Scripting. URL: http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting

XSS Attack Examples (Cross-Site Scripting Attacks) by Lakshmanan Ganapathy on February 16, 2012. URL: https://www.thegeekstuff.com/2012/02/xss-attack-examples/

What is Mutation XSS (mXSS)? URL:

https://kpmg.co.il/technologyconsulting/blog/what-is-mutation-xss-mxss

Types of XSS. URL: https://owasp.org/www-community/Types_of_Cross-Site_Scripting

Symantec Internet Security Threat Report Trends for July–December 06 Vol. 11, 2007. URL: https://docs.broadcom.com/doc/istr-07-march-en

Downloads

Published

2025-07-17

How to Cite

Godlevsky, A., Morokhovets, M., & Shchogoleva, N. (2025). Analysis of Common Types of Network Attacks, and Factors Enabling their Successful Implementation. Information Technologies and Systems, 2(2), 55–80. https://doi.org/10.15407/intechsys.2025.02.055

Issue

Vol. 2 No. 2 (2025): Information Technologies and Systems

Section

Theory of Information Technologies and Systems Construction

License

Copyright (c) 2025 Information Technologies and Systems

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

The paper is an Open Access under the CC BY-NC-ND 4.0 license  - Attribution-NonCommercial-NoDerivatives 4.0 International.