Lesson 10: Data-Link & Network Layer Security
The internet's core protocols — ARP, IP, TCP, UDP — were originally designed on the false assumption that every network component is trustworthy. They have no built-in authentication and no default encryption. This lesson goes one layer above the physical layer: we'll see how that lack of authentica
In brief: ARP never checks who's really sending, IP never verifies the true source, and UDP never remembers any conversation. All of this makes spoofing surprisingly easy — both inside the local network and at the internet level.
- ARP Spoofing & ARP Poisoning
- Sending forged ARP replies to make one computer (Spoofing) or an entire network (Poisoning) believe the attacker's MAC address belongs to a legitimate entity, like the router.
- MAC Flooding
- Flooding a switch's CAM table with thousands of forged MAC addresses until it fills up and the switch enters 'Fail Open' mode, broadcasting everything to everyone like a hub.
- TCP Session Hijacking
- Taking over an existing, authenticated TCP session, usually by guessing or capturing the sequence number, disconnecting the victim, and continuing the conversation in their place.
- SYN Flood
- Flooding a server with many SYN requests without completing the three-way handshake, until its SYN queue fills with 'half-open' connections and it stops accepting new ones.
- UDP Amplification
- Exploiting public servers (DNS, NTP) that return a response far larger than the request, when the request's forged source address is the victim's — so the huge reply floods them instead of the attacker.