3.4.2. Physical and Network Attacks

💡 First Principle: Not all attacks are purely digital. Physical attacks target the tangible components of IT infrastructure, while network attacks exploit the protocols and traffic patterns that connect systems.

Brute-force attacks systematically try every possible combination until finding the correct credential. Indicators: massive numbers of failed authentication attempts, account lockouts, login attempts from unusual locations.

Denial-of-service (DoS) and distributed denial-of-service (DDoS) overwhelm resources to prevent legitimate access. Indicators: sudden traffic spikes, service unresponsiveness, bandwidth saturation, traffic from geographically dispersed sources (DDoS).

DNS attacks manipulate domain name resolution: DNS poisoning inserts false records into DNS caches; DNS hijacking redirects queries to attacker-controlled servers; domain hijacking takes control of domain registrations. Indicators: unexpected DNS resolution results, users reaching wrong sites, DNS TTL anomalies.

Wireless attacks include evil twin access points (mimicking legitimate networks), deauthentication attacks (forcing disconnections to capture reconnection handshakes), and RF jamming (disrupting wireless signals).

On-path attacks (man-in-the-middle) position the attacker between two communicating parties to intercept, modify, or inject traffic. ARP spoofing and DNS poisoning are common techniques. Indicators: certificate warnings, unexpected ARP table changes, SSL/TLS downgrade attempts.

Replay attacks capture legitimate traffic and retransmit it later to repeat an authorized action (e.g., capturing an authenticated session token and replaying it). Prevention: timestamps, nonces (one-time-use numbers), and session tokens with expiration. Relay attacks forward authentication in real time without the attacker needing to understand the content — common with NFC and contactless cards where the attacker bridges communication between the victim's card and a payment terminal.

RFID cloning copies RFID access badge data to create duplicate cards for unauthorized physical access.

Environmental attacks target physical infrastructure: power manipulation, HVAC disruption, or electromagnetic interference to degrade or damage equipment.

⚠️ Exam Trap: The exam may use "on-path attack" rather than "man-in-the-middle" — CompTIA has updated the terminology. Same concept, different name. Also: DDoS is distributed (multiple sources), DoS is single-source. The "distributed" part is the distinguishing factor.