Analyse Network Attacks: Investigate website disruptions, identify attack vectors.

cybersecurity-incident-report-analyse-network-attacks.md

Investigated and analysed a network attack that disrupted website accessibility, identifying the attack vector and its impact. Provided a comprehensive incident report detailing the attack's methodology and effects.

Cybersecurity Incident Report: Analyse Network Attacks

Part 1: The type of attack that may have caused this network interruption
The website's connection timeout error could be attributed to a potential Denial of Service (DoS) attack. Analysis of the logs reveals that the web server ceases to respond when inundated with an excessive number of SYN packet requests. This incident aligns with a specific type of DoS attack known as SYN flooding.

Part 2: How the attack is causing the website malfunction

When visitors attempt to establish a connection with the web server, a standard three-step handshake occurs through the TCP protocol. This handshake involves: Initiation (SYN): The source sends a SYN packet to the destination, expressing the desire to connect. Acknowledgment (SYN-ACK): The destination responds with a SYN-ACK packet, indicating acceptance of the connection request. Resources are then allocated for the impending connection. Final Acknowledgment (ACK): The source concludes the process by sending an ACK packet, acknowledging permission to connect. In the context of a SYN flood attack, a malicious actor floods the server with an overwhelming volume of SYN packets simultaneously. This flood exhausts the server's available resources earmarked for connection establishment. Consequently, legitimate TCP connection requests are left without the necessary server resources. The logs point to a scenario where the web server is inundated, rendering it incapable of processing SYN requests from visitors. Consequently, new visitors experience a connection timeout message as the server lacks the resources to establish additional connections.