Network Attacks: ARP, MAC Flooding, DNS Poisoning | AP Cybersecurity
Network Attacks Explained: ARP, MAC Flooding, DNS Poisoning & More
Topic 3.1 covers how networks are attacked. The framework names specific attacks, ARP spoofing, MAC flooding, DNS poisoning, and smurf attacks, and the ways adversaries gain access to a network in the first place.
Contents
The named network attacks
ARP spoofing abuses the address resolution protocol to associate the attacker's MAC address with another device's IP, putting the attacker between two parties (on-path). MAC flooding overwhelms a switch so it broadcasts traffic to everyone, letting the attacker sniff it. DNS poisoning corrupts name resolution so a domain points to a malicious IP.
Smurf attacks attempt to overwhelm a target with traffic, a form of denial of service. Each attack targets a different layer, but all exploit how trust is handled on a network.
An attacker makes every device on a LAN believe the attacker is the gateway. Which attack is this?
Reveal answer
ARP spoofing. By forging ARP replies, the attacker maps their MAC to the gateway's IP, so traffic flows through them (an on-path position).
Match the attack to its mechanism: forged ARP replies = ARP spoofing, overwhelmed switch = MAC flooding, corrupted name resolution = DNS poisoning, flood of traffic = smurf/DoS.
How adversaries reach a network
Adversaries get onto networks in several ways (EK 3.1.B): sending malicious traffic from outside, using a device they already compromised, physically plugging into a data port, joining or cracking a wireless network, or exploiting an open network port.
Each entry point is a vulnerability to close, which is what the protect topics in this unit address.
An attacker finds an unused, live network jack in a lobby and plugs in a small device. What vulnerability is this?
Reveal answer
Physical access to a data port. Plugging directly into the network can bypass perimeter defenses, which is why open ports and jacks are a risk.
Local-network attacks are still common
ARP spoofing and DNS attacks remain go-to techniques on local and public networks because the underlying protocols were built for function, not security. Attackers exploit that built-in trust.
Each attack exploits how a network handles trust.
Key Terms
| ARP spoofing | Forging address replies to get on-path between devices. |
| MAC flooding | Overflowing a switch so it broadcasts traffic. |
| DNS poisoning | Corrupting name resolution to redirect users. |
| Smurf attack | Amplified traffic flood that denies service. |
Match It Up
Common Mistakes
Confusing ARP spoofing with DNS poisoning
ARP spoofing forges hardware-address mappings; DNS poisoning corrupts name-to-IP resolution.
Thinking attacks only come from the internet
Adversaries also use compromised devices, physical ports, and wireless.
Ignoring open ports
An open, unused network port is a real entry point.
Treating a smurf attack as theft
A smurf attack is a denial of service; the goal is disruption, not data theft.
Check for Understanding
Frequently Asked Questions
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]