Network protocols were designed for connectivity, not security. ARP assumes everyone tells the truth about their MAC address; DNS assumes responses are authentic. This inherent trust is the root of most network attacks.
TCP is stateful, requiring a three-way handshake (SYN, SYN-ACK, ACK) that creates predictable state tables. UDP is stateless, making it faster but highly susceptible to reflection and amplification attacks.
💡 Pro-tip: The TCP SYN-ACK response reveals the server's initial sequence number (ISN), which historically allowed for sequence prediction attacks.
DNS queries are sent in plaintext over UDP by default, allowing local attackers to easily sniff and map internal infrastructure requests.
HTTP transmits data in cleartext, exposing session cookies and credentials. HTTPS wraps HTTP in TLS, encrypting the payload but leaving metadata (SNI, IP) visible to network observers.
⚠️ ICMP is vital for network diagnostics but is frequently abused for covert channels and reconnaissance (e.g., ping sweeps).
| Protocol | Port | Primary Risk |
|---|---|---|
| ARP | N/A | Spoofing/MITM |
| DNS | 53 | Cache Poisoning |
| TCP | Varies | Session Hijacking |
Verify exercises to earn ★ 120 XP and unlock next lab level.