Codecademy Logo

Network Attacks

Layer 2 Attacks

Layer 2 attacks refer to cyber attacks that target layers 1 and 2 of the OSI Model (the Physical and Data Link Layers). These types of attacks are often focused on gathering information by gaining information from, or about, a network.

OSI Layers

The OSI layers include: Physical, Data Link, Network, Transport, Session, Presentation, and Application.

  • The Physical layer includes physical technologies
  • The Data Link layer includes data framing and local MAC addressing
  • The Network layer includes connecting to the larger web and IP addressing
  • The Transport layer includes protocols that make sure reliable delivery happens
  • The Session layer authenticates and maintains communication over a period of time
  • The Presentation layer en/decrypts and translates data into presentable form
  • The Application layer includes all the applications we interact with that render data

MAC Spoofing

MAC Cloning (MAC Spoofing) is an attack in which an attacker fakes the factory-assigned MAC address of a device’s factory interface.

MAC Flooding

A Media Access Control (MAC) Flooding attack is a variation on a Address Resolution Protocol (ARP) Poisoning attack in which the attacker instead floods a switch’s cache table with frames from a random source MAC addresses.

Media Access Control Address

A Media Access Control (MAC) address is a unique hardware identification number given to network interfaces.

Address Resolution Protocol

Address Resolution Protocol (ARP) is a broadcast mechanism where Media Access Control (MAC) addresses are matched to an Internet Protocol (IP) address on a local network segment.

ARP Poisoning Attacks

Address Resolution Protocol (ARP) Poisoning attacks are when an attacker with access to a local network segment is able to redirect an IP address to a new MAC address.

This results in the attacker being able to receive traffic intended for someone else. This can allow the attacker to look at or modify the traffic, and it can be used to perform DoS, spoofing, MitM, and other attacks.

An image showing ARP poisoning. It's a copy of the first 2 panels of the “interrupting bird meme” but with routers. At the top, above both panels is the text “Query: Who has IP”. The first panel is labeled “normal operation”, and has the router responding “0b-60-10-08-da-15 has”. The second panel is labeled “arp poisoning”, and has the correct router trying to say the same thing, but being interrupted by another router saying “d7-86-d6-56-85-b1 has! d7-86-d6-56-85-b1 has!” as though it’s shouting.

Cybersecurity: Skimming

In Cybersecurity, skimming refers to a physical attack technique which uses a fake card reader in order to skim, or copy, a smart card’s data. This can include ID cards, credit cards, and other smart cards.

Skimming is an example of a physical attack because skimmers rely on proximity to smart cards or installation on public card readers like ATMs.

Evil Twin Attack

An Evil Twin Attack is a wireless attack in which an attacker sets up a fake Wi-Fi network that looks legitimate in order to steal victims’ information.

This attack is sometimes performed as part of a Man-in-the-Middle Attack.

Wi-Fi Disassociation Attack

In a Wi-Fi Disassociation Attack an attacker breaks the wireless connection between the victim and the access point. This is a type of Denial of Service (DoS) attack.

Rogue Access Points

A Rogue Access Point is any network device (typically wireless) operating on a network that has not been approved by an administrator and is granting unauthorized access to the network.

This term applies to innocent devices perhaps added by an employee, as well as malicious devices added by an attacker.

Wireless Jamming

Jamming refers to a wireless attack in which an attacker attempts to interfere with or “jam” a victim’s connection to a wireless channel by sending a conflicting frequency.

These attacks are dangerous because they’re relatively easy to carry out and they can effectively halt all communication on a channel.

Bluesnarf Attack

Bluesnarfing is a wireless attack that occurs when a Bluetooth-capable device is set to “discoverable” and able to be located by other devices. Utilizing the Bluetooth connection, an attacker can steal data from this “discoverable” device, often without the user’s knowledge.


Bluejacking is when someone uses a Bluetooth connection to send unauthorized messages to a Bluetooth-capable device.


Bluetooth is a technology used for short-range wireless communication. It is commonly used by wireless peripherals such as headphones or computer mice to connect to smartphones and computers.

Bluetooth is defined by the IEEE (Institute for Electrical and Electronics Engineering) standard 802.15.1.

Radio Frequency Identifiers (RFID)

Radio Frequency Identifiers (RFIDs) use electromagnetic fields as a way of encoding information into passive tags that can be easily attached to any sort of physical object or device. They can then be used to track or identify objects.

Near-Frequency Communication (NFC)

Near-Field Communication (NFC) is a wireless communication system that can be between two devices that are four centimeters apart. It is used for things like secure transactions or transferring files between devices.

NFC Vulnerabilities

Near-Field Communication (NFC) is vulnerable to skimming attacks, as well as Denial-of-Service (DoS)-style attacks in which an attacker floods the device with RF signals corrupting data as it is being transferred.

OSI Model

The OSI Model is a conceptual, implementation-neutral model that describes networking in seven separate layers, where each layer covers a set of functions and tasks.

This model helps us communicate while we do network troubleshooting and architecture.

TCP/IP Model

The TCP/IP Model is an implementation-specific networking model that revolves around the TCP protocol and IP addressing which anchor the Internet as we know it.

Its layers include:

  • The Network Layer
  • The Internet Layer
  • The Transport Layer
  • The Application Layer

Network Categories

Three broad categories of networks include:

  • Local Area Network (LAN), a smaller-sized network that connects multiple devices in a small area
  • Campus Area Network (CAN), a larger network that connects multiple computers and devices over a slightly larger area
  • Wide Area Network (WAN), the largest-sized network that connects multiple computers, over a geographically large area

The Internet is technically a WAN.


A network is two or more computers or devices that are linked in order to share information.

Networking refers to a large set of standards and protocols that organize and regulate the sharing of information.

Network Protocols

A network protocol is a set of standards for Internet traffic.

Among them are the big transport protocols:

  • TCP and UDP
  • HTTP for web requests
  • DNS to convert domain names to IP addresses
  • IMAP/POP3 for email
  • SSH
  • FTP
  • SMB for access to specific resources

URL Redirection

Uniform Resource Locator (URL) Redirection is when Hypertext Transfer Protocol (HTTP) redirects are used to open a page that is different from the one the user intended to access. Redirects can be used for innocent purposes, such as to redirect users to a login page, but this method can also be used for malicious purposes. Attackers often use this in conjunction with phishing techniques or by adding redirects to .htaccess files.

Universal Resource Locator

A URL (Universal Resource Locator) is a string that represent an address that points to a resource on the internet. An example of a URL is:

DNS Poisoning

DNS (Domain Name System) poisoning is a type of attack in which an attacker interferes with the resolution of domain names, therefore diverting legitimate traffic from victim domains.

Domain Name System Protocol

The Domain Name System (DNS) protocol is used to figure out what IP address is associated with a given domain name, so that we can connect to websites by Uniform Resource Locator (URL) rather than having to remember a list of IP addresses ourselves.

Domain Reputation

Domain Reputation refers to the view the public has of a domain. If a domain is hijacked, it will likely be used for spam or nefarious purposes. This could lead to complaints or the domain being denylisted or blacklisted.

DNS Hijacking

Domain Hijacking is a cyber attack in which an attacker takes control of a registered domain name without the owners consent. This can be done via hacking, social engineering, or snagging a domain name that wasn’t renewed on time.

Learn More on Codecademy