Threats & Attacks

The attacks you defend against — and the L2/L3 control that stops each one. Everything ladders up to the CIA triad.

Confidentiality

Only the right people can read it

Integrity

Data is not tampered with

Availability

It is there when needed

Attack	What it does	Mitigation
DoS / DDoS	Flood a target to exhaust it	Rate limit, scrubbing
MITM / on-path	Intercept traffic in transit	Encryption, VPN, HTTPS
ARP spoofing	Forge ARP to redirect traffic	Dynamic ARP Inspection
MAC flooding	Overflow CAM to force flooding	Port security
DHCP rogue / starvation	Fake server or drain leases	DHCP snooping
DNS poisoning	Inject false DNS records	DNSSEC, trusted resolvers
VLAN hopping	Reach other VLANs (double-tag)	Disable DTP, change native VLAN
Phishing / social eng.	Trick users for credentials	Training, MFA

// layer-2 attacks & switch defenses

Attack	Vector	Mitigation
MAC flooding	Fills the CAM table → switch floods all frames	Port security (limit MACs)
ARP spoofing	Forged ARP replies → on-path MITM	Dynamic ARP Inspection (DAI)
DHCP starvation / rogue	Drains the pool or serves rogue leases	DHCP snooping (trusted ports)
VLAN hopping	Double-tagging or DTP to reach other VLANs	Disable DTP; no native VLAN on access
STP manipulation	Forge BPDUs to become root bridge	BPDU Guard + Root Guard
MAC spoofing	Impersonate a trusted MAC address	Port security + 802.1X

// threat categories

DoS / DDoS	SYN floods, NTP / DNS amplification
MITM / on-path	ARP / DNS spoofing, SSL strip
Reconnaissance	Port scanning, sniffing, footprinting
Spoofing	Forged IP / MAC / ARP / email
Social engineering	Phishing, pretexting, tailgating
Malware	Virus, worm, trojan, ransomware

// defense in depth