> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/google-cybersecurity-professional-cert/3.-connect-and-protect-networks-and-network-security/module-3/overview-of-interception-tactics.md).

# Overview of interception tactics

Let’s dive into **interception tactics** with a fun **spy-themed** twist, making it easier to understand how **cyber attackers** use these methods, and how you, as the **defender**, can stop them. We’ll go through packet sniffing, IP spoofing, and a few common attacks while imagining you’re either a **spy agent defending your base** or a sneaky hacker **infiltrating the enemy**!

***

#### **Packet Sniffing: The Spy Listening Device**

Imagine you’re a spy trying to intercept secret messages between two agents. **Packet sniffing** is like planting a **listening device** on their communication line. Normally, data packets are meant for specific destinations, like a letter being delivered to one address. But with packet sniffing, you set your **Network Interface Card (NIC)** to **promiscuous mode**, allowing you to **capture all the data packets**—whether they’re meant for you or not.

* **How Attackers Use It**: Hackers use tools like **Wireshark** to capture data on a network. They collect **valuable information** like usernames, passwords, and sensitive data by intercepting packets as they travel between devices.
* **How You Defend**: Use **encryption** (like TLS) to scramble the data. Even if the attacker intercepts the packet, they’ll only see a **garbled mess**.

***

#### **IP Spoofing: The Spy Master of Disguise**

Now imagine you’ve intercepted some messages and you’re pretending to be one of the agents. **IP spoofing** is like **faking your identity** to trick the other party into thinking you’re someone they trust.

* **How Attackers Use It**: After sniffing packets, hackers impersonate a device’s **IP address** and **MAC address** to perform malicious actions. This lets them send packets that look like they’re coming from a trusted source.
* **How You Defend**: Set up **firewalls** to detect unauthorized IP addresses and **block suspicious traffic**.

***

#### **On-Path Attack: The Spy Hiding in the Shadows**

In an **on-path attack**, the hacker is like a **spy hiding in the shadows** between two trusted parties (let's call it “meddler-in-the-middle”). They secretly intercept the communication between two devices and collect sensitive data—without either side knowing.

* **Example**: If you’re sending a DNS lookup (like asking, “Where is this website located?”), the attacker intercepts the response and can **send you to a fake website** full of malware!
* **How You Defend**: **Encrypt** your data in transit using **TLS** or **VPNs** so that even if someone’s hiding in the middle, they can’t see or alter your communications.

***

#### **Smurf Attack: The Spy Creating a Riot**

In a **smurf attack**, the attacker acts like a **spy who starts a riot**—they use **IP spoofing** to flood the network with packets, causing chaos.

* **How It Works**: The attacker sends a spoofed ICMP packet (like a ping) to a network’s **broadcast address**, which sends that packet to **every device** on the network. All the devices respond, creating a massive amount of **network traffic**, overwhelming the servers and causing a **denial of service**.
* **How You Defend**: Use an **advanced firewall** (like a **Next-Generation Firewall/NGFW**) to detect **unusual traffic patterns** and block **oversized broadcasts** before they bring down the network.

***

#### **DoS Attack: The Spy Jamming the Signal**

A **Denial of Service (DoS)** attack is like a spy **jamming the enemy’s communications**. The goal here is simple: **flood the network** so that legitimate traffic can’t get through, shutting down systems or services.

* **How It Works**: Attackers send **IP packets** with **fake IP addresses** (spoofing) until the server can’t handle it anymore, causing it to **crash**.
* **How You Defend**: Implement **rate limiting**, which controls how many requests a server can handle per second, and use **defense-in-depth**—layering multiple defenses like **firewalls**, **encryption**, and **load balancing**.

***

#### **Key Takeaways:**

* **Packet Sniffing**: Attackers use it to **capture data**. Defend with **encryption** so they can’t read intercepted packets.
* **IP Spoofing**: Hackers **fake their identity** to send malicious packets. Block this with **firewalls** that detect suspicious IP addresses.
* **On-Path Attack**: Hackers intercept communication between trusted devices. Use **encryption** to keep your conversations safe.
* **Smurf Attack**: Attackers flood the network using **spoofed ICMP packets**, causing a denial of service. **NGFWs** can detect and block these.
* **DoS Attack**: Attackers **overwhelm the server** with traffic using **fake IP packets**. Implement **rate limiting** and **layered defenses** to mitigate this.

***

Now you’ve got a fun and tactical overview of how **interception attacks** work and how you can **defend** against them like a true **cyber-spy agent**!
