Category
実践ネットワーク攻撃と防御(ポートスキャン・ARPスプーフィング/MITM・DNS汚染・TCPセッションハイジャック・SYNフラッド・盗聴)の完全ガイド — 公式ドキュメント忠実版
ネットワーク攻撃は、Webアプリ攻撃(SQLi/XSS 等の L7)の一つ下のレイヤーで、『通信そのものに割り込む・なりすます・溢れさせる』攻撃です。本クラスタは、NIST SP 800-115 の4フェーズ(計画→発見→攻撃→報告)と MITRE ATT&CK を地図に、L2(ARPスプーフィング/MITM)・L3(IPスプーフィング)・L4(ポートスキャン/TCPセッションハイジャック/SYNフラッド)・横断(DNS汚染/盗聴)の攻撃手法を、各 RFC の一次情報に忠実に深掘りします。核心は『認証の欠如・平文・過剰な信頼境界』という3つの根本原因で、だからこそ効く防御は暗号化(TLS/mTLS)・暗号学的検証(DNSSEC・RFC 6528)・ゼロトラスト・攻撃面の最小化という少数の原則に収束します。各記事は攻撃を必ず防御と対にし、全手順を3つの安全地帯(自分の資産/CTF/書面で許可されたスコープ)に閉じ、DoS は攻撃手順を扱わず防御中心に徹します。AWS マルチアカウントで多層ネットワーク(VPC・最小権限IAM・GuardDuty・WAF)を設計・運用した知見を根拠に、攻撃者の視点で攻撃面を洗い出し、RFC準拠の防御まで設計・実装する判断材料を提供します。Webアプリ層(L7)の攻撃は『実践Webハッキング技法』クラスタ、TCP/IP そのものの仕組みと信頼性設計は『TCP/IP・ネットワーク』クラスタを参照してください。
7 articles in total
Foundational guide
Foundational guide (start here)
The big picture of practical network penetration testing [2026]: a map of attack classes and defensive design — a version faithful to the official docs
A complete guide that systematizes network-layer (L2–L4) attack techniques faithfully to the NIST SP 800-115 methodology and MITRE ATT&CK. Recon and port scanning, ARP spoofing/MITM, DNS cache poisoning, TCP session hijacking, SYN flood, and packet sniffing — each attack's 'why it lands' is always explained paired with 'how to defend per the RFCs.' With legal procedures confined to your own lab / CTF / authorized scope, it turns offensive understanding into defensive design.
Related practical articles
- セキュリティネットワークTCP/IP脆弱性診断ホワイトハッカー
The mechanism and defense of ARP spoofing and man-in-the-middle (MITM) attacks [2026] — detect and neutralize attacks that exploit L2 trust
A systematic explanation of the king of L2 attacks, 'ARP spoofing,' and the man-in-the-middle (MITM) attacks built on it — from mechanism to detection and defense. It shows the root cause that ARP has no authentication, the flow of twisting a victim's traffic to route through you, and neutralization via Dynamic ARP Inspection, DHCP Snooping, 802.1X, and TLS, together with type-safe detection code. With legal procedures confined to an isolated lab, it turns offensive understanding into defensive design.
8 min read - セキュリティネットワークTCP/IP脆弱性診断ホワイトハッカー
The mechanism and defense of DNS spoofing and cache poisoning [2026] — protect name resolution with RFC 5452 and DNSSEC
A systematic explanation of DNS spoofing / cache poisoning that hijacks name resolution, from the principle of the Kaminsky attack to the defenses of RFC 5452 and DNSSEC (RFC 4033-4035). Why UDP DNS believes forged answers, how source-port randomization and the transaction ID create unpredictability, and DNSSEC signature verification and encryption via DoH/DoT — shown with type-safe code and configuration examples. All are legal procedures confined to your own resolver.
8 min read - セキュリティネットワークTCP/IP脆弱性診断ホワイトハッカー
How port scanning / service reconnaissance (nmap) works and its defense [2026] — visualizing the attack surface and RFC-compliant reduction
An explanation of 'port scanning,' the core of network reconnaissance, faithful to the nmap official documentation and NIST SP 800-115. It explains, from TCP's state transitions, how host discovery, TCP SYN scan, and version/OS detection work, and why a stealth scan is detected. With all-legal procedures confined to your own lab, it shows the defenses — attack-surface minimization, IDS detection, and security-group design — in type-safe code.
9 min read - セキュリティネットワークTCP/IP脆弱性診断可観測性
The threat and defense of packet sniffing [2026] — understand it with Wireshark and neutralize it with TLS everywhere
A systematic explanation of the packet-sniffing threat, from understanding it via 'visualizing your own traffic' with Wireshark to neutralizing it with TLS. It shows why plaintext protocols (HTTP, FTP, Telnet) are dangerous and why sniffing succeeds even in a switched environment (via MITM), and explains the defenses — TLS everywhere, mTLS, HSTS, and forward secrecy — from a type-safe-code and operations perspective. Wireshark is used as an essential blue-team (defense) skill for analyzing traffic on your own assets.
7 min read - セキュリティネットワークTCP/IPTCP可観測性
Understanding and defending against SYN flood / DDoS [2026] — don't exhaust half-open connections, with RFC 4987's SYN cookies
An explanation, 'defense-centric' and faithful to RFC 4987, of the SYN flood that abuses TCP's half-open state and the broader DDoS. It explains from TCP's state transitions why stopping mid-handshake exhausts the server's resources, and shows multi-layered mitigations — SYN cookies, backlog, rate limiting, SYN proxy, and cloud DDoS protection (AWS Shield/WAF) — with configuration and type-safe code. It doesn't handle attack tools and sticks to defense.
7 min read - セキュリティネットワークTCP/IPTCP脆弱性診断
The mechanism and defense of TCP session hijacking, RST injection, and IP spoofing [2026] — RFC 5961/6528/BCP 38
A systematic explanation of session hijacking / RST injection that seizes or severs an established TCP connection, and IP spoofing that forges the source — from the principle of sequence numbers to the defenses of RFC 5961 (challenge ACK), RFC 6528 (ISN randomization), and BCP 38 (ingress filtering). It explains from TCP's state transitions why blind injection succeeds and why it's hard today, and shows neutralization via TLS with type-safe code. All are legal procedures confined to an isolated lab.
8 min read