SlideShare a Scribd company logo

Attack.pptx

Download as PPTX, PDF
ISMT College
ISMT College

MAC Flooding Attack, Port Security, DHCP Starvation attacks and DHCP spoofing attacks, DHCP Snooping, ARP Spoofing attack, Dynamic ARP inspection (DAI)

Engineering
1 of 44
Attacks Prepared by: Roshan Kandel Masters in Information & Communication Engineering 1
Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • This type of attack is also known as CAM table overflow attack. • Within a very short time, the switch's MAC Address table is full with fake MAC address/port mappings. • Switch's MAC address table has only a limited amount of memory. • The switch can not save any more MAC address in its MAC Address table. 2
Following images shows a Switch's MAC address table before and after flooding attack. 3
• Once the switch's MAC address table is full and it can not save any more MAC address, its enters into a fail-open mode and start behaving like a network Hub. • Frames are flooded to all ports, similar to broadcast type of communication. • Now, what is the benefit of the attacker? • The attacker's machine will be delivered with all the frames between the victim and another machines. • The attacker will be able to capture sensitive data from network. 4
How to prevent MAC flooding attacks? • Cisco switches are packed with in-built security feature against MAC flooding attacks, called as Port Security. • Port Security is a feature of Cisco Switches, which give protection against MAC flooding attacks. 5
How to prevent MAC flooding attacks by configuring switchport port-security 6
Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • MAC flooding attack can soon drain the memory resources allocated for MAC address table and later the switch will start behaving like a network Hub. • Port Security feature can protect the switch from MAC flooding attacks. 7
• Port security feature can also protect the switch from DHCP starvation attacks, where a client start flooding the network with very large number of DHCP requests, each using a different source MAC address. • DHCP starvation attacks can result in depletion of available IP addresses in DHCP Server scope. • Port security feature is meant for access ports and it will not work on trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer) ports. 8
Concepts of Port Security • The goal of Port Security is to prevent a network attacker from sending large number of Ethernet Frames with forged fake source MAC addresses to a Switch interface. • This goal is achieved by the following settings, which are related with a switch interface. • 1) Enable Port Security Feature. Port security is disabled by default. "switchport port-security" (at interface configuration mode) command can be used to enables Port Security. • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#switchport port-security 9
• 2) Specify a maximum number of MAC addresses allowed on that interface. Remember, it is possible that more that one genuine devices are connected to a switch interface (Example: a phone and a computer). • SW1(config-if)#switchport port-security maximum ? • <1-4097> Maximum addresses 10
• 3) Define the MAC Addresses of known devices, which are going to access the network via that interface. We can do this by either hardcoding the MAC addresses of known devices (statically define the known MAC addresses) or configure "sticky" MAC Address. • Sticky MAC addresses ("switchport port-security mac-address sticky") will allow us to enter dynamically learned MAC addresses to running config. • The default number of known secure MAC addresses is one. • SW1(config-if)#switchport port-security mac-address ? • H.H.H 48 bit mac address • sticky Configure dynamic secure addresses as sticky 11
• 4) Specify an action to do when a violation occurred on above conditions. • When a violation occurs in switch Port Security, Cisco switches can be configured to act in one of the three options explained below. • Protect: When "protect" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. Frames with known source MAC addresses are allowed. No SNMP trap and a syslog message are generated. The "protect" option is the lowest port security option available. 12
• Restrict: When "restrict" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. The restrict option also sends an SNMP trap and a syslog message and increments a violation counter when a port security violation occurs. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. 13
• Shutdown: When "shutdown" option is configured and a violation occurred in switch port security, the interface is shut down. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. Therefore, when a port security violation occurs, the interface is shutdown and no traffic is allowed on that interface. The "shutdown" option is the highest port security option available. • The default violation action is to shut down the port. • SW1(config-if)#switchport port-security violation protect/restrict/shutdown 14
• How to view the Port Security related settings of an interface • SW1#show port-security interface gigabitethernet 0/0 • How to view the secure known MAC addresses configured for Port Security • SW1#show port-security address 15
How to enable back an interface, after a Port Security violation related shutdown (Errdisable state) • Once a Port Security violation happened, the interface is shut down and it is in a state called as Errdisable state. Use any of the following methods to bring the interface up after a Port Security violation related shutdown. • One method to enable back an interface, after a Port Security violation related shutdown (Errdisable state) is to bring the interface down and again up by issuing the commands "shutdown" and "no shutdown". 16
• SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#shutdown • SW1(config-if)#no shutdown • SW1(config-if)#exit • SW1(config)#exit • SW1# 17
DHCP Starvation attacks and DHCP spoofing attacks 18
What is DHCP starvation attack? • Another type of network attack which is targeted to DHCP servers is known as DHCP starvation attack. • In a DHCP starvation attack, an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses. • If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUEST messages, available IP Addresses in the DHCP server scope will be depleted within a very short span of time. 19
20
• Once the available number of IP Addresses in the DHCP server is depleted, network attackers can then set up a rogue DHCP server and respond to new DHCP requests from network DHCP clients. • By setting up a rogue DHCP server, the attacker can now launch DHCP spoofing attack. 21
What is DHCP spoofing attack? • After a DHCP starvation attack and setting up a rogue DHCP server, the attacker can start distributing IP addresses and other TCP/IP configuration settings to the network DHCP clients. • TCP/IP configuration settings include Default Gateway and DNS Server IP addresses. • Network attackers can now replace the original legitimate Default Gateway IP Address and DNS Server IP Address with their own IP Address. 22
• Once the Default Gateway IP Address of the network devices are is changed, the network clients start sending the traffic destined to outside networks to the attacker's computer. • The attacker can now capture sensitive user data and launch a man-in- the-middle attack. • This is called as DHCP spoofing attack. • Attacker can also set up a rogue DNS server and deviate the end user traffic to fake web sites and launch phishing attacks. 23
How to configure DHCP Snooping? • DHCP snooping is a DHCP security feature which provides protection from DHCP starvation attacks by filtering untrusted DHCP messages. • DHCP snooping feature identifies Switch Ports as "trusted" and "untrusted". DHCP snooping feature can be used to differentiate between untrusted interfaces (where DHCP clients are connected) and trusted interfaces (where a DHCP server or another switches are connected). • Trusted ports (where a DHCP server or other switches are connected) can source all types of DHCP messages, including DHCP OFFER message. 24
• Untrusted ports are the ports where DHCP clients are connected. • Untrusted switch ports cannot source DHCP messages like : DHCPOFFER, DHCPACK, DHCPNAK, which are normally generated by a DHCP server. By default, all switch ports are untrusted. • When DHCP snooping is enabled, Cisco switches build a table known as DHCP snooping binding database (known as DHCP snooping binding table). • DHCP snooping binding table is used to identify and filter untrusted DHCP messages from the network. 25
• DHCP snooping binding table keeps track of DHCP addresses that are assigned to switch ports. • DHCP snooping binding table includes the client MAC address, IP address, DHCP lease time, binding type, VLAN number, and interface information on untrusted switch ports. 26
• When a switch receives a packet on an untrusted switch port where DHCP snooping is enabled, with the help of information stored on DHCP snooping binding table the switch will be permitted or denied. • The packet is denied when 1. DHCP server related messages (Example: DHCPOFFER, DHCPACK, DHCPNAK) are received on an untrusted switch port. 2. The source MAC address does not match MAC address in the DHCP binding table entry. 27
How to enable DHCP snooping globally • SW1#configure terminal • SW1(config)#ip dhcp snooping • SW1(config)#exit • SW1# 28
How to enable DHCP snooping on a specific VLAN • SW1#configure terminal • SW1(config)#ip dhcp snooping vlan 500 • SW1(config)#exit • SW1# 29
How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip dhcp snooping trust • SW1(config-if)#exit • SW1(config)#exit • SW1# 30
How to view the DHCP snooping database • SW1#show ip dhcp snooping binding • MacAddress IpAddress Lease(sec) Type VLAN Interface • ------------------ --------------- ---------- ------------- ---- -------------------- • 00:00:AB:19:C6:00 172.16.10.183 690515 dhcp-snooping 500 Gigabitethernet0/1 • 00:00:AB:34:CB:00 172.16.10.184 690518 dhcp-snooping 500 Gigabitethernet0/2 • 00:00:AB:2A:FE:00 172.16.10.182 690512 dhcp-snooping 500 Gigabitethernet0/3 • 00:00:AB:F7:D0:00 172.16.10.181 690512 dhcp-snooping 500 Gigabitethernet0/4 • 00:00:AB:93:82:00 172.16.10.185 690518 dhcp-snooping 500 Gigabitethernet0/5 • Total number of bindings: 5 • How to view the DHCP Snooping configuration? • SW1#show ip dhcp snooping 31
ARP Spoofing attack 32
Introduction • Address Resolution Protocol (ARP) spoofing attack is a type of network attack where an attacker sends fake Address Resolution Protocol (ARP) messages inside a Local Area Network (LAN), with an aim to deviate and intercept network traffic. • In normal Address Resolution Protocol (ARP) operation, when a network device sends a ARP request (as broadcast) to find a MAC address corresponding to an IPv4 address, ARP reply comes from the legitimate network device which is configured with the IPv4 address which matches the ARP request. The ARP reply is cached by the requesting device in its ARP table. 33
• A network attacker can abuse Address Resolution Protocol (ARP) operation by responding ARP request, posing that it has the requested IPv4 address. • Once the attacker's MAC address is mapped to a authentic legitimate IPv4 address, the attacker will begin receiving any data that is intended for that legitimate IPv4 address. • Now the attacker can launch a man-in-the-middle attack can start capturing the network traffic for any sensitive user data. 34
• Attacker can also broadcast Gratuitous ARP message with the IPv4 address of default gateway. • Gratuitous ARP is a broadcast packet is used by network devices to announce any change in their IPv4 address or MAC address . • By sending Gratuitous ARP message with the IPv4 address of default gateway, attacker can pose as default gateway and capture all the network traffic moving outside the Local Area Network (LAN). 35
For an example of ARP spoofing attack, consider below topology. 36
• The IPv4 address of the default gateway is 172.16.0.1 and the corresponding MAC Address is 00:48:54:aa:aa:01. • The attacker (who is sitting at OmniSecu-PC-103) can broadcast a Gratuitous ARP message with the information that the MAC address corresponding to the IPv4 address of the default gateway (172.16.0.1) is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • This will cause the devices in the network to update their ARP table with a wrong MAC address to IPv4 address mapping. ARP table of the computer has a poisoned mapping of the default gateway IPv4 address 172.16.0.1 to the wrong MAC addresses 00:48:54:aa:aa:07. 37
• The attacker will send ARP messages to the default gateway to deceive the default gateway that the MAC address corresponding to the computer "OmniSecu-PC-101" is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • The ARP table of the router also has a poisoned IPv4 address to MAC address mapping. ARP table of the router has a poisoned entry mapping IPv4 address of computer "OmniSecu-PC- 101" 172.16.0.101 to the wrong MAC address 00:48:54:aa:aa:07. 38
• Now, whenever computer "OmniSecu-PC-101" sends traffic to the Internet, it will forward the network traffic to the attacker's computer, which it then forwards to the default gateway. • Since the attacker is still forwarding the traffic to the Internet via default gateway, "OmniSecu-PC-101" remains unaware that its traffic is being intercepted. • Now the attacker can try to capture the traffic for any sensitive user data 39
40
Preventing ARP spoofing attacks with Dynamic ARP inspection (DAI) • Dynamic ARP Inspection (DAI) is a feature which can be used to prevent ARP spoofing attacks. • Dynamic ARP Inspection (DAI) can be enabled on switches. When enabled, Dynamic ARP Inspection (DAI) verifies IPv4 address to MAC address bindings. • If a mismatch happened on an untrusted port, Dynamic ARP Inspection (DAI) will discard spoofed ARP packets. • DAI uses the DHCP snooping binding database to validate bindings. Dynamic ARP Inspection (DAI) only inspects ARP packets from untrusted ports. 41
• Dynamic ARP Inspection (DAI) can be enabled globally per VLAN using the command "ip arp inspection vlan <vlan-id>" By default, all ports are untrusted. To to configure a port as trusted, use the command "ip arp inspection trust", at the interface level. • How to enable Dynamic ARP Inspection (DAI) on a specific VLAN • SW1#configure terminal • SW1(config)#ip arp inspection vlan 500 42
• How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip arp inspection trust • SW1(config-if)#exit • SW1(config)#exit 43
Thank You 44

Recommended

3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptx3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptxISMT College
 
Addressing mode & data transfer instruction of 8085
Addressing mode & data transfer instruction of 8085Addressing mode & data transfer instruction of 8085
Addressing mode & data transfer instruction of 8085Chinmayee samal
 
Addressing modes of 8085
Addressing modes of 8085Addressing modes of 8085
Addressing modes of 8085Gaurav Solanki
 
Addressing modes 8085
Addressing modes 8085Addressing modes 8085
Addressing modes 8085ShivamSood22
 
8085 instructions and addressing modes
8085 instructions and addressing modes8085 instructions and addressing modes
8085 instructions and addressing modesSuchismita Paul
 
Timing Diagram.pptx
Timing Diagram.pptxTiming Diagram.pptx
Timing Diagram.pptxISMT College
 
Addressing modes of 8085 by Er. Swapnil V. Kaware
Addressing modes of 8085 by Er. Swapnil V. KawareAddressing modes of 8085 by Er. Swapnil V. Kaware
Addressing modes of 8085 by Er. Swapnil V. KawareProf. Swapnil V. Kaware
 
Addresing mode and timing diagram
Addresing mode and timing diagramAddresing mode and timing diagram
Addresing mode and timing diagramtrivediau1
 

Recommended

3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptx3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptxISMT College
 
Addressing mode & data transfer instruction of 8085
Addressing mode & data transfer instruction of 8085Addressing mode & data transfer instruction of 8085
Addressing mode & data transfer instruction of 8085Chinmayee samal
 
Addressing modes of 8085
Addressing modes of 8085Addressing modes of 8085
Addressing modes of 8085Gaurav Solanki
 
Addressing modes 8085
Addressing modes 8085Addressing modes 8085
Addressing modes 8085ShivamSood22
 
8085 instructions and addressing modes
8085 instructions and addressing modes8085 instructions and addressing modes
8085 instructions and addressing modesSuchismita Paul
 
Timing Diagram.pptx
Timing Diagram.pptxTiming Diagram.pptx
Timing Diagram.pptxISMT College
 
Addressing modes of 8085 by Er. Swapnil V. Kaware
Addressing modes of 8085 by Er. Swapnil V. KawareAddressing modes of 8085 by Er. Swapnil V. Kaware
Addressing modes of 8085 by Er. Swapnil V. KawareProf. Swapnil V. Kaware
 
Addresing mode and timing diagram
Addresing mode and timing diagramAddresing mode and timing diagram
Addresing mode and timing diagramtrivediau1
 
Addressing modes 8085
Addressing modes 8085Addressing modes 8085
Addressing modes 8085varun sukheja
 
instructions of 8085 Microprocessor
instructions of 8085 Microprocessorinstructions of 8085 Microprocessor
instructions of 8085 MicroprocessorPooja mittal
 
8051 addressing modes
8051 addressing modes8051 addressing modes
8051 addressing modessb108ec
 
4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptxISMT College
 
Chapter 7 - Programming Techniques with Additional Instructions
Chapter 7 - Programming Techniques with Additional InstructionsChapter 7 - Programming Techniques with Additional Instructions
Chapter 7 - Programming Techniques with Additional Instructionscmkandemir
 
8051d
8051d8051d
8051dSenthil Kumar
 
Addressing modes of 8085
Addressing modes of 8085Addressing modes of 8085
Addressing modes of 8085Syed Zaid Irshad
 
Addressing Modes of 8085 Microprocessor
Addressing Modes of 8085 MicroprocessorAddressing Modes of 8085 Microprocessor
Addressing Modes of 8085 MicroprocessorDnyaneshwar Beedkar
 
SHLD and LHLD instruction
SHLD and LHLD instructionSHLD and LHLD instruction
SHLD and LHLD instructionRomilkumar Siddhapura
 
Instruction.pdf
Instruction.pdfInstruction.pdf
Instruction.pdfISMT College
 
Instruction set of 8085
Instruction set of 8085Instruction set of 8085
Instruction set of 8085shiji v r
 
Unit 5 assembly language programming
Unit 5 assembly language programmingUnit 5 assembly language programming
Unit 5 assembly language programmingKartik Sharma
 
Chapter 6 - Introduction to 8085 Instructions
Chapter 6 - Introduction to 8085 InstructionsChapter 6 - Introduction to 8085 Instructions
Chapter 6 - Introduction to 8085 Instructionscmkandemir
 
8051 instruction set
8051 instruction set8051 instruction set
8051 instruction setprakash y
 
8051 addressing modes &amp; instruction set
8051 addressing modes &amp; instruction set8051 addressing modes &amp; instruction set
8051 addressing modes &amp; instruction setManoj Babar
 
Chapter 8
Chapter 8Chapter 8
Chapter 8deval patel
 
8085 addressing modes(For College Seminars)
8085 addressing modes(For College Seminars)8085 addressing modes(For College Seminars)
8085 addressing modes(For College Seminars)Naman Joshi
 
Addressing modes of 8051
Addressing modes of 8051Addressing modes of 8051
Addressing modes of 8051SARITHA REDDY
 
8085 addressing modes
8085 addressing modes8085 addressing modes
8085 addressing modesVijay Kumar
 
Intel 8085 mp
Intel 8085 mpIntel 8085 mp
Intel 8085 mpShaswata Chowdhury
 
Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelesskratos2424
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 

More Related Content

What's hot

Addressing modes 8085
Addressing modes 8085Addressing modes 8085
Addressing modes 8085varun sukheja
 
instructions of 8085 Microprocessor
instructions of 8085 Microprocessorinstructions of 8085 Microprocessor
instructions of 8085 MicroprocessorPooja mittal
 
8051 addressing modes
8051 addressing modes8051 addressing modes
8051 addressing modessb108ec
 
4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptxISMT College
 
Chapter 7 - Programming Techniques with Additional Instructions
Chapter 7 - Programming Techniques with Additional InstructionsChapter 7 - Programming Techniques with Additional Instructions
Chapter 7 - Programming Techniques with Additional Instructionscmkandemir
 
Addressing Modes of 8085 Microprocessor
Addressing Modes of 8085 MicroprocessorAddressing Modes of 8085 Microprocessor
Addressing Modes of 8085 MicroprocessorDnyaneshwar Beedkar
 
Instruction set of 8085
Instruction set of 8085Instruction set of 8085
Instruction set of 8085shiji v r
 
Unit 5 assembly language programming
Unit 5 assembly language programmingUnit 5 assembly language programming
Unit 5 assembly language programmingKartik Sharma
 
Chapter 6 - Introduction to 8085 Instructions
Chapter 6 - Introduction to 8085 InstructionsChapter 6 - Introduction to 8085 Instructions
Chapter 6 - Introduction to 8085 Instructionscmkandemir
 
8051 instruction set
8051 instruction set8051 instruction set
8051 instruction setprakash y
 
8051 addressing modes &amp; instruction set
8051 addressing modes &amp; instruction set8051 addressing modes &amp; instruction set
8051 addressing modes &amp; instruction setManoj Babar
 
8085 addressing modes(For College Seminars)
8085 addressing modes(For College Seminars)8085 addressing modes(For College Seminars)
8085 addressing modes(For College Seminars)Naman Joshi
 
Addressing modes of 8051
Addressing modes of 8051Addressing modes of 8051
Addressing modes of 8051SARITHA REDDY
 
8085 addressing modes
8085 addressing modes8085 addressing modes
8085 addressing modesVijay Kumar
 

What's hot (20)

Addressing modes 8085
Addressing modes 8085Addressing modes 8085
Addressing modes 8085
 
instructions of 8085 Microprocessor
instructions of 8085 Microprocessorinstructions of 8085 Microprocessor
instructions of 8085 Microprocessor
 
8051 addressing modes
8051 addressing modes8051 addressing modes
8051 addressing modes
 
4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx
 
Chapter 7 - Programming Techniques with Additional Instructions
Chapter 7 - Programming Techniques with Additional InstructionsChapter 7 - Programming Techniques with Additional Instructions
Chapter 7 - Programming Techniques with Additional Instructions
 
8051d
8051d8051d
8051d
 
Addressing modes of 8085
Addressing modes of 8085Addressing modes of 8085
Addressing modes of 8085
 
Addressing Modes of 8085 Microprocessor
Addressing Modes of 8085 MicroprocessorAddressing Modes of 8085 Microprocessor
Addressing Modes of 8085 Microprocessor
 
SHLD and LHLD instruction
SHLD and LHLD instructionSHLD and LHLD instruction
SHLD and LHLD instruction
 
Instruction.pdf
Instruction.pdfInstruction.pdf
Instruction.pdf
 
Instruction set of 8085
Instruction set of 8085Instruction set of 8085
Instruction set of 8085
 
Unit 5 assembly language programming
Unit 5 assembly language programmingUnit 5 assembly language programming
Unit 5 assembly language programming
 
Chapter 6 - Introduction to 8085 Instructions
Chapter 6 - Introduction to 8085 InstructionsChapter 6 - Introduction to 8085 Instructions
Chapter 6 - Introduction to 8085 Instructions
 
8051 instruction set
8051 instruction set8051 instruction set
8051 instruction set
 
8051 addressing modes &amp; instruction set
8051 addressing modes &amp; instruction set8051 addressing modes &amp; instruction set
8051 addressing modes &amp; instruction set
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 
8085 addressing modes(For College Seminars)
8085 addressing modes(For College Seminars)8085 addressing modes(For College Seminars)
8085 addressing modes(For College Seminars)
 
Addressing modes of 8051
Addressing modes of 8051Addressing modes of 8051
Addressing modes of 8051
 
8085 addressing modes
8085 addressing modes8085 addressing modes
8085 addressing modes
 
Intel 8085 mp
Intel 8085 mpIntel 8085 mp
Intel 8085 mp
 

Similar to Attack.pptx

Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelesskratos2424
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANNetgear Italia
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationAbdelkhalik Mosa
 
Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)Geethu Jose
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Dân Chơi
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptxjoko
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1aghacrom
 
Sept 2017 internetworking
Sept 2017 internetworkingSept 2017 internetworking
Sept 2017 internetworkingshahin raj
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Floodlight OpenFlow DDoS
Floodlight OpenFlow DDoSFloodlight OpenFlow DDoS
Floodlight OpenFlow DDoSYoav Francis
 
Socket programming using C
Socket programming using CSocket programming using C
Socket programming using CAjit Nayak
 

Similar to Attack.pptx (20)

Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wireless
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
 
Network security
Network securityNetwork security
Network security
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
 
Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
6005679.ppt
6005679.ppt6005679.ppt
6005679.ppt
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Network Programming Assignment Help
Network Programming Assignment HelpNetwork Programming Assignment Help
Network Programming Assignment Help
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1
 
Sept 2017 internetworking
Sept 2017 internetworkingSept 2017 internetworking
Sept 2017 internetworking
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Floodlight OpenFlow DDoS
Floodlight OpenFlow DDoSFloodlight OpenFlow DDoS
Floodlight OpenFlow DDoS
 
Socket programming using C
Socket programming using CSocket programming using C
Socket programming using C
 

More from ISMT College

Time delays & counter.ppt
Time delays & counter.pptTime delays & counter.ppt
Time delays & counter.pptISMT College
 
2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptx2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptxISMT College
 
1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptx1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptxISMT College
 
Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2ISMT College
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicISMT College
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Introduction to Counters
Introduction to CountersIntroduction to Counters
Introduction to CountersISMT College
 
Chapter 2.1 introduction to number system
Chapter 2.1 introduction to number systemChapter 2.1 introduction to number system
Chapter 2.1 introduction to number systemISMT College
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicISMT College
 
Programmable logic devices
Programmable logic devicesProgrammable logic devices
Programmable logic devicesISMT College
 
Basic Gates in Digital Logic
Basic Gates in Digital LogicBasic Gates in Digital Logic
Basic Gates in Digital LogicISMT College
 
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)ISMT College
 
Register in Digital Logic
Register in Digital LogicRegister in Digital Logic
Register in Digital LogicISMT College
 

More from ISMT College (14)

Time delays & counter.ppt
Time delays & counter.pptTime delays & counter.ppt
Time delays & counter.ppt
 
2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptx2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptx
 
1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptx1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptx
 
Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital Logic
 
VLAN
VLANVLAN
VLAN
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Introduction to Counters
Introduction to CountersIntroduction to Counters
Introduction to Counters
 
Chapter 2.1 introduction to number system
Chapter 2.1 introduction to number systemChapter 2.1 introduction to number system
Chapter 2.1 introduction to number system
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital Logic
 
Programmable logic devices
Programmable logic devicesProgrammable logic devices
Programmable logic devices
 
Basic Gates in Digital Logic
Basic Gates in Digital LogicBasic Gates in Digital Logic
Basic Gates in Digital Logic
 
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
 
Register in Digital Logic
Register in Digital LogicRegister in Digital Logic
Register in Digital Logic
 

Recently uploaded

(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Recently uploaded (20)

Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 

Attack.pptx

  • 1. Attacks Prepared by: Roshan Kandel Masters in Information & Communication Engineering 1
  • 2. Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • This type of attack is also known as CAM table overflow attack. • Within a very short time, the switch's MAC Address table is full with fake MAC address/port mappings. • Switch's MAC address table has only a limited amount of memory. • The switch can not save any more MAC address in its MAC Address table. 2
  • 3. Following images shows a Switch's MAC address table before and after flooding attack. 3
  • 4. • Once the switch's MAC address table is full and it can not save any more MAC address, its enters into a fail-open mode and start behaving like a network Hub. • Frames are flooded to all ports, similar to broadcast type of communication. • Now, what is the benefit of the attacker? • The attacker's machine will be delivered with all the frames between the victim and another machines. • The attacker will be able to capture sensitive data from network. 4
  • 5. How to prevent MAC flooding attacks? • Cisco switches are packed with in-built security feature against MAC flooding attacks, called as Port Security. • Port Security is a feature of Cisco Switches, which give protection against MAC flooding attacks. 5
  • 6. How to prevent MAC flooding attacks by configuring switchport port-security 6
  • 7. Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • MAC flooding attack can soon drain the memory resources allocated for MAC address table and later the switch will start behaving like a network Hub. • Port Security feature can protect the switch from MAC flooding attacks. 7
  • 8. • Port security feature can also protect the switch from DHCP starvation attacks, where a client start flooding the network with very large number of DHCP requests, each using a different source MAC address. • DHCP starvation attacks can result in depletion of available IP addresses in DHCP Server scope. • Port security feature is meant for access ports and it will not work on trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer) ports. 8
  • 9. Concepts of Port Security • The goal of Port Security is to prevent a network attacker from sending large number of Ethernet Frames with forged fake source MAC addresses to a Switch interface. • This goal is achieved by the following settings, which are related with a switch interface. • 1) Enable Port Security Feature. Port security is disabled by default. "switchport port-security" (at interface configuration mode) command can be used to enables Port Security. • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#switchport port-security 9
  • 10. • 2) Specify a maximum number of MAC addresses allowed on that interface. Remember, it is possible that more that one genuine devices are connected to a switch interface (Example: a phone and a computer). • SW1(config-if)#switchport port-security maximum ? • <1-4097> Maximum addresses 10
  • 11. • 3) Define the MAC Addresses of known devices, which are going to access the network via that interface. We can do this by either hardcoding the MAC addresses of known devices (statically define the known MAC addresses) or configure "sticky" MAC Address. • Sticky MAC addresses ("switchport port-security mac-address sticky") will allow us to enter dynamically learned MAC addresses to running config. • The default number of known secure MAC addresses is one. • SW1(config-if)#switchport port-security mac-address ? • H.H.H 48 bit mac address • sticky Configure dynamic secure addresses as sticky 11
  • 12. • 4) Specify an action to do when a violation occurred on above conditions. • When a violation occurs in switch Port Security, Cisco switches can be configured to act in one of the three options explained below. • Protect: When "protect" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. Frames with known source MAC addresses are allowed. No SNMP trap and a syslog message are generated. The "protect" option is the lowest port security option available. 12
  • 13. • Restrict: When "restrict" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. The restrict option also sends an SNMP trap and a syslog message and increments a violation counter when a port security violation occurs. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. 13
  • 14. • Shutdown: When "shutdown" option is configured and a violation occurred in switch port security, the interface is shut down. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. Therefore, when a port security violation occurs, the interface is shutdown and no traffic is allowed on that interface. The "shutdown" option is the highest port security option available. • The default violation action is to shut down the port. • SW1(config-if)#switchport port-security violation protect/restrict/shutdown 14
  • 15. • How to view the Port Security related settings of an interface • SW1#show port-security interface gigabitethernet 0/0 • How to view the secure known MAC addresses configured for Port Security • SW1#show port-security address 15
  • 16. How to enable back an interface, after a Port Security violation related shutdown (Errdisable state) • Once a Port Security violation happened, the interface is shut down and it is in a state called as Errdisable state. Use any of the following methods to bring the interface up after a Port Security violation related shutdown. • One method to enable back an interface, after a Port Security violation related shutdown (Errdisable state) is to bring the interface down and again up by issuing the commands "shutdown" and "no shutdown". 16
  • 17. • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#shutdown • SW1(config-if)#no shutdown • SW1(config-if)#exit • SW1(config)#exit • SW1# 17
  • 18. DHCP Starvation attacks and DHCP spoofing attacks 18
  • 19. What is DHCP starvation attack? • Another type of network attack which is targeted to DHCP servers is known as DHCP starvation attack. • In a DHCP starvation attack, an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses. • If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUEST messages, available IP Addresses in the DHCP server scope will be depleted within a very short span of time. 19
  • 20. 20
  • 21. • Once the available number of IP Addresses in the DHCP server is depleted, network attackers can then set up a rogue DHCP server and respond to new DHCP requests from network DHCP clients. • By setting up a rogue DHCP server, the attacker can now launch DHCP spoofing attack. 21
  • 22. What is DHCP spoofing attack? • After a DHCP starvation attack and setting up a rogue DHCP server, the attacker can start distributing IP addresses and other TCP/IP configuration settings to the network DHCP clients. • TCP/IP configuration settings include Default Gateway and DNS Server IP addresses. • Network attackers can now replace the original legitimate Default Gateway IP Address and DNS Server IP Address with their own IP Address. 22
  • 23. • Once the Default Gateway IP Address of the network devices are is changed, the network clients start sending the traffic destined to outside networks to the attacker's computer. • The attacker can now capture sensitive user data and launch a man-in- the-middle attack. • This is called as DHCP spoofing attack. • Attacker can also set up a rogue DNS server and deviate the end user traffic to fake web sites and launch phishing attacks. 23
  • 24. How to configure DHCP Snooping? • DHCP snooping is a DHCP security feature which provides protection from DHCP starvation attacks by filtering untrusted DHCP messages. • DHCP snooping feature identifies Switch Ports as "trusted" and "untrusted". DHCP snooping feature can be used to differentiate between untrusted interfaces (where DHCP clients are connected) and trusted interfaces (where a DHCP server or another switches are connected). • Trusted ports (where a DHCP server or other switches are connected) can source all types of DHCP messages, including DHCP OFFER message. 24
  • 25. • Untrusted ports are the ports where DHCP clients are connected. • Untrusted switch ports cannot source DHCP messages like : DHCPOFFER, DHCPACK, DHCPNAK, which are normally generated by a DHCP server. By default, all switch ports are untrusted. • When DHCP snooping is enabled, Cisco switches build a table known as DHCP snooping binding database (known as DHCP snooping binding table). • DHCP snooping binding table is used to identify and filter untrusted DHCP messages from the network. 25
  • 26. • DHCP snooping binding table keeps track of DHCP addresses that are assigned to switch ports. • DHCP snooping binding table includes the client MAC address, IP address, DHCP lease time, binding type, VLAN number, and interface information on untrusted switch ports. 26
  • 27. • When a switch receives a packet on an untrusted switch port where DHCP snooping is enabled, with the help of information stored on DHCP snooping binding table the switch will be permitted or denied. • The packet is denied when 1. DHCP server related messages (Example: DHCPOFFER, DHCPACK, DHCPNAK) are received on an untrusted switch port. 2. The source MAC address does not match MAC address in the DHCP binding table entry. 27
  • 28. How to enable DHCP snooping globally • SW1#configure terminal • SW1(config)#ip dhcp snooping • SW1(config)#exit • SW1# 28
  • 29. How to enable DHCP snooping on a specific VLAN • SW1#configure terminal • SW1(config)#ip dhcp snooping vlan 500 • SW1(config)#exit • SW1# 29
  • 30. How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip dhcp snooping trust • SW1(config-if)#exit • SW1(config)#exit • SW1# 30
  • 31. How to view the DHCP snooping database • SW1#show ip dhcp snooping binding • MacAddress IpAddress Lease(sec) Type VLAN Interface • ------------------ --------------- ---------- ------------- ---- -------------------- • 00:00:AB:19:C6:00 172.16.10.183 690515 dhcp-snooping 500 Gigabitethernet0/1 • 00:00:AB:34:CB:00 172.16.10.184 690518 dhcp-snooping 500 Gigabitethernet0/2 • 00:00:AB:2A:FE:00 172.16.10.182 690512 dhcp-snooping 500 Gigabitethernet0/3 • 00:00:AB:F7:D0:00 172.16.10.181 690512 dhcp-snooping 500 Gigabitethernet0/4 • 00:00:AB:93:82:00 172.16.10.185 690518 dhcp-snooping 500 Gigabitethernet0/5 • Total number of bindings: 5 • How to view the DHCP Snooping configuration? • SW1#show ip dhcp snooping 31
  • 33. Introduction • Address Resolution Protocol (ARP) spoofing attack is a type of network attack where an attacker sends fake Address Resolution Protocol (ARP) messages inside a Local Area Network (LAN), with an aim to deviate and intercept network traffic. • In normal Address Resolution Protocol (ARP) operation, when a network device sends a ARP request (as broadcast) to find a MAC address corresponding to an IPv4 address, ARP reply comes from the legitimate network device which is configured with the IPv4 address which matches the ARP request. The ARP reply is cached by the requesting device in its ARP table. 33
  • 34. • A network attacker can abuse Address Resolution Protocol (ARP) operation by responding ARP request, posing that it has the requested IPv4 address. • Once the attacker's MAC address is mapped to a authentic legitimate IPv4 address, the attacker will begin receiving any data that is intended for that legitimate IPv4 address. • Now the attacker can launch a man-in-the-middle attack can start capturing the network traffic for any sensitive user data. 34
  • 35. • Attacker can also broadcast Gratuitous ARP message with the IPv4 address of default gateway. • Gratuitous ARP is a broadcast packet is used by network devices to announce any change in their IPv4 address or MAC address . • By sending Gratuitous ARP message with the IPv4 address of default gateway, attacker can pose as default gateway and capture all the network traffic moving outside the Local Area Network (LAN). 35
  • 36. For an example of ARP spoofing attack, consider below topology. 36
  • 37. • The IPv4 address of the default gateway is 172.16.0.1 and the corresponding MAC Address is 00:48:54:aa:aa:01. • The attacker (who is sitting at OmniSecu-PC-103) can broadcast a Gratuitous ARP message with the information that the MAC address corresponding to the IPv4 address of the default gateway (172.16.0.1) is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • This will cause the devices in the network to update their ARP table with a wrong MAC address to IPv4 address mapping. ARP table of the computer has a poisoned mapping of the default gateway IPv4 address 172.16.0.1 to the wrong MAC addresses 00:48:54:aa:aa:07. 37
  • 38. • The attacker will send ARP messages to the default gateway to deceive the default gateway that the MAC address corresponding to the computer "OmniSecu-PC-101" is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • The ARP table of the router also has a poisoned IPv4 address to MAC address mapping. ARP table of the router has a poisoned entry mapping IPv4 address of computer "OmniSecu-PC- 101" 172.16.0.101 to the wrong MAC address 00:48:54:aa:aa:07. 38
  • 39. • Now, whenever computer "OmniSecu-PC-101" sends traffic to the Internet, it will forward the network traffic to the attacker's computer, which it then forwards to the default gateway. • Since the attacker is still forwarding the traffic to the Internet via default gateway, "OmniSecu-PC-101" remains unaware that its traffic is being intercepted. • Now the attacker can try to capture the traffic for any sensitive user data 39
  • 40. 40
  • 41. Preventing ARP spoofing attacks with Dynamic ARP inspection (DAI) • Dynamic ARP Inspection (DAI) is a feature which can be used to prevent ARP spoofing attacks. • Dynamic ARP Inspection (DAI) can be enabled on switches. When enabled, Dynamic ARP Inspection (DAI) verifies IPv4 address to MAC address bindings. • If a mismatch happened on an untrusted port, Dynamic ARP Inspection (DAI) will discard spoofed ARP packets. • DAI uses the DHCP snooping binding database to validate bindings. Dynamic ARP Inspection (DAI) only inspects ARP packets from untrusted ports. 41
  • 42. • Dynamic ARP Inspection (DAI) can be enabled globally per VLAN using the command "ip arp inspection vlan <vlan-id>" By default, all ports are untrusted. To to configure a port as trusted, use the command "ip arp inspection trust", at the interface level. • How to enable Dynamic ARP Inspection (DAI) on a specific VLAN • SW1#configure terminal • SW1(config)#ip arp inspection vlan 500 42
  • 43. • How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip arp inspection trust • SW1(config-if)#exit • SW1(config)#exit 43