SlideShare a Scribd company logo

Attack.pptx

Download as PPTX, PDF
ISMT College
ISMT College

MAC Flooding Attack, Port Security, DHCP Starvation attacks and DHCP spoofing attacks, DHCP Snooping, ARP Spoofing attack, Dynamic ARP inspection (DAI)

Engineering
1 of 44
Attacks Prepared by: Roshan Kandel Masters in Information & Communication Engineering 1
Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • This type of attack is also known as CAM table overflow attack. • Within a very short time, the switch's MAC Address table is full with fake MAC address/port mappings. • Switch's MAC address table has only a limited amount of memory. • The switch can not save any more MAC address in its MAC Address table. 2
Following images shows a Switch's MAC address table before and after flooding attack. 3
• Once the switch's MAC address table is full and it can not save any more MAC address, its enters into a fail-open mode and start behaving like a network Hub. • Frames are flooded to all ports, similar to broadcast type of communication. • Now, what is the benefit of the attacker? • The attacker's machine will be delivered with all the frames between the victim and another machines. • The attacker will be able to capture sensitive data from network. 4
How to prevent MAC flooding attacks? • Cisco switches are packed with in-built security feature against MAC flooding attacks, called as Port Security. • Port Security is a feature of Cisco Switches, which give protection against MAC flooding attacks. 5
How to prevent MAC flooding attacks by configuring switchport port-security 6
Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • MAC flooding attack can soon drain the memory resources allocated for MAC address table and later the switch will start behaving like a network Hub. • Port Security feature can protect the switch from MAC flooding attacks. 7
• Port security feature can also protect the switch from DHCP starvation attacks, where a client start flooding the network with very large number of DHCP requests, each using a different source MAC address. • DHCP starvation attacks can result in depletion of available IP addresses in DHCP Server scope. • Port security feature is meant for access ports and it will not work on trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer) ports. 8
Concepts of Port Security • The goal of Port Security is to prevent a network attacker from sending large number of Ethernet Frames with forged fake source MAC addresses to a Switch interface. • This goal is achieved by the following settings, which are related with a switch interface. • 1) Enable Port Security Feature. Port security is disabled by default. "switchport port-security" (at interface configuration mode) command can be used to enables Port Security. • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#switchport port-security 9
• 2) Specify a maximum number of MAC addresses allowed on that interface. Remember, it is possible that more that one genuine devices are connected to a switch interface (Example: a phone and a computer). • SW1(config-if)#switchport port-security maximum ? • <1-4097> Maximum addresses 10
• 3) Define the MAC Addresses of known devices, which are going to access the network via that interface. We can do this by either hardcoding the MAC addresses of known devices (statically define the known MAC addresses) or configure "sticky" MAC Address. • Sticky MAC addresses ("switchport port-security mac-address sticky") will allow us to enter dynamically learned MAC addresses to running config. • The default number of known secure MAC addresses is one. • SW1(config-if)#switchport port-security mac-address ? • H.H.H 48 bit mac address • sticky Configure dynamic secure addresses as sticky 11
• 4) Specify an action to do when a violation occurred on above conditions. • When a violation occurs in switch Port Security, Cisco switches can be configured to act in one of the three options explained below. • Protect: When "protect" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. Frames with known source MAC addresses are allowed. No SNMP trap and a syslog message are generated. The "protect" option is the lowest port security option available. 12
• Restrict: When "restrict" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. The restrict option also sends an SNMP trap and a syslog message and increments a violation counter when a port security violation occurs. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. 13
• Shutdown: When "shutdown" option is configured and a violation occurred in switch port security, the interface is shut down. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. Therefore, when a port security violation occurs, the interface is shutdown and no traffic is allowed on that interface. The "shutdown" option is the highest port security option available. • The default violation action is to shut down the port. • SW1(config-if)#switchport port-security violation protect/restrict/shutdown 14
• How to view the Port Security related settings of an interface • SW1#show port-security interface gigabitethernet 0/0 • How to view the secure known MAC addresses configured for Port Security • SW1#show port-security address 15
How to enable back an interface, after a Port Security violation related shutdown (Errdisable state) • Once a Port Security violation happened, the interface is shut down and it is in a state called as Errdisable state. Use any of the following methods to bring the interface up after a Port Security violation related shutdown. • One method to enable back an interface, after a Port Security violation related shutdown (Errdisable state) is to bring the interface down and again up by issuing the commands "shutdown" and "no shutdown". 16
• SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#shutdown • SW1(config-if)#no shutdown • SW1(config-if)#exit • SW1(config)#exit • SW1# 17
DHCP Starvation attacks and DHCP spoofing attacks 18
What is DHCP starvation attack? • Another type of network attack which is targeted to DHCP servers is known as DHCP starvation attack. • In a DHCP starvation attack, an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses. • If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUEST messages, available IP Addresses in the DHCP server scope will be depleted within a very short span of time. 19
20
• Once the available number of IP Addresses in the DHCP server is depleted, network attackers can then set up a rogue DHCP server and respond to new DHCP requests from network DHCP clients. • By setting up a rogue DHCP server, the attacker can now launch DHCP spoofing attack. 21
What is DHCP spoofing attack? • After a DHCP starvation attack and setting up a rogue DHCP server, the attacker can start distributing IP addresses and other TCP/IP configuration settings to the network DHCP clients. • TCP/IP configuration settings include Default Gateway and DNS Server IP addresses. • Network attackers can now replace the original legitimate Default Gateway IP Address and DNS Server IP Address with their own IP Address. 22
• Once the Default Gateway IP Address of the network devices are is changed, the network clients start sending the traffic destined to outside networks to the attacker's computer. • The attacker can now capture sensitive user data and launch a man-in- the-middle attack. • This is called as DHCP spoofing attack. • Attacker can also set up a rogue DNS server and deviate the end user traffic to fake web sites and launch phishing attacks. 23
How to configure DHCP Snooping? • DHCP snooping is a DHCP security feature which provides protection from DHCP starvation attacks by filtering untrusted DHCP messages. • DHCP snooping feature identifies Switch Ports as "trusted" and "untrusted". DHCP snooping feature can be used to differentiate between untrusted interfaces (where DHCP clients are connected) and trusted interfaces (where a DHCP server or another switches are connected). • Trusted ports (where a DHCP server or other switches are connected) can source all types of DHCP messages, including DHCP OFFER message. 24
• Untrusted ports are the ports where DHCP clients are connected. • Untrusted switch ports cannot source DHCP messages like : DHCPOFFER, DHCPACK, DHCPNAK, which are normally generated by a DHCP server. By default, all switch ports are untrusted. • When DHCP snooping is enabled, Cisco switches build a table known as DHCP snooping binding database (known as DHCP snooping binding table). • DHCP snooping binding table is used to identify and filter untrusted DHCP messages from the network. 25
• DHCP snooping binding table keeps track of DHCP addresses that are assigned to switch ports. • DHCP snooping binding table includes the client MAC address, IP address, DHCP lease time, binding type, VLAN number, and interface information on untrusted switch ports. 26
• When a switch receives a packet on an untrusted switch port where DHCP snooping is enabled, with the help of information stored on DHCP snooping binding table the switch will be permitted or denied. • The packet is denied when 1. DHCP server related messages (Example: DHCPOFFER, DHCPACK, DHCPNAK) are received on an untrusted switch port. 2. The source MAC address does not match MAC address in the DHCP binding table entry. 27
How to enable DHCP snooping globally • SW1#configure terminal • SW1(config)#ip dhcp snooping • SW1(config)#exit • SW1# 28
How to enable DHCP snooping on a specific VLAN • SW1#configure terminal • SW1(config)#ip dhcp snooping vlan 500 • SW1(config)#exit • SW1# 29
How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip dhcp snooping trust • SW1(config-if)#exit • SW1(config)#exit • SW1# 30
How to view the DHCP snooping database • SW1#show ip dhcp snooping binding • MacAddress IpAddress Lease(sec) Type VLAN Interface • ------------------ --------------- ---------- ------------- ---- -------------------- • 00:00:AB:19:C6:00 172.16.10.183 690515 dhcp-snooping 500 Gigabitethernet0/1 • 00:00:AB:34:CB:00 172.16.10.184 690518 dhcp-snooping 500 Gigabitethernet0/2 • 00:00:AB:2A:FE:00 172.16.10.182 690512 dhcp-snooping 500 Gigabitethernet0/3 • 00:00:AB:F7:D0:00 172.16.10.181 690512 dhcp-snooping 500 Gigabitethernet0/4 • 00:00:AB:93:82:00 172.16.10.185 690518 dhcp-snooping 500 Gigabitethernet0/5 • Total number of bindings: 5 • How to view the DHCP Snooping configuration? • SW1#show ip dhcp snooping 31
ARP Spoofing attack 32
Introduction • Address Resolution Protocol (ARP) spoofing attack is a type of network attack where an attacker sends fake Address Resolution Protocol (ARP) messages inside a Local Area Network (LAN), with an aim to deviate and intercept network traffic. • In normal Address Resolution Protocol (ARP) operation, when a network device sends a ARP request (as broadcast) to find a MAC address corresponding to an IPv4 address, ARP reply comes from the legitimate network device which is configured with the IPv4 address which matches the ARP request. The ARP reply is cached by the requesting device in its ARP table. 33
• A network attacker can abuse Address Resolution Protocol (ARP) operation by responding ARP request, posing that it has the requested IPv4 address. • Once the attacker's MAC address is mapped to a authentic legitimate IPv4 address, the attacker will begin receiving any data that is intended for that legitimate IPv4 address. • Now the attacker can launch a man-in-the-middle attack can start capturing the network traffic for any sensitive user data. 34
• Attacker can also broadcast Gratuitous ARP message with the IPv4 address of default gateway. • Gratuitous ARP is a broadcast packet is used by network devices to announce any change in their IPv4 address or MAC address . • By sending Gratuitous ARP message with the IPv4 address of default gateway, attacker can pose as default gateway and capture all the network traffic moving outside the Local Area Network (LAN). 35
For an example of ARP spoofing attack, consider below topology. 36
• The IPv4 address of the default gateway is 172.16.0.1 and the corresponding MAC Address is 00:48:54:aa:aa:01. • The attacker (who is sitting at OmniSecu-PC-103) can broadcast a Gratuitous ARP message with the information that the MAC address corresponding to the IPv4 address of the default gateway (172.16.0.1) is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • This will cause the devices in the network to update their ARP table with a wrong MAC address to IPv4 address mapping. ARP table of the computer has a poisoned mapping of the default gateway IPv4 address 172.16.0.1 to the wrong MAC addresses 00:48:54:aa:aa:07. 37
• The attacker will send ARP messages to the default gateway to deceive the default gateway that the MAC address corresponding to the computer "OmniSecu-PC-101" is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • The ARP table of the router also has a poisoned IPv4 address to MAC address mapping. ARP table of the router has a poisoned entry mapping IPv4 address of computer "OmniSecu-PC- 101" 172.16.0.101 to the wrong MAC address 00:48:54:aa:aa:07. 38
• Now, whenever computer "OmniSecu-PC-101" sends traffic to the Internet, it will forward the network traffic to the attacker's computer, which it then forwards to the default gateway. • Since the attacker is still forwarding the traffic to the Internet via default gateway, "OmniSecu-PC-101" remains unaware that its traffic is being intercepted. • Now the attacker can try to capture the traffic for any sensitive user data 39
40
Preventing ARP spoofing attacks with Dynamic ARP inspection (DAI) • Dynamic ARP Inspection (DAI) is a feature which can be used to prevent ARP spoofing attacks. • Dynamic ARP Inspection (DAI) can be enabled on switches. When enabled, Dynamic ARP Inspection (DAI) verifies IPv4 address to MAC address bindings. • If a mismatch happened on an untrusted port, Dynamic ARP Inspection (DAI) will discard spoofed ARP packets. • DAI uses the DHCP snooping binding database to validate bindings. Dynamic ARP Inspection (DAI) only inspects ARP packets from untrusted ports. 41
• Dynamic ARP Inspection (DAI) can be enabled globally per VLAN using the command "ip arp inspection vlan <vlan-id>" By default, all ports are untrusted. To to configure a port as trusted, use the command "ip arp inspection trust", at the interface level. • How to enable Dynamic ARP Inspection (DAI) on a specific VLAN • SW1#configure terminal • SW1(config)#ip arp inspection vlan 500 42
• How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip arp inspection trust • SW1(config-if)#exit • SW1(config)#exit 43
Thank You 44

Recommended

Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
dkaya
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
samis
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6rahul kundu
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 

Recommended

Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
dkaya
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
samis
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6rahul kundu
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik TutorialMd Sohrab Hossain Sourav
 
Subnetting
SubnettingSubnetting
SubnettingGichelle Amon
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
Tan Huynh Cong
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
IP Subnetting
IP SubnettingIP Subnetting
IP Subnetting
Shahzad Rashid
 
Dhcp
DhcpDhcp
Dhcp
Chinmoy Jena
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
 
Ipv4 vs Ipv6 comparison
Ipv4 vs Ipv6 comparisonIpv4 vs Ipv6 comparison
Ipv4 vs Ipv6 comparison
Shailesh Pachori
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
Mahmmoud Mahdi
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
CHETAN THAKRE
 
DHCP
DHCPDHCP
DHCPKashif Latif
 
Subnet Mask
Subnet MaskSubnet Mask
Subnet Mask
NetProtocol Xpert
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 
Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelesskratos2424
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 

More Related Content

What's hot

Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
Tan Huynh Cong
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
IP Subnetting
IP SubnettingIP Subnetting
IP Subnetting
Shahzad Rashid
 
Dhcp
DhcpDhcp
Dhcp
Chinmoy Jena
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
 
Ipv4 vs Ipv6 comparison
Ipv4 vs Ipv6 comparisonIpv4 vs Ipv6 comparison
Ipv4 vs Ipv6 comparison
Shailesh Pachori
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
Mahmmoud Mahdi
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
CHETAN THAKRE
 
Subnet Mask
Subnet MaskSubnet Mask
Subnet Mask
NetProtocol Xpert
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 

What's hot (20)

Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Network Security
Network SecurityNetwork Security
Network Security
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik Tutorial
 
Subnetting
SubnettingSubnetting
Subnetting
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
IP Subnetting
IP SubnettingIP Subnetting
IP Subnetting
 
Dhcp
DhcpDhcp
Dhcp
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Ipv4 vs Ipv6 comparison
Ipv4 vs Ipv6 comparisonIpv4 vs Ipv6 comparison
Ipv4 vs Ipv6 comparison
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
 
DHCP
DHCPDHCP
DHCP
 
Subnet Mask
Subnet MaskSubnet Mask
Subnet Mask
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
 

Similar to Attack.pptx

Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelesskratos2424
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Netgear Italia
 
Network security
Network securityNetwork security
Network security
Telematika Open Session
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
Abdelkhalik Mosa
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
Hector Camba Lainez
 
Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)
Geethu Jose
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Dân Chơi
 
6005679.ppt
6005679.ppt6005679.ppt
6005679.ppt
AlmaOraevi
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
joko
 
Network Programming Assignment Help
Network Programming Assignment HelpNetwork Programming Assignment Help
Network Programming Assignment Help
HelpWithAssignment.com
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1aghacrom
 
Sept 2017 internetworking
Sept 2017 internetworkingSept 2017 internetworking
Sept 2017 internetworking
shahin raj
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
NetProtocol Xpert
 
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
RashidFaridChishti
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
Abdessamad TEMMAR
 
Floodlight OpenFlow DDoS
Floodlight OpenFlow DDoSFloodlight OpenFlow DDoS
Floodlight OpenFlow DDoS
Yoav Francis
 
Socket programming using C
Socket programming using CSocket programming using C
Socket programming using C
Ajit Nayak
 

Similar to Attack.pptx (20)

Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wireless
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
 
Network security
Network securityNetwork security
Network security
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
 
Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011
 
6005679.ppt
6005679.ppt6005679.ppt
6005679.ppt
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Network Programming Assignment Help
Network Programming Assignment HelpNetwork Programming Assignment Help
Network Programming Assignment Help
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1
 
Sept 2017 internetworking
Sept 2017 internetworkingSept 2017 internetworking
Sept 2017 internetworking
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
 
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Floodlight OpenFlow DDoS
Floodlight OpenFlow DDoSFloodlight OpenFlow DDoS
Floodlight OpenFlow DDoS
 
Socket programming using C
Socket programming using CSocket programming using C
Socket programming using C
 

More from ISMT College

Time delays & counter.ppt
Time delays & counter.pptTime delays & counter.ppt
Time delays & counter.ppt
ISMT College
 
Timing Diagram.pptx
Timing Diagram.pptxTiming Diagram.pptx
Timing Diagram.pptx
ISMT College
 
4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx
ISMT College
 
Instruction.pdf
Instruction.pdfInstruction.pdf
Instruction.pdf
ISMT College
 
3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptx3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptx
ISMT College
 
2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptx2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptx
ISMT College
 
1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptx1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptx
ISMT College
 
Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2
ISMT College
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital Logic
ISMT College
 
VLAN
VLANVLAN
VLAN
ISMT College
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Introduction to Counters
Introduction to CountersIntroduction to Counters
Introduction to Counters
ISMT College
 
Chapter 2.1 introduction to number system
Chapter 2.1 introduction to number systemChapter 2.1 introduction to number system
Chapter 2.1 introduction to number system
ISMT College
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital Logic
ISMT College
 
Programmable logic devices
Programmable logic devicesProgrammable logic devices
Programmable logic devices
ISMT College
 
Basic Gates in Digital Logic
Basic Gates in Digital LogicBasic Gates in Digital Logic
Basic Gates in Digital Logic
ISMT College
 
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
ISMT College
 
Register in Digital Logic
Register in Digital LogicRegister in Digital Logic
Register in Digital Logic
ISMT College
 

More from ISMT College (18)

Time delays & counter.ppt
Time delays & counter.pptTime delays & counter.ppt
Time delays & counter.ppt
 
Timing Diagram.pptx
Timing Diagram.pptxTiming Diagram.pptx
Timing Diagram.pptx
 
4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx4. Instruction Set Of MP 8085.pptx
4. Instruction Set Of MP 8085.pptx
 
Instruction.pdf
Instruction.pdfInstruction.pdf
Instruction.pdf
 
3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptx3. Addressing Modes in 8085 microprocessor.pptx
3. Addressing Modes in 8085 microprocessor.pptx
 
2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptx2. 8085-Microprocessor.pptx
2. 8085-Microprocessor.pptx
 
1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptx1. Introduction to Microprocessor.pptx
1. Introduction to Microprocessor.pptx
 
Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2Digital Logic BCA TU Chapter 2.2
Digital Logic BCA TU Chapter 2.2
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital Logic
 
VLAN
VLANVLAN
VLAN
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Introduction to Counters
Introduction to CountersIntroduction to Counters
Introduction to Counters
 
Chapter 2.1 introduction to number system
Chapter 2.1 introduction to number systemChapter 2.1 introduction to number system
Chapter 2.1 introduction to number system
 
Chapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital LogicChapter 1 Introduction to Digital Logic
Chapter 1 Introduction to Digital Logic
 
Programmable logic devices
Programmable logic devicesProgrammable logic devices
Programmable logic devices
 
Basic Gates in Digital Logic
Basic Gates in Digital LogicBasic Gates in Digital Logic
Basic Gates in Digital Logic
 
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
Adder & subtractor (Half adder, Full adder, Half subtractor, Full subtractor)
 
Register in Digital Logic
Register in Digital LogicRegister in Digital Logic
Register in Digital Logic
 

Recently uploaded

Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
manasideore6
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
Robbie Edward Sayers
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
BrazilAccount1
 

Recently uploaded (20)

Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
 

Attack.pptx

  • 1. Attacks Prepared by: Roshan Kandel Masters in Information & Communication Engineering 1
  • 2. Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • This type of attack is also known as CAM table overflow attack. • Within a very short time, the switch's MAC Address table is full with fake MAC address/port mappings. • Switch's MAC address table has only a limited amount of memory. • The switch can not save any more MAC address in its MAC Address table. 2
  • 3. Following images shows a Switch's MAC address table before and after flooding attack. 3
  • 4. • Once the switch's MAC address table is full and it can not save any more MAC address, its enters into a fail-open mode and start behaving like a network Hub. • Frames are flooded to all ports, similar to broadcast type of communication. • Now, what is the benefit of the attacker? • The attacker's machine will be delivered with all the frames between the victim and another machines. • The attacker will be able to capture sensitive data from network. 4
  • 5. How to prevent MAC flooding attacks? • Cisco switches are packed with in-built security feature against MAC flooding attacks, called as Port Security. • Port Security is a feature of Cisco Switches, which give protection against MAC flooding attacks. 5
  • 6. How to prevent MAC flooding attacks by configuring switchport port-security 6
  • 7. Introduction • MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. • MAC flooding attack can soon drain the memory resources allocated for MAC address table and later the switch will start behaving like a network Hub. • Port Security feature can protect the switch from MAC flooding attacks. 7
  • 8. • Port security feature can also protect the switch from DHCP starvation attacks, where a client start flooding the network with very large number of DHCP requests, each using a different source MAC address. • DHCP starvation attacks can result in depletion of available IP addresses in DHCP Server scope. • Port security feature is meant for access ports and it will not work on trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer) ports. 8
  • 9. Concepts of Port Security • The goal of Port Security is to prevent a network attacker from sending large number of Ethernet Frames with forged fake source MAC addresses to a Switch interface. • This goal is achieved by the following settings, which are related with a switch interface. • 1) Enable Port Security Feature. Port security is disabled by default. "switchport port-security" (at interface configuration mode) command can be used to enables Port Security. • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#switchport port-security 9
  • 10. • 2) Specify a maximum number of MAC addresses allowed on that interface. Remember, it is possible that more that one genuine devices are connected to a switch interface (Example: a phone and a computer). • SW1(config-if)#switchport port-security maximum ? • <1-4097> Maximum addresses 10
  • 11. • 3) Define the MAC Addresses of known devices, which are going to access the network via that interface. We can do this by either hardcoding the MAC addresses of known devices (statically define the known MAC addresses) or configure "sticky" MAC Address. • Sticky MAC addresses ("switchport port-security mac-address sticky") will allow us to enter dynamically learned MAC addresses to running config. • The default number of known secure MAC addresses is one. • SW1(config-if)#switchport port-security mac-address ? • H.H.H 48 bit mac address • sticky Configure dynamic secure addresses as sticky 11
  • 12. • 4) Specify an action to do when a violation occurred on above conditions. • When a violation occurs in switch Port Security, Cisco switches can be configured to act in one of the three options explained below. • Protect: When "protect" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. Frames with known source MAC addresses are allowed. No SNMP trap and a syslog message are generated. The "protect" option is the lowest port security option available. 12
  • 13. • Restrict: When "restrict" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. The restrict option also sends an SNMP trap and a syslog message and increments a violation counter when a port security violation occurs. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. 13
  • 14. • Shutdown: When "shutdown" option is configured and a violation occurred in switch port security, the interface is shut down. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. Therefore, when a port security violation occurs, the interface is shutdown and no traffic is allowed on that interface. The "shutdown" option is the highest port security option available. • The default violation action is to shut down the port. • SW1(config-if)#switchport port-security violation protect/restrict/shutdown 14
  • 15. • How to view the Port Security related settings of an interface • SW1#show port-security interface gigabitethernet 0/0 • How to view the secure known MAC addresses configured for Port Security • SW1#show port-security address 15
  • 16. How to enable back an interface, after a Port Security violation related shutdown (Errdisable state) • Once a Port Security violation happened, the interface is shut down and it is in a state called as Errdisable state. Use any of the following methods to bring the interface up after a Port Security violation related shutdown. • One method to enable back an interface, after a Port Security violation related shutdown (Errdisable state) is to bring the interface down and again up by issuing the commands "shutdown" and "no shutdown". 16
  • 17. • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#shutdown • SW1(config-if)#no shutdown • SW1(config-if)#exit • SW1(config)#exit • SW1# 17
  • 18. DHCP Starvation attacks and DHCP spoofing attacks 18
  • 19. What is DHCP starvation attack? • Another type of network attack which is targeted to DHCP servers is known as DHCP starvation attack. • In a DHCP starvation attack, an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses. • If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUEST messages, available IP Addresses in the DHCP server scope will be depleted within a very short span of time. 19
  • 20. 20
  • 21. • Once the available number of IP Addresses in the DHCP server is depleted, network attackers can then set up a rogue DHCP server and respond to new DHCP requests from network DHCP clients. • By setting up a rogue DHCP server, the attacker can now launch DHCP spoofing attack. 21
  • 22. What is DHCP spoofing attack? • After a DHCP starvation attack and setting up a rogue DHCP server, the attacker can start distributing IP addresses and other TCP/IP configuration settings to the network DHCP clients. • TCP/IP configuration settings include Default Gateway and DNS Server IP addresses. • Network attackers can now replace the original legitimate Default Gateway IP Address and DNS Server IP Address with their own IP Address. 22
  • 23. • Once the Default Gateway IP Address of the network devices are is changed, the network clients start sending the traffic destined to outside networks to the attacker's computer. • The attacker can now capture sensitive user data and launch a man-in- the-middle attack. • This is called as DHCP spoofing attack. • Attacker can also set up a rogue DNS server and deviate the end user traffic to fake web sites and launch phishing attacks. 23
  • 24. How to configure DHCP Snooping? • DHCP snooping is a DHCP security feature which provides protection from DHCP starvation attacks by filtering untrusted DHCP messages. • DHCP snooping feature identifies Switch Ports as "trusted" and "untrusted". DHCP snooping feature can be used to differentiate between untrusted interfaces (where DHCP clients are connected) and trusted interfaces (where a DHCP server or another switches are connected). • Trusted ports (where a DHCP server or other switches are connected) can source all types of DHCP messages, including DHCP OFFER message. 24
  • 25. • Untrusted ports are the ports where DHCP clients are connected. • Untrusted switch ports cannot source DHCP messages like : DHCPOFFER, DHCPACK, DHCPNAK, which are normally generated by a DHCP server. By default, all switch ports are untrusted. • When DHCP snooping is enabled, Cisco switches build a table known as DHCP snooping binding database (known as DHCP snooping binding table). • DHCP snooping binding table is used to identify and filter untrusted DHCP messages from the network. 25
  • 26. • DHCP snooping binding table keeps track of DHCP addresses that are assigned to switch ports. • DHCP snooping binding table includes the client MAC address, IP address, DHCP lease time, binding type, VLAN number, and interface information on untrusted switch ports. 26
  • 27. • When a switch receives a packet on an untrusted switch port where DHCP snooping is enabled, with the help of information stored on DHCP snooping binding table the switch will be permitted or denied. • The packet is denied when 1. DHCP server related messages (Example: DHCPOFFER, DHCPACK, DHCPNAK) are received on an untrusted switch port. 2. The source MAC address does not match MAC address in the DHCP binding table entry. 27
  • 28. How to enable DHCP snooping globally • SW1#configure terminal • SW1(config)#ip dhcp snooping • SW1(config)#exit • SW1# 28
  • 29. How to enable DHCP snooping on a specific VLAN • SW1#configure terminal • SW1(config)#ip dhcp snooping vlan 500 • SW1(config)#exit • SW1# 29
  • 30. How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip dhcp snooping trust • SW1(config-if)#exit • SW1(config)#exit • SW1# 30
  • 31. How to view the DHCP snooping database • SW1#show ip dhcp snooping binding • MacAddress IpAddress Lease(sec) Type VLAN Interface • ------------------ --------------- ---------- ------------- ---- -------------------- • 00:00:AB:19:C6:00 172.16.10.183 690515 dhcp-snooping 500 Gigabitethernet0/1 • 00:00:AB:34:CB:00 172.16.10.184 690518 dhcp-snooping 500 Gigabitethernet0/2 • 00:00:AB:2A:FE:00 172.16.10.182 690512 dhcp-snooping 500 Gigabitethernet0/3 • 00:00:AB:F7:D0:00 172.16.10.181 690512 dhcp-snooping 500 Gigabitethernet0/4 • 00:00:AB:93:82:00 172.16.10.185 690518 dhcp-snooping 500 Gigabitethernet0/5 • Total number of bindings: 5 • How to view the DHCP Snooping configuration? • SW1#show ip dhcp snooping 31
  • 33. Introduction • Address Resolution Protocol (ARP) spoofing attack is a type of network attack where an attacker sends fake Address Resolution Protocol (ARP) messages inside a Local Area Network (LAN), with an aim to deviate and intercept network traffic. • In normal Address Resolution Protocol (ARP) operation, when a network device sends a ARP request (as broadcast) to find a MAC address corresponding to an IPv4 address, ARP reply comes from the legitimate network device which is configured with the IPv4 address which matches the ARP request. The ARP reply is cached by the requesting device in its ARP table. 33
  • 34. • A network attacker can abuse Address Resolution Protocol (ARP) operation by responding ARP request, posing that it has the requested IPv4 address. • Once the attacker's MAC address is mapped to a authentic legitimate IPv4 address, the attacker will begin receiving any data that is intended for that legitimate IPv4 address. • Now the attacker can launch a man-in-the-middle attack can start capturing the network traffic for any sensitive user data. 34
  • 35. • Attacker can also broadcast Gratuitous ARP message with the IPv4 address of default gateway. • Gratuitous ARP is a broadcast packet is used by network devices to announce any change in their IPv4 address or MAC address . • By sending Gratuitous ARP message with the IPv4 address of default gateway, attacker can pose as default gateway and capture all the network traffic moving outside the Local Area Network (LAN). 35
  • 36. For an example of ARP spoofing attack, consider below topology. 36
  • 37. • The IPv4 address of the default gateway is 172.16.0.1 and the corresponding MAC Address is 00:48:54:aa:aa:01. • The attacker (who is sitting at OmniSecu-PC-103) can broadcast a Gratuitous ARP message with the information that the MAC address corresponding to the IPv4 address of the default gateway (172.16.0.1) is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • This will cause the devices in the network to update their ARP table with a wrong MAC address to IPv4 address mapping. ARP table of the computer has a poisoned mapping of the default gateway IPv4 address 172.16.0.1 to the wrong MAC addresses 00:48:54:aa:aa:07. 37
  • 38. • The attacker will send ARP messages to the default gateway to deceive the default gateway that the MAC address corresponding to the computer "OmniSecu-PC-101" is 00:48:54:aa:aa:07 (which is attacker's own MAC address). • The ARP table of the router also has a poisoned IPv4 address to MAC address mapping. ARP table of the router has a poisoned entry mapping IPv4 address of computer "OmniSecu-PC- 101" 172.16.0.101 to the wrong MAC address 00:48:54:aa:aa:07. 38
  • 39. • Now, whenever computer "OmniSecu-PC-101" sends traffic to the Internet, it will forward the network traffic to the attacker's computer, which it then forwards to the default gateway. • Since the attacker is still forwarding the traffic to the Internet via default gateway, "OmniSecu-PC-101" remains unaware that its traffic is being intercepted. • Now the attacker can try to capture the traffic for any sensitive user data 39
  • 40. 40
  • 41. Preventing ARP spoofing attacks with Dynamic ARP inspection (DAI) • Dynamic ARP Inspection (DAI) is a feature which can be used to prevent ARP spoofing attacks. • Dynamic ARP Inspection (DAI) can be enabled on switches. When enabled, Dynamic ARP Inspection (DAI) verifies IPv4 address to MAC address bindings. • If a mismatch happened on an untrusted port, Dynamic ARP Inspection (DAI) will discard spoofed ARP packets. • DAI uses the DHCP snooping binding database to validate bindings. Dynamic ARP Inspection (DAI) only inspects ARP packets from untrusted ports. 41
  • 42. • Dynamic ARP Inspection (DAI) can be enabled globally per VLAN using the command "ip arp inspection vlan <vlan-id>" By default, all ports are untrusted. To to configure a port as trusted, use the command "ip arp inspection trust", at the interface level. • How to enable Dynamic ARP Inspection (DAI) on a specific VLAN • SW1#configure terminal • SW1(config)#ip arp inspection vlan 500 42
  • 43. • How to configure a switch port as trusted • SW1#configure terminal • SW1(config)#interface gigabitethernet 0/0 • SW1(config-if)#ip arp inspection trust • SW1(config-if)#exit • SW1(config)#exit 43