Become Wireshark Certified - https://www.udemy.com/wireshark-tutorial/?couponCode=CEWS Understand Wireshark and how this network analyzer tool can help you succeed in your Wireshark job!
Become Wireshark Certified - https://www.udemy.com/wireshark-tutorial/?couponCode=CEWS Understand Wireshark and how this network analyzer tool can help you succeed in your Wireshark job!
In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet - Wikipedia
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
DHCP Stands for Dynamic Host Configuration Protocol.
DHCP is a protocol that automatically provides an IP host with its IP address and other related configuration information ( subnet mask, default gateway,DNS etc. )
Works on Protocol UDP port no 67 and 68.
1.What is IP address
2.When & how it was devised
3.IPV4 Features & its functionality
4.Benefits of IPV4 & Devices supporting IPV4
5.Problems of IPV4 & What happened to IPV5
6.What led to IPV6
7.IPV6 Features & Functionality
8.Benefits of IPV6 & supporting devices
9.How transition from IPV4 to IPV6 will happen
10.Problems & challenges that are anticipated & Conclusion
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.
In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet - Wikipedia
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
DHCP Stands for Dynamic Host Configuration Protocol.
DHCP is a protocol that automatically provides an IP host with its IP address and other related configuration information ( subnet mask, default gateway,DNS etc. )
Works on Protocol UDP port no 67 and 68.
1.What is IP address
2.When & how it was devised
3.IPV4 Features & its functionality
4.Benefits of IPV4 & Devices supporting IPV4
5.Problems of IPV4 & What happened to IPV5
6.What led to IPV6
7.IPV6 Features & Functionality
8.Benefits of IPV6 & supporting devices
9.How transition from IPV4 to IPV6 will happen
10.Problems & challenges that are anticipated & Conclusion
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.
Webinar NETGEAR Prosafe Switch, la sicurezza della LANNetgear Italia
Introduzione alle funzionalità di sicurezza offerta dalle famiglie di switch gestiti di NETGEAR, SMART e FULL MANAGED, per proteggere la tua rete LAN: Protected Ports, Port Security, DHCP Snooping, 802.1x .....
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationAbdelkhalik Mosa
This chapter starts with discussing the key elements of ethernet/802.3 networks such as CSMA/CD, communication using unicast, multicast, and broadcast, the ethernet frame, MAC address, duplex settings, half-duplex and full-duplex, switch port settings, auto-MDIX, and the switch MAC table.
After that, there is a discussion about the design considerations for Ethernet networks such as bandwidth, throughput, goodput, collision domains, broadcast domains, LAN segmentation, and network latency.
Switch forwarding modes: store and forward and cut-through and the difference between symmetric and asymmetric switching.
Memory Buffering: port-based memory and shared memory.
The difference between layer 3 switches and routers.
Cisco switch CLI commands, accessing the history, switch boot sequence and recovering from system crash.
Managing the MAC address table, dynamic MAC addresses and static MAC addresses and backing configuration files to a TFTP server.
Configuring switch passwords and password recovery, configuring telnet and SSH.
Common Security Attacks such as MAC address flooding, spoofing attacks, CDP attacks and telnet attacks.
Switch port security, sticky port security and security violation modes: protect, restrict and shutdown and verifying poert security
Stuck with your Network Programming Assignment Help. Get 24/7 help from tutors with Phd in the subject. Email us at support@helpwithassignment.com
Reach us at http://www.HelpWithAssignment.com
By Nir Solomon, Yoav Francis and Liahav Eitan
Abstract:
One of greatest applicative benefits of SDN is enhancement of network security by making the network react to threats in real-time using data from all the switches in the network. For example, the OpenFlow Controller (OFC) can identify a DDoS attack on the network and divert or block traffic in an adaptive manner.
Unfortunately, OpenFlow also introduces a new threat to network security – attacks on the OFC itself, the “soft-belly” in regards to network security in SDN. The controller, by being responsible for multiple switches, is a `high-valued` target (a single point-of-failure), and we aim to understand better its vulnerability to DDoS attacks.
DDoS on the OFC can affect the entire network in several ways, depending on the OpenFlow Applications in the network and the level of dependency of the OF Switches on the OFC:
1. The entire network might be slowed down and suffer from packet-loss.
2. Some packets might be handled normally while others are mishandled by switches in the network, depending on the OpenFlow Applications that apply to these packets and whether they require communication with the OFC.
3. The entire network might stop functioning.
All of the above share a unique property that does not apply in ordinary DDoS attacks: even if only one or two switches are being flooded, the entire network can be affected.
Time delays & counter, Need of Counter and Time Delays, Using a Register Pair as a Counter, Delay Loops, Using a Register Pair as a Loop Counter, Delay Calculation of Nested Loops, Increasing the delay.
3. Addressing Modes in 8085 microprocessor.pptxISMT College
Addressing Modes in 8085, Register Addressing Mode with example, Direct Addressing Mode with example, Register Indirect Addressing Mode with example, Immediate Addressing Mode with example, Implicit/Implied Addressing Mode with example
8085 Microprocessor, Features/Characteristics of 8085, Communication between Microprocessor & Memory, 8085 Programming Model, 8085 Registers, Flag Register, General Purpose Register, Special Purpose Register, Stack Pointer, Program Counter, Interrupts, Control Unit, Architecture/Block Diagram of 8085 & its explanation, Pin diagram of 8085
1. Introduction to Microprocessor.pptxISMT College
Microprocessor, Microcontroller, Features/characteristics of Microprocessor, System Bus, Address Bus, Data Bus, Control Bus, Stored Program Concept, Von-Neumann Architecture, Harvard Architecture, Bus organization, Evolution of Microprocessor.
Chapter 1 Introduction to Digital LogicISMT College
BCA 1st semester. Chapter 1 (One), Digital Logic. Analog & Digital Signal, Digital Waveform, Digital Pulse, Ideal Pulse, Periodic & Aperiodic Pulse, Clock Signal, Digital Logic Gate, Integrated Circuit(IC)
Chapter 2.1 introduction to number systemISMT College
Binary Number System, Decimal Number System, Octal Number System, Hexadecimal Number System, Conversion, Binary Arithmetic, Signed Binary Number Representation, 1's complement, 2's complement, 9's complement, 10's complement
AND, OR, NOT, EX-OR, EX-NOR, NAND, NOR Gates with description, truth table, circuiy diagram and universal gate. Conversion of universal gate to basic gates
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
2. Introduction
• MAC address flooding attack (CAM table flooding attack) is a type of
network attack where an attacker connected to a switch port floods the
switch interface with very large number of Ethernet frames with
different fake source MAC address.
• This type of attack is also known as CAM table overflow attack.
• Within a very short time, the switch's MAC Address table is full with
fake MAC address/port mappings.
• Switch's MAC address table has only a limited amount of memory.
• The switch can not save any more MAC address in its MAC Address
table.
2
4. • Once the switch's MAC address table is full and it can not save any
more MAC address, its enters into a fail-open mode and start behaving
like a network Hub.
• Frames are flooded to all ports, similar to broadcast type of
communication.
• Now, what is the benefit of the attacker?
• The attacker's machine will be delivered with all the frames between
the victim and another machines.
• The attacker will be able to capture sensitive data from network.
4
5. How to prevent MAC flooding attacks?
• Cisco switches are packed with in-built security feature against MAC
flooding attacks, called as Port Security.
• Port Security is a feature of Cisco Switches, which give protection
against MAC flooding attacks.
5
6. How to prevent MAC flooding
attacks by configuring
switchport port-security
6
7. Introduction
• MAC address flooding attack (CAM table flooding attack) is a type of
network attack where an attacker connected to a switch port floods the
switch interface with very large number of Ethernet frames with
different fake source MAC address.
• MAC flooding attack can soon drain the memory resources allocated
for MAC address table and later the switch will start behaving like
a network Hub.
• Port Security feature can protect the switch from MAC flooding
attacks.
7
8. • Port security feature can also protect the switch from DHCP starvation
attacks, where a client start flooding the network with very large
number of DHCP requests, each using a different source MAC
address.
• DHCP starvation attacks can result in depletion of available IP
addresses in DHCP Server scope.
• Port security feature is meant for access ports and it will not work on
trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer)
ports.
8
9. Concepts of Port Security
• The goal of Port Security is to prevent a network attacker from sending
large number of Ethernet Frames with forged fake source MAC addresses
to a Switch interface.
• This goal is achieved by the following settings, which are related with a
switch interface.
• 1) Enable Port Security Feature. Port security is disabled by default.
"switchport port-security" (at interface configuration mode) command can
be used to enables Port Security.
• SW1#configure terminal
• SW1(config)#interface gigabitethernet 0/0
• SW1(config-if)#switchport port-security
9
10. • 2) Specify a maximum number of MAC addresses allowed on that
interface. Remember, it is possible that more that one genuine devices
are connected to a switch interface (Example: a phone and a
computer).
• SW1(config-if)#switchport port-security maximum ?
• <1-4097> Maximum addresses
10
11. • 3) Define the MAC Addresses of known devices, which are going to access
the network via that interface. We can do this by either hardcoding the MAC
addresses of known devices (statically define the known MAC addresses) or
configure "sticky" MAC Address.
• Sticky MAC addresses ("switchport port-security mac-address sticky") will
allow us to enter dynamically learned MAC addresses to running config.
• The default number of known secure MAC addresses is one.
• SW1(config-if)#switchport port-security mac-address ?
• H.H.H 48 bit mac address
• sticky Configure dynamic secure addresses as sticky
11
12. • 4) Specify an action to do when a violation occurred on above
conditions.
• When a violation occurs in switch Port Security, Cisco switches can be
configured to act in one of the three options explained below.
• Protect: When "protect" option is configured and a violation occurred
in switch port security, a switch interface drops frames with an
unknown source MAC address after the switch port reaches maximum
number of allowed MAC addresses. Frames with known source MAC
addresses are allowed. No SNMP trap and a syslog message are
generated. The "protect" option is the lowest port security option
available.
12
13. • Restrict: When "restrict" option is configured and a violation occurred
in switch port security, a switch interface drops frames with an
unknown source MAC address after the switch port reaches maximum
number of allowed MAC addresses. The restrict option also sends an
SNMP trap and a syslog message and increments a violation counter
when a port security violation occurs. Shutdown option sends an
SNMP trap and a syslog message also. It also increments a violation
counter.
13
14. • Shutdown: When "shutdown" option is configured and a violation
occurred in switch port security, the interface is shut down. Shutdown
option sends an SNMP trap and a syslog message also. It also
increments a violation counter. Therefore, when a port security
violation occurs, the interface is shutdown and no traffic is allowed on
that interface. The "shutdown" option is the highest port security
option available.
• The default violation action is to shut down the port.
• SW1(config-if)#switchport port-security violation
protect/restrict/shutdown
14
15. • How to view the Port Security related settings of an interface
• SW1#show port-security interface gigabitethernet 0/0
• How to view the secure known MAC addresses configured for
Port Security
• SW1#show port-security address
15
16. How to enable back an interface, after a Port Security
violation related shutdown (Errdisable state)
• Once a Port Security violation happened, the interface is shut down
and it is in a state called as Errdisable state. Use any of the following
methods to bring the interface up after a Port Security violation related
shutdown.
• One method to enable back an interface, after a Port Security violation
related shutdown (Errdisable state) is to bring the interface down and
again up by issuing the commands "shutdown" and "no shutdown".
16
19. What is DHCP starvation attack?
• Another type of network attack which is targeted to DHCP servers is
known as DHCP starvation attack.
• In a DHCP starvation attack, an attacker broadcasts large number
of DHCP REQUEST messages with spoofed source MAC
addresses.
• If the legitimate DHCP Server in the network start responding to all
these bogus DHCP REQUEST messages, available IP Addresses in
the DHCP server scope will be depleted within a very short span of
time.
19
21. • Once the available number of IP Addresses in the DHCP server is
depleted, network attackers can then set up a rogue DHCP server and
respond to new DHCP requests from network DHCP clients.
• By setting up a rogue DHCP server, the attacker can now launch
DHCP spoofing attack.
21
22. What is DHCP spoofing attack?
• After a DHCP starvation attack and setting up a rogue DHCP server,
the attacker can start distributing IP addresses and other TCP/IP
configuration settings to the network DHCP clients.
• TCP/IP configuration settings include Default Gateway and DNS
Server IP addresses.
• Network attackers can now replace the original legitimate Default
Gateway IP Address and DNS Server IP Address with their own IP
Address.
22
23. • Once the Default Gateway IP Address of the network devices are is
changed, the network clients start sending the traffic destined to
outside networks to the attacker's computer.
• The attacker can now capture sensitive user data and launch a man-in-
the-middle attack.
• This is called as DHCP spoofing attack.
• Attacker can also set up a rogue DNS server and deviate the end user
traffic to fake web sites and launch phishing attacks.
23
24. How to configure DHCP Snooping?
• DHCP snooping is a DHCP security feature which provides protection
from DHCP starvation attacks by filtering untrusted DHCP
messages.
• DHCP snooping feature identifies Switch Ports as "trusted" and
"untrusted". DHCP snooping feature can be used to differentiate
between untrusted interfaces (where DHCP clients are connected) and
trusted interfaces (where a DHCP server or another switches are
connected).
• Trusted ports (where a DHCP server or other switches are connected)
can source all types of DHCP messages, including DHCP
OFFER message.
24
25. • Untrusted ports are the ports where DHCP clients are connected.
• Untrusted switch ports cannot source DHCP messages like
: DHCPOFFER, DHCPACK, DHCPNAK, which are normally
generated by a DHCP server. By default, all switch ports are untrusted.
• When DHCP snooping is enabled, Cisco switches build a table known
as DHCP snooping binding database (known as DHCP snooping
binding table).
• DHCP snooping binding table is used to identify and filter untrusted
DHCP messages from the network.
25
26. • DHCP snooping binding table keeps track of DHCP addresses that are
assigned to switch ports.
• DHCP snooping binding table includes the client MAC address, IP
address, DHCP lease time, binding type, VLAN number, and interface
information on untrusted switch ports.
26
27. • When a switch receives a packet on an untrusted switch port where
DHCP snooping is enabled, with the help of information stored on
DHCP snooping binding table the switch will be permitted or denied.
• The packet is denied when
1. DHCP server related messages
(Example: DHCPOFFER, DHCPACK, DHCPNAK) are received
on an untrusted switch port.
2. The source MAC address does not match MAC address in the
DHCP binding table entry.
27
28. How to enable DHCP snooping globally
• SW1#configure terminal
• SW1(config)#ip dhcp snooping
• SW1(config)#exit
• SW1#
28
29. How to enable DHCP snooping on a
specific VLAN
• SW1#configure terminal
• SW1(config)#ip dhcp snooping vlan 500
• SW1(config)#exit
• SW1#
29
30. How to configure a switch port as trusted
• SW1#configure terminal
• SW1(config)#interface gigabitethernet 0/0
• SW1(config-if)#ip dhcp snooping trust
• SW1(config-if)#exit
• SW1(config)#exit
• SW1#
30
31. How to view the DHCP snooping database
• SW1#show ip dhcp snooping binding
• MacAddress IpAddress Lease(sec) Type VLAN Interface
• ------------------ --------------- ---------- ------------- ---- --------------------
• 00:00:AB:19:C6:00 172.16.10.183 690515 dhcp-snooping 500 Gigabitethernet0/1
• 00:00:AB:34:CB:00 172.16.10.184 690518 dhcp-snooping 500 Gigabitethernet0/2
• 00:00:AB:2A:FE:00 172.16.10.182 690512 dhcp-snooping 500 Gigabitethernet0/3
• 00:00:AB:F7:D0:00 172.16.10.181 690512 dhcp-snooping 500 Gigabitethernet0/4
• 00:00:AB:93:82:00 172.16.10.185 690518 dhcp-snooping 500 Gigabitethernet0/5
• Total number of bindings: 5
• How to view the DHCP Snooping configuration?
• SW1#show ip dhcp snooping
31
33. Introduction
• Address Resolution Protocol (ARP) spoofing attack is a type of
network attack where an attacker sends fake Address Resolution
Protocol (ARP) messages inside a Local Area Network (LAN), with
an aim to deviate and intercept network traffic.
• In normal Address Resolution Protocol (ARP) operation, when a
network device sends a ARP request (as broadcast) to find a MAC
address corresponding to an IPv4 address, ARP reply comes from
the legitimate network device which is configured with the IPv4
address which matches the ARP request. The ARP reply is cached by
the requesting device in its ARP table.
33
34. • A network attacker can abuse Address Resolution Protocol
(ARP) operation by responding ARP request, posing that it has the
requested IPv4 address.
• Once the attacker's MAC address is mapped to a authentic
legitimate IPv4 address, the attacker will begin receiving any data
that is intended for that legitimate IPv4 address.
• Now the attacker can launch a man-in-the-middle attack can start
capturing the network traffic for any sensitive user data.
34
35. • Attacker can also broadcast Gratuitous ARP message with the IPv4
address of default gateway.
• Gratuitous ARP is a broadcast packet is used by network devices to
announce any change in their IPv4 address or MAC address .
• By sending Gratuitous ARP message with the IPv4 address of
default gateway, attacker can pose as default gateway and capture all
the network traffic moving outside the Local Area Network (LAN).
35
36. For an example of ARP spoofing attack,
consider below topology.
36
37. • The IPv4 address of the default gateway is 172.16.0.1 and the
corresponding MAC Address is 00:48:54:aa:aa:01.
• The attacker (who is sitting at OmniSecu-PC-103) can broadcast a
Gratuitous ARP message with the information that the MAC address
corresponding to the IPv4 address of the default gateway (172.16.0.1)
is 00:48:54:aa:aa:07 (which is attacker's own MAC address).
• This will cause the devices in the network to update their ARP table
with a wrong MAC address to IPv4 address mapping. ARP table of the
computer has a poisoned mapping of the default gateway IPv4 address
172.16.0.1 to the wrong MAC addresses 00:48:54:aa:aa:07.
37
38. • The attacker will send ARP messages to the default gateway to deceive
the default gateway that the MAC address corresponding to the
computer "OmniSecu-PC-101" is 00:48:54:aa:aa:07 (which is
attacker's own MAC address).
• The ARP table of the router also has a poisoned IPv4
address to MAC address mapping. ARP table of the router has a
poisoned entry mapping IPv4 address of computer "OmniSecu-PC-
101" 172.16.0.101 to the wrong MAC address 00:48:54:aa:aa:07.
38
39. • Now, whenever computer "OmniSecu-PC-101" sends traffic to the
Internet, it will forward the network traffic to the attacker's computer,
which it then forwards to the default gateway.
• Since the attacker is still forwarding the traffic to the Internet via
default gateway, "OmniSecu-PC-101" remains unaware that its traffic
is being intercepted.
• Now the attacker can try to capture the traffic for any sensitive user
data
39
41. Preventing ARP spoofing attacks with
Dynamic ARP inspection (DAI)
• Dynamic ARP Inspection (DAI) is a feature which can be used to
prevent ARP spoofing attacks.
• Dynamic ARP Inspection (DAI) can be enabled on switches. When
enabled, Dynamic ARP Inspection (DAI) verifies IPv4
address to MAC address bindings.
• If a mismatch happened on an untrusted port, Dynamic ARP
Inspection (DAI) will discard spoofed ARP packets.
• DAI uses the DHCP snooping binding database to validate bindings.
Dynamic ARP Inspection (DAI) only inspects ARP packets from
untrusted ports.
41
42. • Dynamic ARP Inspection (DAI) can be
enabled globally per VLAN using the command "ip arp inspection
vlan <vlan-id>" By default, all ports are untrusted. To to configure a
port as trusted, use the command "ip arp inspection trust", at
the interface level.
• How to enable Dynamic ARP Inspection (DAI) on a specific VLAN
• SW1#configure terminal
• SW1(config)#ip arp inspection vlan 500
42
43. • How to configure a switch port as trusted
• SW1#configure terminal
• SW1(config)#interface gigabitethernet 0/0
• SW1(config-if)#ip arp inspection trust
• SW1(config-if)#exit
• SW1(config)#exit
43