Download to read offline
Layer 2 Attacks and Defense Techniques.pptx
- 1. Layer 2 Attacks andDefense Techniques Submitted by: Abdelwahab Mohamed Submitted to: Dr. Mohamed Hassan
- 2. 02 04 DHCP StarvationAnd Spoofing Attack VLAN Double Tagging Attack Contents of Layer 2 Attacks Mac Address Table Flooding Attack VLAN Hopping Attack 01 03 05 ARP Spoofing Attack STP Attack 06
- 3. Mac Address Table FloodingAttack 01
- 4. Mac Address TableFlooding Attack Attack take advantage of this limitation by bombarding the switch with fake source MAC addresses until the switch MAC address table is filled. All the Switches have a fixed size for MAC tables.
- 5. Allows this threatactor to capture all frames sent from one host to another.
- 6. Security Technologist mustimplement port security. Defense Techniques Port security will only allow a specified number of source MAC addresses to be learned on the port. Configuration SW# SW(config)#interface FastEthernet0/2 End User SW(config-if)#switchport mode access SW(config-if)#switchport port-security Port security can only be configured on manually configured access ports or manually configured trunk ports.
- 7. Security Technologist mustimplement port security. Defense Techniques Port security will only allow a specified number of source MAC addresses to be learned on the port. Configuration SW# SW(config)#interface FastEthernet0/2 SW(config-if)#switchport mode access SW(config-if)#switchport port-security Port security can only be configured on manually configured access ports.
- 8.
- 9.
- 10. VLAN Hopping Attack Thethreat actor configures Spoofing DTP Messages from the attacking host to cause the switch to enter trunking mode. A VLAN hopping attack enables traffic from one VLAN to be seen by another VLAN without the aid of a router. If successful, the threat actor can access all the VLANs on the switch. The threat actor can send and receive traffic on any VLAN.
- 12. Turn off dynamicauto (trunking) on all ports the connected for End user. Defense Techniques SW# SW(config)#interface FastEthernet0/2 End user SW(config-if)#switchport mode access Configuration
- 13.
- 14.
- 15. VLAN Double TaggingAttack The Attacker must be in the native VLAN. An important characteristic of the double encapsulated VLAN hopping attack is that it works even if trunk ports are disabled. one way attack. (can use to send malicious).
- 17. Change the nativeVLAN and don’t put any device on the native VLAN. Defense Techniques Configuration SW# SW(config)#vlan 999 SW(config)#interface FastEthernet0/2 SW(config-if)#switchport mode trunk SW(config-if)#switchport trunk native vlan 999
- 18.
- 19. DHCP Starvation And SpoofingAttack 04
- 20. DHCP Starvation Attack Attackerfloods the DHCP server with DHCP requests to consume all available IP addresses that the DHCP server can allocate. This situation leads to a Denial of Service (DOS) attack as new clients cannot gain network access.
- 22. Defense Techniques Configuration SW# SW(config)# ipdhcp snooping SW(config)#interface FastEthernet0/1 SW(config-if)#switchport mode access SW(config-if)#switchport port-security SW(config-if)#ip dhcp snooping limit rate 3 Port security allow each port to have one or a defined number of MAC addresses. Specify the number of DHCP packet.
- 23.
- 24. DHCP Spoofing Attack Theattacker provides a gateway be IP address for the router to execute a man-in-the-middle attack. Attacker configure a rogue DHCP server is connected to the network and provides false IP configuration parameters to legitimate clients. This may go entirely undetected as the attacker intercepts the data flow through the network.
- 27. DHCP Snooping Defense Techniques DHCP snoopingis feature that determines which switch ports can respond to DHCP requests. Trusted ports Untrusted ports Trusted ports: An uplink to the DHCP server is legitimate. Untrusted ports: If a rogue device attempts to send a DHCP offer packet, The port is shut down. Ports are identified as
- 28.
- 29. Defense Techniques Configuration SW# SW(config)#Ip dhcpSnooping SW(config)#interface FastEthernet0/1 Trusted port SW(config-if)#Ip dhcp Snooping trust
- 30.
- 31.
- 32. ARP Spoofing Attack Sendsa fake ARP packet to the target IP address. The attacker uses a spoofing tool, such as Arpspoof or Driftnet. The attacker is now Man in the Middle (MitM) attack that allows attackers to intercept communication between network devices.
- 33.
- 34. Defense Techniques Use staticARP Protocol lets you define a static ARP entry for an IP address, and prevent devices from listening on ARP responses for that address. Use a Virtual Private Network (VPN) allows devices to connect to the Internet through an encrypted tunnel. Enable ARP Inspection It compares the MAC address in the ARP packet with the MAC address associated with that IP address in the router ARP table or DHCP snooping database.
- 35. Defense Techniques Configuration SW# SW(config)#Ip dhcpSnooping SW(config)#Ip dhcp Snooping vlan 1 SW(config)#interface FastEthernet0/1 Trusted port SW(config-if)#Ip dhcp Snooping trust SW# SW(config)#Ip dhcp Snooping SW(config)#Ip dhcp Snooping vlan 1 SW(config)#interface FastEthernet0/1 Trusted port SW(config-if)#Ip dhcp Snooping trust SW(config-if)#Ip arp inspection trust
- 36.
- 37.
- 38. STP Attack STP attacksexploit vulnerabilities in the protocol to create network loops or bring down the network. The attacker sends fake BPDU messages to the switches pretending to be the root bridge. The BPDU packets alter the STP topology information.
- 39.
- 40. Defense Techniques Disable unusedswitch ports. Enable BPDU guard. Configuration Enable Port Fast. End User. SW# SW(config)#interface FastEthernet0/1 End User SW(config-if)#spanning-tree portfast SW(config-if)#spanning-tree bpduguard enable
- 41.
- 42.