The document discusses various methods for attacking network switches, including MAC flooding attacks, MAC spoofing attacks, and attacks against the Spanning Tree Protocol (STP). It describes how MAC flooding can overwhelm a switch's bridging table and cause frames to flood across all ports. It also outlines several countermeasures switches can implement, such as port security, BPDU guard, and root guard, to prevent MAC flooding and spoofing attacks as well as STP attacks.
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
The document discusses IPv6 first hop security features like DHCP snooping and dynamic ARP inspection for IPv6. It provides an overview of the security issues with IPv6 neighbor discovery such as router advertisements being sent without authentication, allowing for man-in-the-middle attacks and denial of service. It then describes various IPv6 first hop security features that can help mitigate these issues, such as RA guard, DHCP guard, and IPv6 neighbor discovery inspection.
The document discusses various methods for attacking network switches, including MAC flooding attacks, MAC spoofing attacks, and attacks against the Spanning Tree Protocol (STP). It describes how MAC flooding can overwhelm a switch's bridging table and cause frames to flood across all ports. It also outlines several countermeasures switches can implement, such as port security, BPDU guard, and root guard, to prevent MAC flooding and spoofing attacks as well as STP attacks.
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
The document discusses IPv6 first hop security features like DHCP snooping and dynamic ARP inspection for IPv6. It provides an overview of the security issues with IPv6 neighbor discovery such as router advertisements being sent without authentication, allowing for man-in-the-middle attacks and denial of service. It then describes various IPv6 first hop security features that can help mitigate these issues, such as RA guard, DHCP guard, and IPv6 neighbor discovery inspection.