[go: up one dir, main page]
Scribd
Upload
40 views16 pages

Security Topics

Uploaded by

Asmaa Yehia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
40 views16 pages

Security Topics

Uploaded by

Asmaa Yehia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Spanning Tree protocol

( STP )
Spaning tree protocol

network Design
Redundant topology
switch

Broadcast storm
STP devices
switch STP
frames Forward Root
logical switches

STP ATTACK

priority Root
priority STP ATTACK
BPDU
BPDU Root
Root ATTACKER switches
ATTACK

Portfast ACCESS

BPDU Guard
BPDU

Root guard
config mode portfast configuration

( config ) # spaning-tree portfast default

interface

(config)int g0/1
(config-if)switchport mode access
(config-if)spaning-tree portfast

BPDU Guard configuration


config mode

(config)spaning-tree portfast bpduguard

interface

spaning-tree bpduguard enable

Root Guard configuration


interface

(config)int g1/1
(config-if) spaning-tree guard root
DHCP Starvation ATTACK
DHCP Spoofing ATTACK

IP DHCP
DNS Gateway Subnet mask

DHCP Client
DHCP Discover Client
offer DHCP
request Client
Acknowledge
DHCP Server
MAC IP ATTACK

Pool DHCP
IP IP Attacker
Gateway APIPA IP
DNS

»»» DHCP Starvation ATTACK »»»

Dos ATTACK

DHCP
Configuration
DHCP Spoofing ATTACK ATTACK

Kali linux DHCP Spoofing


Ettercap

ATTACKS
DHCP DHCP Snooping
DHCP
untrusted Trusted DHCP Server

(config)ip dhcp snooping

Snooping

(config)ip dhcp snooping vlan 1

untrusted vlan 1

DHCP
trusted

Command
F0/1 DHCP

(config)int f0/1
(config-if)ip dhcp snooping trust

untrusted

(config)int rang f0/2 - 24


(config-if)ip dhcp snooping limit rate 4

Discover Interface
error DHCP Server
disable state

second Default Recovery

command

(config)errdisable recovery cause dhcp-rate-limit


(config)errdisable ( time in second )

Discover
IP Source Guard

DHCP
Security
DHCP Snooping
Configuration DHCP DHCP

Manual user
Pool Script
Pool offer DHCP
ATTACK-user

BAD IP DHCP
IP address
Service DHCP
IP SOURCE GUARD
interface port-security
Action

ip source guard interface


ip
IP
IP DHCP

DHCP Snooping integrat


ip source guard ip source guard

: Configuration
interfaces
command
int f0/1
ip verify source

ip verify source port-security


Arp Spoofing

DHCP
IP source Guard snooping
ARP Poison ARP Spoofing

MAC ARP
IP

MAC address IP
ARP Cash

MAC Address

ARP Request
IP MAC Address

Broadcast ARP Request


ARP reply IP

:
IP

IP
Broadcast

MAC Address
ARP Cash

ARP Reply ARP


ARP Cash ARP Request
MAC
Address
ARP
MAC ARP Reply Users Poison
MAC Address Address

ATTACK ARP Cash


»»»» Man in the middle attack »»»»

Destination
MAC Users
Destination Address

Dynamic ARP Inspection DAI


ARP

Snooping Table
IP
ARP
Configuration
(config)ip arp inspection vlan1
Vlan1

DHCP

(config)int f0/3
(config-if)ip arp inspection trust

ARP user policy

Users
(config)int rang f0/4-24

(config-if)ip arp inspection limit rate

Command

(config)errdisable recovery cause arp-inspection


(config)errdisable recovery interval 90

You might also like