SlideShare une entreprise Scribd logo

Hacking L2 Switches

Télécharger en tant que PPTX, PDF
Navaneetha Sankar
Navaneetha Sankar

Layer 2 devices can be vulnerable to attacks like MAC, VLAN hopping, ARP, Spanning Tree, and DHCP starvation attacks. The document discusses these attack types and methods to mitigate them through configurations like port security, DHCP snooping, root guard, and BPDU guard on switches. CAM table overflow attacks can also allow VLAN hopping by overloading the CAM table. Proper trunk port configuration and disabling unused ports and VLANs helps prevent various Layer 2 attacks.

Technologie
1  sur  38
HACKING ON L2 DEVICES
Why We need Layer 2 security? OSI layer was build to allow different layers to work without knowledge of each other. Layer 2 can be very weak link in the network.
If any one of the layer hacked, communications are compromised.
Topics 1. 2. 3. 4. 5. MAC Attacks VLAN hopping attacks ARP attacks Spanning Tree Attacks DHCP Starvation Attack
What is MAC and CAM ? MAC is 48 Bit L2 address 1234.5678.9ABC First 24 bits is manufacture code Assigned by IEEE 00-50-56XX-XXXX Second 24 bits is specific interface, Assigned by Manufacture XXXX-XXC0-00-01 Content Addressable memory (CAM) table stores information such as MAC addressed available on physical ports with their associated VLAN parameters. http://www.nirsoft.net/utils/mac_address_lookup_find.html
Normal CAM operation (1/3)
Normal CAM operation (2/3)
Normal CAM operation (3/3)
How Bypass the CAM? 1. Due to hardware restrictions, CAM has fixed size memory 2. Different switches has different size of CAM table 3. Overload the CAM to bypass the MAC table restriction
CAM Overflow attack
CAM Overflow attack
CAM Overflow attack Example output of macof tool
Duration of this attack • 63 bits of source (MAC, VLAN, misc) creates 17 Bits of hash value and it will get stored in the CAM table. • In a Cisco Catalyst 5650, we can store appox. 131,000 CAM entries • Dsniff macof tool can create 1,55,000 MAC entries in a minute.
How to overcome this attack? We can overcome this attack by enabling switch port security such as 1. Static Secure MAC Addresses 2. Dynamic Secure MAC addresses 3. Sticky secure MAC addresses. Cisco# conf t Cisco(config)# interface fastethernet0/1 Cisco(config-if)# switchport mode access Cisco(config-if)# switchport port-security Cisco(config-if)# switchport port-security maximum 5 Cisco(config-if)# switchport port-security violation restrict Cisco(config-if)# switchport port-security mac-address aaaa.aaaa.aaaa Cisco(config-if)# switchport port-security mac-address bbbb.bbbb.bbbb Limitations: 1. A secure port can’t be a SPAN port 2. A secure port cannot be an 802.1X port. 3. A secure port cannot belong to an EtherChannel port-channel interface.
What is mean by Trunk Port? • Trunk port have access to all the VLANs by default. • It used to route traffic of multiple VLANs across the same physical link. • Encapsulation can be 802.1Q or ISL (Cisco preparatory)
Rogue Trunk / Switch Spoof attack 1. A computer can spoof as a switch with 802.1Q or ISL signaling. 2. DTP signaling is required. 3. Requires trunking favorable setting on the switch port.
Double encapsulated VLAN attack 1. Attacker sends double tagged 802.1Q frames 2. Switch can perform only one level of decapsulation, so the frame will be forwarded as per the second tag. 3. VLAN hopping occurs
The Yersinia
Security practices to avoid the attacks • • • • Always use dedicated VLAN ID for all trunk ports Disable Unused ports and put them on unused VLANs Don’t use VLAN1 for anything Set DTP off
ARP recall An ARP request message should be placed in a frame and broadcast to all computers on the network Each computer receives the request and examines the IP address The computer mentioned in the request sends a response; all other computers process and discard the request without sending a response
Gratuitous ARP Gratuitous ARP is used by hosts to announce their IP address to the local network and avoid duplicate IP addresses on the network; routers and other network hardware may use cache information gained from gratuitous ARPs
ARP Spoofing • ARP has no security on IP / MAC addresses • Host W broadcasts I’m 1.2.3.1 with MAC 12:34:56:78:9A:BC in regular interval • When the host x requests the MAC of gateway, it will be overwritten by the gratuitous ARP packet Even a static ARP entry for 1.2.3.1 on Y will get overwritten by the Gratuitous ARP on some Oss.
Dsniff Output
Sniffed output Sniffed credentials by Cain and Abel
ARP Spoof Mitigation • • • • Some IDS systems will watch for an unusually high amount of ARP traffic ARPWatch, AntiARP tools are available to avoid ARP spoofing Static ARP on critical systems ARP firewall feature is implemented in some Cisco devices.
STP Basics STP is used to avoid loops and broadcast storms Messages are sent using Bridge Protocol Data Units (BPDUs). Basic messages include: configuration, topology change notification/acknowledgment. (TCN/TCA)
Standard 802.1d STP takes 30-45 seconds to deal with a failure or Root bridge change. Sending BPDUs from the attacker can force these changes and create a root bridge change.
Now attacker can see any frames MITM, DoS, etc. all possible
STP Attack Mitigation We can avoid this attack by enabling Root guard BPDU guard in the switch
DHCP Starvation Attack • This attack performing by broadcasting number of DHCP requests by spoofed source MAC • If enough request flooded onto the network, the attacker can completely exhaust the address space allocated by the DHCP servers for an indefinite period of time.
DHCP Starvation Attack • Yersinia is used here for DHCP starvation attack.
Mitigation of DHCP Starvation attack • Port security should be enabled. • DHCP snooping to be enabled Cisco(config)#interface range GigabitEthernet1/0/1 - 48 Cisco(config-if)#description Access Ports Cisco(config-if)#switchport port-security Cisco(config-if)#switchport port-security maximum 4 Cisco(config-if)#switchport port-security aging time 5 Cisco(config-if)#switchport port-security aging type inactivity Cisco(config-if)#switchport port-security violation shutdown Cisco(config-if)#exit Cisco(config)#interface GigabitEthernet1/0/49 Cisco(config-if)#description Uplink to DHCP Server Cisco(config-if)#ip dhcp snooping trust Cisco(config-if)#exit Cisco(config)#ip dhcp snooping Cisco(config)#ip dhcp snooping vlan 1-10 Cisco(config)#ip dhcp snooping database tftp://remotehost.company.com/Ciscodhcpsnoop.txt Cisco(config)#ip dhcp snooping verify mac-address Cisco(config)#end Cisco#
Hacking L2 Switches

Recommandé

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Exploiting Layer 2
Exploiting Layer 2Exploiting Layer 2
Exploiting Layer 2Conferencias FIST
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 

Recommandé

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Exploiting Layer 2
Exploiting Layer 2Exploiting Layer 2
Exploiting Layer 2Conferencias FIST
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Ad hoc symatric key destribution
Ad hoc symatric key destributionAd hoc symatric key destribution
Ad hoc symatric key destributionsalehsl
 
Pres
PresPres
Pressalehsl
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startupFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 
Understanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksUnderstanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksTien Dung
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guideabhijitgnbbl
 
Ethernet basics
Ethernet basicsEthernet basics
Ethernet basicserick4chitsime
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
Vlan
VlanVlan
VlanPAF-KIET
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
Asterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingAsterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingMoises Silva
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 
10.) vxlan
10.) vxlan10.) vxlan
10.) vxlanJeff Green
 
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Rambus
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksStephen Hemminger
 
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksHITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksJim Geovedi
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Presentation on ccna
Presentation on ccnaPresentation on ccna
Presentation on ccnaHoneyKumar34
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdfvinaykumar947680
 

Contenu connexe

Tendances

Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Ad hoc symatric key destribution
Ad hoc symatric key destributionAd hoc symatric key destribution
Ad hoc symatric key destributionsalehsl
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 
Understanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksUnderstanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksTien Dung
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
Asterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingAsterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingMoises Silva
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Rambus
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksStephen Hemminger
 
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksHITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksJim Geovedi
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Presentation on ccna
Presentation on ccnaPresentation on ccna
Presentation on ccnaHoneyKumar34
 

Tendances (20)

Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Ad hoc symatric key destribution
Ad hoc symatric key destributionAd hoc symatric key destribution
Ad hoc symatric key destribution
 
Pres
PresPres
Pres
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlan
 
Understanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksUnderstanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 Attacks
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guide
 
Ethernet basics
Ethernet basicsEthernet basics
Ethernet basics
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
 
Vlan
VlanVlan
Vlan
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Asterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingAsterisk PRI Passive Call Recording
Asterisk PRI Passive Call Recording
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elements
 
10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
 
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricks
 
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksHITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
 
Presentation on ccna
Presentation on ccnaPresentation on ccna
Presentation on ccna
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 

Similaire à Hacking L2 Switches

Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2Juli Yaret
 
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBaseAvaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBasePacketBase, Inc.
 
UNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptxUNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptxdiptijilhare
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationAbdelkhalik Mosa
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1Chaing Ravuth
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfssusercbaa33
 
Virtual Local Area Network
Virtual Local Area NetworkVirtual Local Area Network
Virtual Local Area NetworkAtakan ATAK
 

Similaire à Hacking L2 Switches (20)

Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
Ch6
Ch6Ch6
Ch6
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2
 
Switching
SwitchingSwitching
Switching
 
Switch security
Switch securitySwitch security
Switch security
 
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBaseAvaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBase
 
UNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptxUNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptx
 
Vlan
Vlan Vlan
Vlan
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
 
Introduction to embedded systems
Introduction to embedded systemsIntroduction to embedded systems
Introduction to embedded systems
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
 
Resilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential ModeResilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential Mode
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
 
VLAN
VLANVLAN
VLAN
 
Lec21 22
Lec21 22Lec21 22
Lec21 22
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
 
Virtual Local Area Network
Virtual Local Area NetworkVirtual Local Area Network
Virtual Local Area Network
 

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Dernier (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Hacking L2 Switches

  • 1. HACKING ON L2 DEVICES
  • 2. Why We need Layer 2 security? OSI layer was build to allow different layers to work without knowledge of each other. Layer 2 can be very weak link in the network.
  • 3. If any one of the layer hacked, communications are compromised.
  • 4. Topics 1. 2. 3. 4. 5. MAC Attacks VLAN hopping attacks ARP attacks Spanning Tree Attacks DHCP Starvation Attack
  • 5.
  • 6. What is MAC and CAM ? MAC is 48 Bit L2 address 1234.5678.9ABC First 24 bits is manufacture code Assigned by IEEE 00-50-56XX-XXXX Second 24 bits is specific interface, Assigned by Manufacture XXXX-XXC0-00-01 Content Addressable memory (CAM) table stores information such as MAC addressed available on physical ports with their associated VLAN parameters. http://www.nirsoft.net/utils/mac_address_lookup_find.html
  • 10. How Bypass the CAM? 1. Due to hardware restrictions, CAM has fixed size memory 2. Different switches has different size of CAM table 3. Overload the CAM to bypass the MAC table restriction
  • 13. CAM Overflow attack Example output of macof tool
  • 14. Duration of this attack • 63 bits of source (MAC, VLAN, misc) creates 17 Bits of hash value and it will get stored in the CAM table. • In a Cisco Catalyst 5650, we can store appox. 131,000 CAM entries • Dsniff macof tool can create 1,55,000 MAC entries in a minute.
  • 15. How to overcome this attack? We can overcome this attack by enabling switch port security such as 1. Static Secure MAC Addresses 2. Dynamic Secure MAC addresses 3. Sticky secure MAC addresses. Cisco# conf t Cisco(config)# interface fastethernet0/1 Cisco(config-if)# switchport mode access Cisco(config-if)# switchport port-security Cisco(config-if)# switchport port-security maximum 5 Cisco(config-if)# switchport port-security violation restrict Cisco(config-if)# switchport port-security mac-address aaaa.aaaa.aaaa Cisco(config-if)# switchport port-security mac-address bbbb.bbbb.bbbb Limitations: 1. A secure port can’t be a SPAN port 2. A secure port cannot be an 802.1X port. 3. A secure port cannot belong to an EtherChannel port-channel interface.
  • 16.
  • 17. What is mean by Trunk Port? • Trunk port have access to all the VLANs by default. • It used to route traffic of multiple VLANs across the same physical link. • Encapsulation can be 802.1Q or ISL (Cisco preparatory)
  • 18. Rogue Trunk / Switch Spoof attack 1. A computer can spoof as a switch with 802.1Q or ISL signaling. 2. DTP signaling is required. 3. Requires trunking favorable setting on the switch port.
  • 19. Double encapsulated VLAN attack 1. Attacker sends double tagged 802.1Q frames 2. Switch can perform only one level of decapsulation, so the frame will be forwarded as per the second tag. 3. VLAN hopping occurs
  • 21. Security practices to avoid the attacks • • • • Always use dedicated VLAN ID for all trunk ports Disable Unused ports and put them on unused VLANs Don’t use VLAN1 for anything Set DTP off
  • 22.
  • 23. ARP recall An ARP request message should be placed in a frame and broadcast to all computers on the network Each computer receives the request and examines the IP address The computer mentioned in the request sends a response; all other computers process and discard the request without sending a response
  • 24. Gratuitous ARP Gratuitous ARP is used by hosts to announce their IP address to the local network and avoid duplicate IP addresses on the network; routers and other network hardware may use cache information gained from gratuitous ARPs
  • 25. ARP Spoofing • ARP has no security on IP / MAC addresses • Host W broadcasts I’m 1.2.3.1 with MAC 12:34:56:78:9A:BC in regular interval • When the host x requests the MAC of gateway, it will be overwritten by the gratuitous ARP packet Even a static ARP entry for 1.2.3.1 on Y will get overwritten by the Gratuitous ARP on some Oss.
  • 28. ARP Spoof Mitigation • • • • Some IDS systems will watch for an unusually high amount of ARP traffic ARPWatch, AntiARP tools are available to avoid ARP spoofing Static ARP on critical systems ARP firewall feature is implemented in some Cisco devices.
  • 29.
  • 30. STP Basics STP is used to avoid loops and broadcast storms Messages are sent using Bridge Protocol Data Units (BPDUs). Basic messages include: configuration, topology change notification/acknowledgment. (TCN/TCA)
  • 31. Standard 802.1d STP takes 30-45 seconds to deal with a failure or Root bridge change. Sending BPDUs from the attacker can force these changes and create a root bridge change.
  • 32. Now attacker can see any frames MITM, DoS, etc. all possible
  • 33. STP Attack Mitigation We can avoid this attack by enabling Root guard BPDU guard in the switch
  • 34.
  • 35. DHCP Starvation Attack • This attack performing by broadcasting number of DHCP requests by spoofed source MAC • If enough request flooded onto the network, the attacker can completely exhaust the address space allocated by the DHCP servers for an indefinite period of time.
  • 36. DHCP Starvation Attack • Yersinia is used here for DHCP starvation attack.
  • 37. Mitigation of DHCP Starvation attack • Port security should be enabled. • DHCP snooping to be enabled Cisco(config)#interface range GigabitEthernet1/0/1 - 48 Cisco(config-if)#description Access Ports Cisco(config-if)#switchport port-security Cisco(config-if)#switchport port-security maximum 4 Cisco(config-if)#switchport port-security aging time 5 Cisco(config-if)#switchport port-security aging type inactivity Cisco(config-if)#switchport port-security violation shutdown Cisco(config-if)#exit Cisco(config)#interface GigabitEthernet1/0/49 Cisco(config-if)#description Uplink to DHCP Server Cisco(config-if)#ip dhcp snooping trust Cisco(config-if)#exit Cisco(config)#ip dhcp snooping Cisco(config)#ip dhcp snooping vlan 1-10 Cisco(config)#ip dhcp snooping database tftp://remotehost.company.com/Ciscodhcpsnoop.txt Cisco(config)#ip dhcp snooping verify mac-address Cisco(config)#end Cisco#