SlideShare ist ein Scribd-Unternehmen logo

Dont Get Caught With Your Layers Down

Northeast Ohio Information Security Forum
Northeast Ohio Information Security Forum

From our February 2010 meeting. Given by Steve Jaworski and Bryan Young. Implementing security features already included with your Layer 2 and 3 infrastructures can provide your organization additional protection. This presentation will focus on features your vendors should or should be providing you. Topics covered in this presentation include Access-lists, Arp Inspection, DHCP Snooping, 802.1x, private VLANS, MAC Address security, routing security, and other various topics. Tools to test or attack each of these topics will also be discussed.

Technologie
1 von 55
Downloaden Sie, um offline zu lesen
Don't Get Caught with Your Layers Down With Steve Jaworski Bryan Young © Steve Jaworski, Bryan Young 2010
Agenda • Discuss Common Layer 2 and Layer 3 – Attacks – Tools – Protection • Questions you should be asking your vendors • Bryan vs Steve (Points of View) © Steve Jaworski, Bryan Young 2010
L2 Discovery Protocols • Proprietary – CDP Cisco – FDP Foundry/Brocade – LLTP Microsoft – Vista, Win 7 • Open Standard – LLDP Link Layer Discovery Protocol © Steve Jaworski, Bryan Young 2010
L2 Examples Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater (*) indicates a CDP device Device ID Local Int Holdtm Capability Platform Port ID -------------- ------------ ------ ---------- ----------- ------------- Head ethernet1/1 141 Router Router 1 ethernet3/3 Head ethernet1/2 141 Router Router 1 ethernet3/4 Building A ethernet1/3 120 Switch Switch ethernet49 Building B ethernet1/4 165 Switch Switch ethernet49 Building C ethernet1/5 170 Switch Switch ethernet49 Building D ethernet1/6 144 Router Router 2 ethernet1 Building E ethernet1/7 157 Switch Switch ethernet0/1/47 Building F ethernet1/8 180 Switch Switch ethernet49 Building G ethernet1/9 168 Switch Switch ethernet49 Building H ethernet1/10 127 Switch Switch ethernet49 © Steve Jaworski, Bryan Young 2010
L2 Discovery Attacks • Yersinia Framework (http://www.yersinia.net/) – Supports Cisco Discovery Protocol • Sending RAW CDP Packet • DoS Flooding CDP Neighbors Table • Setting up a “Virtual Device” • IRPAS (http://www.phenoelit-us.org/fr/tools.html) – DoS Attack – Spoof Attack – VLAN Assignment – DHCP Assignment – 802.1Q VLAN Assignment © Steve Jaworski, Bryan Young 2010
L2 Discovery Protocols Protection • Turn off on user edge ports – interface GigabitEthernet1/1 – ip address 192.168.100.1 255.255.255.0 – no cdp enable • Where should I enable – May be necessary evil for VoIP – Bryan vs Steve © Steve Jaworski, Bryan Young 2010
L2 Discovery Design © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • Ability to turn off discovery protocols • Understand all features of proprietary protocols © Steve Jaworski, Bryan Young 2010
VLAN 802.1Q • Does a VLAN provide security? – Bryan vs Steve • Great for segmenting broadcast domains • Organize your hosts • Finding points of origin © Steve Jaworski, Bryan Young 2010
VLAN 802.1Q Design © Steve Jaworski, Bryan Young 2010
VLAN Attacks • Switch Spoofing • Double Hopping • Yersinia Framework – Supports VLAN Trunking Protocol • Sending Raw VTP Packet (Cisco) • Deleting ALL VLANS • Deleting Selected VLAN • Adding One VLAN • Catalyst Crash – Supports Standard 802.1Q • Sending RAW 802.1Q packet • Sending double encapsulated 802.1Q packet • Sending 802.1Q ARP Poisoning (MITM) © Steve Jaworski, Bryan Young 2010
VLAN Protection • No tagged frames on edge ports • Use tagged frames when necessary (VoIP) – Lock Down VoIP VLAN • Locked down routing between VLANS • Turn off VTP (Cisco) manually setup VLANs • Multi-Device Port Authentication • Specify uplink ports (limits broadcasts and unknown unicasts) © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • Multi-Device Port Authentication • Dynamic VLAN Assignment © Steve Jaworski, Bryan Young 2010
Private VLAN • Limits communication between hosts at layer 2 © Steve Jaworski, Bryan Young 2010
Private VLAN Design © Steve Jaworski, Bryan Young 2010
Private VLAN Attacks • Hosts can still communicate at Layer 3 • Community – Still have a broadcast domain • ARP Spoofing • 802.1Q Attacks • Isolated – 802.1Q Attacks © Steve Jaworski, Bryan Young 2010
Private VLAN Protection • ACL at Layer 3 • Avoid community setup © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • Community and isolated VLANS • Ask for isolated © Steve Jaworski, Bryan Young 2010
Spanning Tree • Prevents bridge loops • Provides redundancy in Layer 2 topologies • STP and RSTP © Steve Jaworski, Bryan Young 2010
Spanning Tree Design © Steve Jaworski, Bryan Young 2010
Spanning Tree Attack • Man in the Middle • Flooding the BPDU Table – Bridge Protocol Data Unit • Insert device claiming it’s the root bridge • Claiming other roles on the network © Steve Jaworski, Bryan Young 2010
Spanning Tree Protection • Assign BPDU Guard – Setup edge ports to ignore BPDUs – Port Disabled if BPDUs are received • Assign Root Guard – Set one switch as always root – Port disabled if lower cost received. © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • BPDU Guard • Root Guard • Handling of all “0” BPDU © Steve Jaworski, Bryan Young 2010
ACL’S • We all know what they are – Standard • access-list 35 deny host 124.107.140.182 log • access-list 35 deny host 91.19.35.246 log • access-list 35 deny host 212.227.55.84 log • access-list 35 deny host 65.55.174.125 log © Steve Jaworski, Bryan Young 2010
ACL’S (cont) – Extended • 150 permit tcp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq http • 150 permit tcp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq ssl • 150 permit tcp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq dns • 150 permit udp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq dns – Some Filter Options – QoS – Fragments and Offsets – Packet Length – ToS © Steve Jaworski, Bryan Young 2010
ACL Attacks • Stateless • Encapsulate your packets • Fragment overlap ACL bypass • DoS attacking closed IPs and port – CPU vs ASIC routers © Steve Jaworski, Bryan Young 2010
ACL Protection • Use them for what they are meant • IP Spoofing • IP to IP • Not meant for application inspection • Established • Strict filtering © Steve Jaworski, Bryan Young 2010
802.1X • Port Based Access Control • IEEE Standard © Steve Jaworski, Bryan Young 2010
802.1x Attacks • Dictionary attack based on authentication used (LEAP, PEAP) • Rogue authentication server – Capture NTLM authentication request • Yersinia Framework – Supports 802.1x Wired Authentication • Sending RAW 802.1X packet • MITM 802.1X with 2 interfaces © Steve Jaworski, Bryan Young 2010
802.1x Protection • Set authentication failure limits • Client needs to verify certificates • Move to certificate per host (EAP-TLS) • Multi-Device Port Authentication © Steve Jaworski, Bryan Young 2010
Multi-Port Authentication © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • Username/Password and MAC/Password authentication • Avoid MAC/MAC authentication • Are VSA’s required? • Will RADIUS server support VSA’s & EAP • Dynamic VLAN assignment • Dynamic ACL assignment © Steve Jaworski, Bryan Young 2010
MAC Address • The 48 bit address – 12:45:AC:65:79:0F • Unique ID to every network interface © Steve Jaworski, Bryan Young 2010
MAC Attacks • Easy to spoof • MAC address also password for RADIUS authentication, can possibly authenticate as user or device • Flood MAC table of switch © Steve Jaworski, Bryan Young 2010
MAC Protection • MAC address should not be password for network authentication – Network Device sends password. • Limit MAC table • Limit amounts MAC addresses per port • Layer 2 ACL. Filter MAC by OUI – Organizationally Unique Identifier • Don’t rely on MAC address authentication © Steve Jaworski, Bryan Young 2010
ARP • IP to MAC address • Allows for “host to host” communication on a network device without going through the gateway. © Steve Jaworski, Bryan Young 2010
ARP Attacks • ARP Poisoning/Spoofing © Steve Jaworski, Bryan Young 2010
ARP Router Table IP Address MAC Address Type Age Port Status 192.168.1.2 00bo.6898.a5af Dynamic 2 0/1/1 Valid 2 192.168.1.3 00bo.6898.a5af Dynamic 3 0/1/1 Valid 3 192.168.1.4 00bo.6898.a5af Dynamic 6 0/1/1 Valid 4 192.168.1.5 00bo.6898.a5af Dynamic 5 0/1/1 Valid 5 192.168.1.6 00bo.6898.a5af Dynamic 3 0/1/1 Valid 6 192.168.1.7 00bo.6898.a5af Dynamic 4 0/1/1 Valid 7 192.168.1.8 00bo.6898.a5af Dynamic 4 0/1/1 Valid 8 192.168.1.9 00bo.6898.a5af Dynamic 2 0/1/1 Valid 9 192.168.1.11 00bo.6898.a5af Dynamic 6 0/1/1 Valid 10 192.168.1.16 00bo.6898.a5af Dynamic 7 0/1/1 Valid 11 192.168.1.19 00bo.6898.a5af Dynamic 1 0/1/1 Valid 12 © Steve Jaworski, Bryan Young 2010
ARP Attack Tools • Ettercap • Cain and Abel • Arpspoof (dsniff) © Steve Jaworski, Bryan Young 2010
ARP Protection • Dynamic ARP Inspection • Static ARP Table • Endpoint software © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • Dynamic ARP Inspection (DAI) • IDS on the desktop – Endpoint software © Steve Jaworski, Bryan Young 2010
Routing • Static or Protocol • Interior Routing Protocols – RIP, RIPv2 – OSPF V2, V3 – IGRP, EIGRP (proprietary) © Steve Jaworski, Bryan Young 2010
Routing Attack • MD5 authentication hash easily cracked – http://gdataonline.com/seekhash.php • Contains over 1 billion hashes, and is free! • Source routing • Inject static routes • Yersinia Framework – Supports Hot Standby Router Protocol • Becoming active router • Becoming active router (MITM) © Steve Jaworski, Bryan Young 2010
Routing Protection • Make sure IP source routing is off. • Use routing protocol that requires authentication (different keys between routers) • Encapsulate routing protocol in IPsec • Use static routes where necessary – Limit propagation of static routes © Steve Jaworski, Bryan Young 2010
Routing Protection (cont) • Suppress routing announcements • Route to null if appropriate and log • Be good net neighbor, only let your IP’s out • Limit global routes – Don’t route to 10.0.0.0/8 when you can use more specific routes © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • Encapsulate routing protocols in IPSec • Support for authenticated routing protocols © Steve Jaworski, Bryan Young 2010
Dynamic Host Configuration Protocol • Assign hosts IP addresses • Assigns DNS and routing info © Steve Jaworski, Bryan Young 2010
DHCP Attack • Yersinia Framework – Supports all DHCP standards • Sending RAW DHCP packet • DoS sending DISCOVER packet (exhausting ip pool) • Setting up rogue DHCP server • DoS sending RELEASE packet (releasing assigned IP) • Spoofed/Fake DHCP Server © Steve Jaworski, Bryan Young 2010
DHCP Protection • DHCP Snooping – No static assigned IP address • IP Source Guard – Only let DHCP packets from trusted ports © Steve Jaworski, Bryan Young 2010
IP Source Guard © Steve Jaworski, Bryan Young 2010
Ask Your Vendors • DHCP Snooping • IP Source Guard © Steve Jaworski, Bryan Young 2010
Packet Control • SYN per second • RST per second • Broadcasts per second © Steve Jaworski, Bryan Young 2010
Refresh • Limit L2 discovery protocols • Spanning-Tree protection – Root/BPDU Guard • Anti-Spoofing ACL’s • Routing – Restrict routing updates, authenticate, encrypt, no source, use null © Steve Jaworski, Bryan Young 2010
Refresh (cont) • MAC address restrictions • Turn off routing between subnets/VLANs • DHCP Snooping/IP Source Guard • Limit TCP SYNs, RSTs, Broadcasts © Steve Jaworski, Bryan Young 2010
Thank You • Questions • Comments • Thanks to Sippleware for QA © Steve Jaworski, Bryan Young 2010

Empfohlen

IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructurelaurabeckcahoon
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und HackingSwiss IPv6 Council
 
Multicast in OpenStack
Multicast in OpenStackMulticast in OpenStack
Multicast in OpenStackVikram G Hosakote
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport IPv6no
 
Innovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceInnovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceCisco Canada
 
Router and Switches Cisco
Router and Switches CiscoRouter and Switches Cisco
Router and Switches CiscoSunmedia Corporation
 

Empfohlen

IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructurelaurabeckcahoon
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und HackingSwiss IPv6 Council
 
Multicast in OpenStack
Multicast in OpenStackMulticast in OpenStack
Multicast in OpenStackVikram G Hosakote
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport IPv6no
 
Innovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceInnovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceCisco Canada
 
Router and Switches Cisco
Router and Switches CiscoRouter and Switches Cisco
Router and Switches CiscoSunmedia Corporation
 
IPv6 implementation for end users
IPv6 implementation for end usersIPv6 implementation for end users
IPv6 implementation for end usersdraskolnikova
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technicalImranD1
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack TipsVikram G Hosakote
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Gade Gowtham
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewIPv6 Conference
 
Securing MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLSecuring MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLwolfSSL
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Data Center: Cloud & Convergencia
Data Center: Cloud & ConvergenciaData Center: Cloud & Convergencia
Data Center: Cloud & ConvergenciaLogicalis Latam
 
I/O virtualization with InfiniBand and 40 Gigabit Ethernet
I/O virtualization with InfiniBand and 40 Gigabit EthernetI/O virtualization with InfiniBand and 40 Gigabit Ethernet
I/O virtualization with InfiniBand and 40 Gigabit EthernetMellanox Technologies
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]APNIC
 
IBTA Releases Updated Specification for RoCEv2
IBTA Releases Updated Specification for RoCEv2IBTA Releases Updated Specification for RoCEv2
IBTA Releases Updated Specification for RoCEv2inside-BigData.com
 
Cisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudCisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudsolarisyougood
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformCisco Canada
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalThe Linux Foundation
 
Qvsd datasheet
Qvsd datasheetQvsd datasheet
Qvsd datasheetciperi
 
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...kds850
 
Cipc
CipcCipc
Cipcashiesh0007
 
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]RootedCON
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 

Weitere ähnliche Inhalte

Was ist angesagt?

IPv6 implementation for end users
IPv6 implementation for end usersIPv6 implementation for end users
IPv6 implementation for end usersdraskolnikova
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technicalImranD1
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Gade Gowtham
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewIPv6 Conference
 
Securing MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLSecuring MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLwolfSSL
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Data Center: Cloud & Convergencia
Data Center: Cloud & ConvergenciaData Center: Cloud & Convergencia
Data Center: Cloud & ConvergenciaLogicalis Latam
 
I/O virtualization with InfiniBand and 40 Gigabit Ethernet
I/O virtualization with InfiniBand and 40 Gigabit EthernetI/O virtualization with InfiniBand and 40 Gigabit Ethernet
I/O virtualization with InfiniBand and 40 Gigabit EthernetMellanox Technologies
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]APNIC
 
IBTA Releases Updated Specification for RoCEv2
IBTA Releases Updated Specification for RoCEv2IBTA Releases Updated Specification for RoCEv2
IBTA Releases Updated Specification for RoCEv2inside-BigData.com
 
Cisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudCisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudsolarisyougood
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformCisco Canada
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalThe Linux Foundation
 
Qvsd datasheet
Qvsd datasheetQvsd datasheet
Qvsd datasheetciperi
 
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...kds850
 

Was ist angesagt? (20)

IPv6 implementation for end users
IPv6 implementation for end usersIPv6 implementation for end users
IPv6 implementation for end users
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technical
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack Tips
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security Devices
 
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of View
 
Securing MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLSecuring MySQL with a Focus on SSL
Securing MySQL with a Focus on SSL
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
Data Center: Cloud & Convergencia
Data Center: Cloud & ConvergenciaData Center: Cloud & Convergencia
Data Center: Cloud & Convergencia
 
I/O virtualization with InfiniBand and 40 Gigabit Ethernet
I/O virtualization with InfiniBand and 40 Gigabit EthernetI/O virtualization with InfiniBand and 40 Gigabit Ethernet
I/O virtualization with InfiniBand and 40 Gigabit Ethernet
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
 
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]
Introducing JPCERT/CC's activity for securing IPv6 gears [APRICOT 2015]
 
IBTA Releases Updated Specification for RoCEv2
IBTA Releases Updated Specification for RoCEv2IBTA Releases Updated Specification for RoCEv2
IBTA Releases Updated Specification for RoCEv2
 
Cisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudCisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloud
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching Platform
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
 
Qvsd datasheet
Qvsd datasheetQvsd datasheet
Qvsd datasheet
 
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
 
Cipc
CipcCipc
Cipc
 

Ähnlich wie Dont Get Caught With Your Layers Down

Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]RootedCON
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
Day 15.1 spanningtreeprotocol
Day 15.1 spanningtreeprotocolDay 15.1 spanningtreeprotocol
Day 15.1 spanningtreeprotocolCYBERINTELLIGENTS
 
ZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_TrainingZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_Trainingmarrshsu
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlWarren Bent
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginEC-Council
 
LinuxConJapan2014_makita_0_MACVLAN.pdf
LinuxConJapan2014_makita_0_MACVLAN.pdfLinuxConJapan2014_makita_0_MACVLAN.pdf
LinuxConJapan2014_makita_0_MACVLAN.pdfDanielHanganu2
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
 
CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3Nil Menon
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Wireless Feature Update
Wireless Feature UpdateWireless Feature Update
Wireless Feature UpdateCisco Canada
 
Why Every Engineer Needs WLAN Packet Analysis
Why Every Engineer Needs WLAN Packet AnalysisWhy Every Engineer Needs WLAN Packet Analysis
Why Every Engineer Needs WLAN Packet AnalysisSavvius, Inc
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360Scott Sutherland
 

Ähnlich wie Dont Get Caught With Your Layers Down (20)

Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
Day 15.1 spanningtreeprotocol
Day 15.1 spanningtreeprotocolDay 15.1 spanningtreeprotocol
Day 15.1 spanningtreeprotocol
 
ZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_TrainingZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_Training
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call Control
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
 
LinuxConJapan2014_makita_0_MACVLAN.pdf
LinuxConJapan2014_makita_0_MACVLAN.pdfLinuxConJapan2014_makita_0_MACVLAN.pdf
LinuxConJapan2014_makita_0_MACVLAN.pdf
 
Basic Network Security_Primer
Basic Network Security_PrimerBasic Network Security_Primer
Basic Network Security_Primer
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
 
CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3CCNA 2 Routing and Switching v5.0 Chapter 3
CCNA 2 Routing and Switching v5.0 Chapter 3
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Wireless Feature Update
Wireless Feature UpdateWireless Feature Update
Wireless Feature Update
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
2012 ah vegas wlan design for voice video
2012 ah vegas wlan design for voice video2012 ah vegas wlan design for voice video
2012 ah vegas wlan design for voice video
 
Why Every Engineer Needs WLAN Packet Analysis
Why Every Engineer Needs WLAN Packet AnalysisWhy Every Engineer Needs WLAN Packet Analysis
Why Every Engineer Needs WLAN Packet Analysis
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
 

Kürzlich hochgeladen

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Kürzlich hochgeladen (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Dont Get Caught With Your Layers Down

  • 1. Don't Get Caught with Your Layers Down With Steve Jaworski Bryan Young © Steve Jaworski, Bryan Young 2010
  • 2. Agenda • Discuss Common Layer 2 and Layer 3 – Attacks – Tools – Protection • Questions you should be asking your vendors • Bryan vs Steve (Points of View) © Steve Jaworski, Bryan Young 2010
  • 3. L2 Discovery Protocols • Proprietary – CDP Cisco – FDP Foundry/Brocade – LLTP Microsoft – Vista, Win 7 • Open Standard – LLDP Link Layer Discovery Protocol © Steve Jaworski, Bryan Young 2010
  • 4. L2 Examples Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater (*) indicates a CDP device Device ID Local Int Holdtm Capability Platform Port ID -------------- ------------ ------ ---------- ----------- ------------- Head ethernet1/1 141 Router Router 1 ethernet3/3 Head ethernet1/2 141 Router Router 1 ethernet3/4 Building A ethernet1/3 120 Switch Switch ethernet49 Building B ethernet1/4 165 Switch Switch ethernet49 Building C ethernet1/5 170 Switch Switch ethernet49 Building D ethernet1/6 144 Router Router 2 ethernet1 Building E ethernet1/7 157 Switch Switch ethernet0/1/47 Building F ethernet1/8 180 Switch Switch ethernet49 Building G ethernet1/9 168 Switch Switch ethernet49 Building H ethernet1/10 127 Switch Switch ethernet49 © Steve Jaworski, Bryan Young 2010
  • 5. L2 Discovery Attacks • Yersinia Framework (http://www.yersinia.net/) – Supports Cisco Discovery Protocol • Sending RAW CDP Packet • DoS Flooding CDP Neighbors Table • Setting up a “Virtual Device” • IRPAS (http://www.phenoelit-us.org/fr/tools.html) – DoS Attack – Spoof Attack – VLAN Assignment – DHCP Assignment – 802.1Q VLAN Assignment © Steve Jaworski, Bryan Young 2010
  • 6. L2 Discovery Protocols Protection • Turn off on user edge ports – interface GigabitEthernet1/1 – ip address 192.168.100.1 255.255.255.0 – no cdp enable • Where should I enable – May be necessary evil for VoIP – Bryan vs Steve © Steve Jaworski, Bryan Young 2010
  • 7. L2 Discovery Design © Steve Jaworski, Bryan Young 2010
  • 8. Ask Your Vendors • Ability to turn off discovery protocols • Understand all features of proprietary protocols © Steve Jaworski, Bryan Young 2010
  • 9. VLAN 802.1Q • Does a VLAN provide security? – Bryan vs Steve • Great for segmenting broadcast domains • Organize your hosts • Finding points of origin © Steve Jaworski, Bryan Young 2010
  • 10. VLAN 802.1Q Design © Steve Jaworski, Bryan Young 2010
  • 11. VLAN Attacks • Switch Spoofing • Double Hopping • Yersinia Framework – Supports VLAN Trunking Protocol • Sending Raw VTP Packet (Cisco) • Deleting ALL VLANS • Deleting Selected VLAN • Adding One VLAN • Catalyst Crash – Supports Standard 802.1Q • Sending RAW 802.1Q packet • Sending double encapsulated 802.1Q packet • Sending 802.1Q ARP Poisoning (MITM) © Steve Jaworski, Bryan Young 2010
  • 12. VLAN Protection • No tagged frames on edge ports • Use tagged frames when necessary (VoIP) – Lock Down VoIP VLAN • Locked down routing between VLANS • Turn off VTP (Cisco) manually setup VLANs • Multi-Device Port Authentication • Specify uplink ports (limits broadcasts and unknown unicasts) © Steve Jaworski, Bryan Young 2010
  • 13. Ask Your Vendors • Multi-Device Port Authentication • Dynamic VLAN Assignment © Steve Jaworski, Bryan Young 2010
  • 14. Private VLAN • Limits communication between hosts at layer 2 © Steve Jaworski, Bryan Young 2010
  • 15. Private VLAN Design © Steve Jaworski, Bryan Young 2010
  • 16. Private VLAN Attacks • Hosts can still communicate at Layer 3 • Community – Still have a broadcast domain • ARP Spoofing • 802.1Q Attacks • Isolated – 802.1Q Attacks © Steve Jaworski, Bryan Young 2010
  • 17. Private VLAN Protection • ACL at Layer 3 • Avoid community setup © Steve Jaworski, Bryan Young 2010
  • 18. Ask Your Vendors • Community and isolated VLANS • Ask for isolated © Steve Jaworski, Bryan Young 2010
  • 19. Spanning Tree • Prevents bridge loops • Provides redundancy in Layer 2 topologies • STP and RSTP © Steve Jaworski, Bryan Young 2010
  • 20. Spanning Tree Design © Steve Jaworski, Bryan Young 2010
  • 21. Spanning Tree Attack • Man in the Middle • Flooding the BPDU Table – Bridge Protocol Data Unit • Insert device claiming it’s the root bridge • Claiming other roles on the network © Steve Jaworski, Bryan Young 2010
  • 22. Spanning Tree Protection • Assign BPDU Guard – Setup edge ports to ignore BPDUs – Port Disabled if BPDUs are received • Assign Root Guard – Set one switch as always root – Port disabled if lower cost received. © Steve Jaworski, Bryan Young 2010
  • 23. Ask Your Vendors • BPDU Guard • Root Guard • Handling of all “0” BPDU © Steve Jaworski, Bryan Young 2010
  • 24. ACL’S • We all know what they are – Standard • access-list 35 deny host 124.107.140.182 log • access-list 35 deny host 91.19.35.246 log • access-list 35 deny host 212.227.55.84 log • access-list 35 deny host 65.55.174.125 log © Steve Jaworski, Bryan Young 2010
  • 25. ACL’S (cont) – Extended • 150 permit tcp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq http • 150 permit tcp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq ssl • 150 permit tcp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq dns • 150 permit udp 192.168.0.0 0.0.255.255 host 192.16.0.25 eq dns – Some Filter Options – QoS – Fragments and Offsets – Packet Length – ToS © Steve Jaworski, Bryan Young 2010
  • 26. ACL Attacks • Stateless • Encapsulate your packets • Fragment overlap ACL bypass • DoS attacking closed IPs and port – CPU vs ASIC routers © Steve Jaworski, Bryan Young 2010
  • 27. ACL Protection • Use them for what they are meant • IP Spoofing • IP to IP • Not meant for application inspection • Established • Strict filtering © Steve Jaworski, Bryan Young 2010
  • 28. 802.1X • Port Based Access Control • IEEE Standard © Steve Jaworski, Bryan Young 2010
  • 29. 802.1x Attacks • Dictionary attack based on authentication used (LEAP, PEAP) • Rogue authentication server – Capture NTLM authentication request • Yersinia Framework – Supports 802.1x Wired Authentication • Sending RAW 802.1X packet • MITM 802.1X with 2 interfaces © Steve Jaworski, Bryan Young 2010
  • 30. 802.1x Protection • Set authentication failure limits • Client needs to verify certificates • Move to certificate per host (EAP-TLS) • Multi-Device Port Authentication © Steve Jaworski, Bryan Young 2010
  • 31. Multi-Port Authentication © Steve Jaworski, Bryan Young 2010
  • 32. Ask Your Vendors • Username/Password and MAC/Password authentication • Avoid MAC/MAC authentication • Are VSA’s required? • Will RADIUS server support VSA’s & EAP • Dynamic VLAN assignment • Dynamic ACL assignment © Steve Jaworski, Bryan Young 2010
  • 33. MAC Address • The 48 bit address – 12:45:AC:65:79:0F • Unique ID to every network interface © Steve Jaworski, Bryan Young 2010
  • 34. MAC Attacks • Easy to spoof • MAC address also password for RADIUS authentication, can possibly authenticate as user or device • Flood MAC table of switch © Steve Jaworski, Bryan Young 2010
  • 35. MAC Protection • MAC address should not be password for network authentication – Network Device sends password. • Limit MAC table • Limit amounts MAC addresses per port • Layer 2 ACL. Filter MAC by OUI – Organizationally Unique Identifier • Don’t rely on MAC address authentication © Steve Jaworski, Bryan Young 2010
  • 36. ARP • IP to MAC address • Allows for “host to host” communication on a network device without going through the gateway. © Steve Jaworski, Bryan Young 2010
  • 37. ARP Attacks • ARP Poisoning/Spoofing © Steve Jaworski, Bryan Young 2010
  • 38. ARP Router Table IP Address MAC Address Type Age Port Status 192.168.1.2 00bo.6898.a5af Dynamic 2 0/1/1 Valid 2 192.168.1.3 00bo.6898.a5af Dynamic 3 0/1/1 Valid 3 192.168.1.4 00bo.6898.a5af Dynamic 6 0/1/1 Valid 4 192.168.1.5 00bo.6898.a5af Dynamic 5 0/1/1 Valid 5 192.168.1.6 00bo.6898.a5af Dynamic 3 0/1/1 Valid 6 192.168.1.7 00bo.6898.a5af Dynamic 4 0/1/1 Valid 7 192.168.1.8 00bo.6898.a5af Dynamic 4 0/1/1 Valid 8 192.168.1.9 00bo.6898.a5af Dynamic 2 0/1/1 Valid 9 192.168.1.11 00bo.6898.a5af Dynamic 6 0/1/1 Valid 10 192.168.1.16 00bo.6898.a5af Dynamic 7 0/1/1 Valid 11 192.168.1.19 00bo.6898.a5af Dynamic 1 0/1/1 Valid 12 © Steve Jaworski, Bryan Young 2010
  • 39. ARP Attack Tools • Ettercap • Cain and Abel • Arpspoof (dsniff) © Steve Jaworski, Bryan Young 2010
  • 40. ARP Protection • Dynamic ARP Inspection • Static ARP Table • Endpoint software © Steve Jaworski, Bryan Young 2010
  • 41. Ask Your Vendors • Dynamic ARP Inspection (DAI) • IDS on the desktop – Endpoint software © Steve Jaworski, Bryan Young 2010
  • 42. Routing • Static or Protocol • Interior Routing Protocols – RIP, RIPv2 – OSPF V2, V3 – IGRP, EIGRP (proprietary) © Steve Jaworski, Bryan Young 2010
  • 43. Routing Attack • MD5 authentication hash easily cracked – http://gdataonline.com/seekhash.php • Contains over 1 billion hashes, and is free! • Source routing • Inject static routes • Yersinia Framework – Supports Hot Standby Router Protocol • Becoming active router • Becoming active router (MITM) © Steve Jaworski, Bryan Young 2010
  • 44. Routing Protection • Make sure IP source routing is off. • Use routing protocol that requires authentication (different keys between routers) • Encapsulate routing protocol in IPsec • Use static routes where necessary – Limit propagation of static routes © Steve Jaworski, Bryan Young 2010
  • 45. Routing Protection (cont) • Suppress routing announcements • Route to null if appropriate and log • Be good net neighbor, only let your IP’s out • Limit global routes – Don’t route to 10.0.0.0/8 when you can use more specific routes © Steve Jaworski, Bryan Young 2010
  • 46. Ask Your Vendors • Encapsulate routing protocols in IPSec • Support for authenticated routing protocols © Steve Jaworski, Bryan Young 2010
  • 47. Dynamic Host Configuration Protocol • Assign hosts IP addresses • Assigns DNS and routing info © Steve Jaworski, Bryan Young 2010
  • 48. DHCP Attack • Yersinia Framework – Supports all DHCP standards • Sending RAW DHCP packet • DoS sending DISCOVER packet (exhausting ip pool) • Setting up rogue DHCP server • DoS sending RELEASE packet (releasing assigned IP) • Spoofed/Fake DHCP Server © Steve Jaworski, Bryan Young 2010
  • 49. DHCP Protection • DHCP Snooping – No static assigned IP address • IP Source Guard – Only let DHCP packets from trusted ports © Steve Jaworski, Bryan Young 2010
  • 50. IP Source Guard © Steve Jaworski, Bryan Young 2010
  • 51. Ask Your Vendors • DHCP Snooping • IP Source Guard © Steve Jaworski, Bryan Young 2010
  • 52. Packet Control • SYN per second • RST per second • Broadcasts per second © Steve Jaworski, Bryan Young 2010
  • 53. Refresh • Limit L2 discovery protocols • Spanning-Tree protection – Root/BPDU Guard • Anti-Spoofing ACL’s • Routing – Restrict routing updates, authenticate, encrypt, no source, use null © Steve Jaworski, Bryan Young 2010
  • 54. Refresh (cont) • MAC address restrictions • Turn off routing between subnets/VLANs • DHCP Snooping/IP Source Guard • Limit TCP SYNs, RSTs, Broadcasts © Steve Jaworski, Bryan Young 2010
  • 55. Thank You • Questions • Comments • Thanks to Sippleware for QA © Steve Jaworski, Bryan Young 2010