SlideShare ist ein Scribd-Unternehmen logo

LAYER2_

Als PPSX, PDF herunterladen
Nishad Dadhaniya
Nishad Dadhaniya
1 von 40
LAYER 2 ATTACKS & COUNTERMEASURES Nishad Dadhaniya N.Dadhaniya@salamtechnology.com
BACK TO BASICS 101  What is MAC Address ?  What Is ARP ? How it works ?  What is Switch ? What They do for living ?  Layer 2 Attacks and Countermeasures
BACK TO BASICS 101  What is MAC address (media access control address) ? • It’s Also Known as Ethernet hardware address , Burned in Address (BIA) , Physical Address • 48 bit Address commonly represented as 01:23:45:67:89:ab or 0123.4567.89ab or ?
BACK TO BASICS 101  ARP (Address resolution Protocol) • Why we required ARP ?
BACK TO BASICS 101  ARP (Address resolution Protocol) IP PACKETAAA ???
BACK TO BASICS 101  ARP (Address resolution Protocol) IP PACKETAAA ??? ARP TABLE 192.168.1.1:AAA ARP TABLE 192.168.1.2:BBB ARP REQ ARPREP IP PACKETAAA BBB
192.168.20.1/24 cc:cc:cc:cc:cc:20 192.168.1.1/24 cc:cc:cc:cc:cc:01
 Ethernet is Layer 2 protocol .  Ethernet frames need a destination MAC address.  If Destination MAC is in your ARP table , You can send the Frame .  If isn’t , you send a broadcast ARP request to find the mac address .  IF the destination host is On your subnet you can send frame directly to that HOST .  If the Destination host is on another subnet , you have to send frame to your default gateway .  Remember you send frame to the gateway’s MAC address .
BACK TO BASICS 101  What is switch ? What they do for Living .
BACK TO BASICS 101 • Switch is Layer2/3 Device . • Every Port have their Own Intelligence (ASIC). • VLANS - Used for Separate ports into different broadcast domain (BY default its single BD ) - Host in same vlan share the same broadcast domain - Traffic inside The Vlan is layer 2 (magically) Switched. - Traffic outside or between vlans must be layer 3 routed
BACK TO BASICS 101
Layer 2 Security Layer 2 Landscape Attacks and Countermeasures - MAC Attacks - Vlan Hopping - DHCP attacks - ARP Attacks
Layer 2 Security
CAM Overflow  macof Tool since 1999  Attack successful by exploiting the size limit on CAM tables  Macof sends floods of frames with random source mac and ip address SW#show mac-address-table count MAC Entries for all vlans : Dynamic Address Count: 924 Static Address (User-defined) Count: 115 Total MAC Addresses In Use: 1039 Total MAC Addresses Available: 65536
CAM Overflow - Countermeasures Cisco IOS Mitigation switch(config-if)# switchport mode access !Set the interface mode as access! switch(config-if)# switchport port-security !Enable port-security on the interface! switch(config-if)# switchport port-security mac-address { <mac_addr> | sticky } !Enable port security on the MAC address as H.H.H or record the first MAC address connected to the interface! switch(config-if)# switchport port-security maximum <max_addresses> !Set maximum number of MAC addresses on the port! switch(config-if)# switchport port-security violation { protect | restrict | shutdown } !Protect, Restrict or Shutdown the port. Cisco recommends the shutdown option!
CAM Overflow - Mitigation
CAM Overflow - Mitigation
CAM Overflow - Mitigation
DHCP Function
DHCP Function
DHCP Starvation Attack
Counter Measures for DHCP Attacks
DHCP Attack – Rogue DHCP Server
DHCP Attack – Rogue DHCP Server
DHCP Attack – Countermeasures
DHCP Advance Configuration
DHCP Advance Configuration
ARP
ARP
ARP
ARP
ARP
ARP - countermeasures
ARP - countermeasures
ARP - countermeasures
ARP - countermeasures
TIPS
TIPS
Summary
Thank you

Empfohlen

Switching
SwitchingSwitching
SwitchingNetwax Lab
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1aghacrom
 
Pt topology-switch block-vla-ns
Pt topology-switch block-vla-nsPt topology-switch block-vla-ns
Pt topology-switch block-vla-nsKhaled Qureshi
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchADDY50
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCCNA4Answers
 

Empfohlen

Switching
SwitchingSwitching
SwitchingNetwax Lab
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1aghacrom
 
Pt topology-switch block-vla-ns
Pt topology-switch block-vla-nsPt topology-switch block-vla-ns
Pt topology-switch block-vla-nsKhaled Qureshi
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchADDY50
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCCNA4Answers
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access Netwax Lab
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101Jörgen Gade
 
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric VanderburgCCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric VanderburgEric Vanderburg
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switchHector Camba Lainez
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2AIRTEL
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheetaromal4frnz
 
Ccna 2 rse practice skills assessment
Ccna 2 rse practice skills assessmentCcna 2 rse practice skills assessment
Ccna 2 rse practice skills assessmentfriv4schoolgames
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1Mohmed Abou Elenein Attia
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
Activy tecnologi and instructions
Activy tecnologi and instructionsActivy tecnologi and instructions
Activy tecnologi and instructionsperhimpunan mahasiswa bone "ARUMPONE" Politeknik negeri ujung pandang
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsMike McLain
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionHuawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionIPMAX s.r.l.
 
Managing Redundant Links & Inter-VLAN Routing
Managing Redundant Links & Inter-VLAN RoutingManaging Redundant Links & Inter-VLAN Routing
Managing Redundant Links & Inter-VLAN RoutingSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+mohdsyahmi789
 
How to Configure Routing Information Protocol (RIP)
How to Configure Routing Information Protocol (RIP)How to Configure Routing Information Protocol (RIP)
How to Configure Routing Information Protocol (RIP)IT Tech
 
CCNA- part 10 wan link-isdn
CCNA- part 10 wan link-isdnCCNA- part 10 wan link-isdn
CCNA- part 10 wan link-isdnSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Como ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalComo ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalStrong Security Brasil
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access Netwax Lab
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101Jörgen Gade
 
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric VanderburgCCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric VanderburgEric Vanderburg
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2AIRTEL
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheetaromal4frnz
 
Ccna 2 rse practice skills assessment
Ccna 2 rse practice skills assessmentCcna 2 rse practice skills assessment
Ccna 2 rse practice skills assessmentfriv4schoolgames
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsMike McLain
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionHuawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionIPMAX s.r.l.
 
Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+mohdsyahmi789
 
How to Configure Routing Information Protocol (RIP)
How to Configure Routing Information Protocol (RIP)How to Configure Routing Information Protocol (RIP)
How to Configure Routing Information Protocol (RIP)IT Tech
 

Was ist angesagt? (20)

Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commands
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switching
 
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101
B cisco n3k_layer2_config_gd_503_u2_1_chapter_01101
 
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric VanderburgCCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheet
 
Ccna 2 rse practice skills assessment
Ccna 2 rse practice skills assessmentCcna 2 rse practice skills assessment
Ccna 2 rse practice skills assessment
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Conf
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
 
Activy tecnologi and instructions
Activy tecnologi and instructionsActivy tecnologi and instructions
Activy tecnologi and instructions
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionHuawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
 
Managing Redundant Links & Inter-VLAN Routing
Managing Redundant Links & Inter-VLAN RoutingManaging Redundant Links & Inter-VLAN Routing
Managing Redundant Links & Inter-VLAN Routing
 
Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+
 
How to Configure Routing Information Protocol (RIP)
How to Configure Routing Information Protocol (RIP)How to Configure Routing Information Protocol (RIP)
How to Configure Routing Information Protocol (RIP)
 
CCNA- part 10 wan link-isdn
CCNA- part 10 wan link-isdnCCNA- part 10 wan link-isdn
CCNA- part 10 wan link-isdn
 

Andere mochten auch

Como ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalComo ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalStrong Security Brasil
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignYosuke Sakai
 
Improving web application security, part i
Improving web application security, part iImproving web application security, part i
Improving web application security, part iKangkan Goswami
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasuressecurityxploded
 
Apresentação Cyberpunk
Apresentação CyberpunkApresentação Cyberpunk
Apresentação CyberpunkOrlando Simões
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesLuis Nassif
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesLuis Nassif
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Unpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresUnpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresESET
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Buffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentBuffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentAmar Myana
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogenswarwick_amr
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011International Atomic Energy Agency
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingpolichen
 

Andere mochten auch (20)

Como ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalComo ser um Hacker Ético Profissional
Como ser um Hacker Ético Profissional
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction Design
 
Improving web application security, part i
Improving web application security, part iImproving web application security, part i
Improving web application security, part i
 
A3 problem solving
A3 problem solvingA3 problem solving
A3 problem solving
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasures
 
Apresentação Cyberpunk
Apresentação CyberpunkApresentação Cyberpunk
Apresentação Cyberpunk
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga Gomes
 
Apresenta cyber (2)
Apresenta cyber (2)Apresenta cyber (2)
Apresenta cyber (2)
 
Formulario 3C
Formulario 3CFormulario 3C
Formulario 3C
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga Gomes
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Unpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresUnpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasures
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Buffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentBuffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security Assessment
 
Formulario 3C
Formulario 3CFormulario 3C
Formulario 3C
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogens
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
 

Ähnlich wie LAYER2_

Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptxjoko
 
Cisco systems hacking layer 2 ethernet switches
Cisco systems hacking layer 2 ethernet switchesCisco systems hacking layer 2 ethernet switches
Cisco systems hacking layer 2 ethernet switchesKJ Savaliya
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2Tutun Juhana
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
Frame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & VulnerabilitiesFrame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & VulnerabilitiesMarc-Andre Heroux
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationAbdelkhalik Mosa
 
Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2aghacrom
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingMarton Kiss
 
©LWTAOB© 2013 Cisco andLab – O.docx
©LWTAOB© 2013 Cisco andLab – O.docx©LWTAOB© 2013 Cisco andLab – O.docx
©LWTAOB© 2013 Cisco andLab – O.docxLynellBull52
 
NST Product Catalog
NST Product CatalogNST Product Catalog
NST Product Catalogmoonhyo
 

Ähnlich wie LAYER2_ (20)

Ch6
Ch6Ch6
Ch6
 
Switch security
Switch securitySwitch security
Switch security
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
 
Cisco systems hacking layer 2 ethernet switches
Cisco systems hacking layer 2 ethernet switchesCisco systems hacking layer 2 ethernet switches
Cisco systems hacking layer 2 ethernet switches
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 
Frame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & VulnerabilitiesFrame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & Vulnerabilities
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigation
 
VLAN
VLANVLAN
VLAN
 
Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programming
 
©LWTAOB© 2013 Cisco andLab – O.docx
©LWTAOB© 2013 Cisco andLab – O.docx©LWTAOB© 2013 Cisco andLab – O.docx
©LWTAOB© 2013 Cisco andLab – O.docx
 
NST Product Catalog
NST Product CatalogNST Product Catalog
NST Product Catalog
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 

LAYER2_

  • 1. LAYER 2 ATTACKS & COUNTERMEASURES Nishad Dadhaniya N.Dadhaniya@salamtechnology.com
  • 2. BACK TO BASICS 101  What is MAC Address ?  What Is ARP ? How it works ?  What is Switch ? What They do for living ?  Layer 2 Attacks and Countermeasures
  • 3. BACK TO BASICS 101  What is MAC address (media access control address) ? • It’s Also Known as Ethernet hardware address , Burned in Address (BIA) , Physical Address • 48 bit Address commonly represented as 01:23:45:67:89:ab or 0123.4567.89ab or ?
  • 4. BACK TO BASICS 101  ARP (Address resolution Protocol) • Why we required ARP ?
  • 5. BACK TO BASICS 101  ARP (Address resolution Protocol) IP PACKETAAA ???
  • 6. BACK TO BASICS 101  ARP (Address resolution Protocol) IP PACKETAAA ??? ARP TABLE 192.168.1.1:AAA ARP TABLE 192.168.1.2:BBB ARP REQ ARPREP IP PACKETAAA BBB
  • 8.  Ethernet is Layer 2 protocol .  Ethernet frames need a destination MAC address.  If Destination MAC is in your ARP table , You can send the Frame .  If isn’t , you send a broadcast ARP request to find the mac address .  IF the destination host is On your subnet you can send frame directly to that HOST .  If the Destination host is on another subnet , you have to send frame to your default gateway .  Remember you send frame to the gateway’s MAC address .
  • 9. BACK TO BASICS 101  What is switch ? What they do for Living .
  • 10. BACK TO BASICS 101 • Switch is Layer2/3 Device . • Every Port have their Own Intelligence (ASIC). • VLANS - Used for Separate ports into different broadcast domain (BY default its single BD ) - Host in same vlan share the same broadcast domain - Traffic inside The Vlan is layer 2 (magically) Switched. - Traffic outside or between vlans must be layer 3 routed
  • 12. Layer 2 Security Layer 2 Landscape Attacks and Countermeasures - MAC Attacks - Vlan Hopping - DHCP attacks - ARP Attacks
  • 14. CAM Overflow  macof Tool since 1999  Attack successful by exploiting the size limit on CAM tables  Macof sends floods of frames with random source mac and ip address SW#show mac-address-table count MAC Entries for all vlans : Dynamic Address Count: 924 Static Address (User-defined) Count: 115 Total MAC Addresses In Use: 1039 Total MAC Addresses Available: 65536
  • 15. CAM Overflow - Countermeasures Cisco IOS Mitigation switch(config-if)# switchport mode access !Set the interface mode as access! switch(config-if)# switchport port-security !Enable port-security on the interface! switch(config-if)# switchport port-security mac-address { <mac_addr> | sticky } !Enable port security on the MAC address as H.H.H or record the first MAC address connected to the interface! switch(config-if)# switchport port-security maximum <max_addresses> !Set maximum number of MAC addresses on the port! switch(config-if)# switchport port-security violation { protect | restrict | shutdown } !Protect, Restrict or Shutdown the port. Cisco recommends the shutdown option!
  • 16. CAM Overflow - Mitigation
  • 17. CAM Overflow - Mitigation
  • 18. CAM Overflow - Mitigation
  • 22. Counter Measures for DHCP Attacks
  • 23. DHCP Attack – Rogue DHCP Server
  • 24. DHCP Attack – Rogue DHCP Server
  • 25. DHCP Attack – Countermeasures
  • 28. ARP
  • 29. ARP
  • 30. ARP
  • 31. ARP
  • 32. ARP
  • 37. TIPS
  • 38. TIPS

Hinweis der Redaktion

  1. This is just test