SlideShare ist ein Scribd-Unternehmen logo

Introduction to layer 2 attacks & mitigation

Rishabh Dangwal
Rishabh Dangwal

An Introduction to layer 2 attacks & mitigation

Technologie
1 von 34
An Introduction to Layer 2 Attacks & Mitigation Rishabh Dangwal www.TheProhack.com | Twitter @prohack
Agenda  Layer 2 Security - The What, Why and What Now ?  Switching Basics  Quick Knowledge Check  The Attacks & their mitigation.  ARP based  Cisco Specific  STP & VLAN Attacks  Switch Configuration Review – What to look  Question Answer session.
Layer 2 Security The What, Why and What Now ?  OSI is a layered model and if one layer gets hacked, all layers are compromised.  Layer 2 Attacks are still very much relevant today.  Poorly configured Network environments.  Information gap between Network and Security Personnel (refer next slide).  Different architectures , same protocols; henceforth same weaknesses.  Security is only as strong as your weakest link.
Switching Basics  What is a Switch exactly ?  How does it function ?  VLAN basics.  Tagged and Untagged ports (also called as edge/access and Trunk ports).  Spanning Tree Basics.  Layer 3 Switching ?  More Layer 2 Switching Vendor specific technologies.
Quick Knowledge Check Kind questions to ask to your Network & Security Admins 1. How do they handle Network Security issues? 2. Is their network segmented by VLANs ? 3. Are their networked VLANs secure by design ? 4. What is the process of IP Segment allocation ? 5. Is there a formal Change Process in place ?
Flooding & Spoofing Attacks Attacks which utilize either flooding or resource starvation  ARP Poisoning  DHCP Starvation  CAM Table overflow
ARP Attacks  ARP Poisoning : can be easily carried out.  Stateless protocol.  NO inbuilt authentication  Limited to local network segments.  Can be escalated/exploited to MITM , SSH Interception , DOS, session hijacking attacks.  Tools of Trade : Ettercap, Cain & Abel , Dsniff
DHCP Starvation  DHCP Scope exhaustion by installing a rogue DHCP server.  Spoofed MAC requests broadcast/flood network.  Resource starvation occurs which may make a rogue server more effective.  Tools of Trade : Yersinia
CAM Table Overflow  Content Addressable Memory (CAM) is used in highly efficient search based environments.  Cisco switches use CAM to make MAC & interface mapping tables.  One can flood MAC in network which can fill CAM & thereby make a switch act like a hub.  Tools of Trade : Dsniff, Ettercap, Cain & Abel and more..
Flooding & Spoofing Attacks − Mitigation  Ensure Port Security is enabled (static ARP entries)  Enable Port Security  Enable DHCP Snooping.  Question Network admin on requirement of PARP / GARP if present in configuration.  Dynamic Arp Inspection .
Cisco Specific Attacks  CDP attacks − Applicable to Cisco IOS based devices.  VTP attacks − Applicable to Cisco Switches.  DTP Attack − Applicable to Cisco IOS based devices.  HSRP Abuse − Applicable to Cisco IOS based devices.
Cisco − CDP Attacks  Cisco Discovery Protocol (CDP) allows Cisco Devices to communicate with each other.  CDP communicates is unencrypted , unauthenticated & carries a ton of information.  CDP can be exploited to   CDP DOS (Even WLCs are vulnerable)  Overflow / Pollution / Corruption of CDP Cache  Raking up power bills (POE abuse)  Tools to Use : Yersinia
CDP Attacks − Mitigation  Turn CDP Off.  Check with Network guys for any specific requirement of CDP (VOIP phones/Tshoot).  All unused ports shall be shut by default.  BONUS : Different vendors have similar protocols −  Juniper / Huawei LLDP (LLDP Attack Framework)  Brocade FDP  Maipu MDSP
Cisco − VTP Attack  Virtual Trunking Protocol (VTP) is used by Cisco to propagate VLAN information.  VTP uses a versioning system with a client server architecture.  Clients sync their configuration with Server to maintain current VLAN database revision.  Attack involves DOS by sending VTP messages in the network.  Tools of Trade : Yersinia
VTP Attack − Mitigation  Check with admin if VTP is required, if NO, recommend them to configure switches in transparent mode.  If Yes, check if following parameters are configured correctly   VTP password should be there and shall be md5 encrypted (Service Password Encryption)  Non participating switches should be configured in transparent mode.  VTP pruning should be enabled.  All unused ports shall be shut by default.
DTP Attack  Dynamic Trunking Protocol (DTP) negotiates port states between 2 devices.  By default an interface is negotiated to become a Trunk (Tagged) port, hence its name.  One can send RAW DTP packets on Access interface & can make it trunk.  Trunk interface can then be used to escalate/exploit STP/VTP/VLAN based attacks.  Tools of Trade : Yersinia
DTP Attack − Mitigation  Turn of DTP by enabling no more auto-negotiation.  Refer below configuration for access (untagged) port, settings are hardcoded , nothing is auto.  All unused ports shall be shut by default.
HSRP Abuse  Hot Standby Router Protocol (HSRP) is used for achieving HA between Cisco devices.  Functions in Active/Passive mode, UDP 1985.  Uses multicast, by default password configured in plain text.  Attacker can send raw HSRP packet.  Compromise and become Active device with real or spoofed IP.  Tool to use : Yersinia
HSRP Abuse − Mitigation  Use MD5 authentication.  Hardcode everything.
Spanning Tree Attacks  Invented by Dr Radia Perlman, Spanning Tree Protocol (STP) is used for providing a loop free topology for a LAN or bridged network.  An attacker can disrupt STP topology by  Masquerading as a rogue switch.  Introducing a real switch in network.  Spoofing Root Switch  Sending malicious BPDU’s  Claiming roles in topology  Tools of Trade : Yersinia
Spanning Tree Attacks − Mitigation  Enable Root Guard on Cisco Switches, Root Protection on Juniper Switches.  Enable BPDU Guard on Cisco Switches, BPDU Protection on Juniper Switches.  All unused ports shall be shut by default.
Multicast Brute force  Switch receives a number of multicast frames in rapid succession.  Frames to leak into other VLAN instead of containing it on original VLAN.  May lead to DOS.  Rare nowadays.
Multicast Brute Force Attack − Mitigation  Buy switches with better queues/buffer and memory support.  Upgrade your supervisors (4500X and above , Cisco Only).
VLAN Based Attacks • VLAN Hopping − 802.1Q abuse. • PVLAN − Bypassing Layer 2 segregation logic.
VLAN Hopping  VLAN Hopping refers to emulation of a network switch & send frames (802.1Q/ISL).  An attacker can also send double tagged frames on trunk / access interface.  First frame will be stripped by switch and it will forward the frame to outgoing interface.  Since the frame is having one more tag, it will be forwarded as it is to next unintended VLAN.  Tools of Trade : Scapy, Ostinato
VLAN Hopping Attack − Mitigation  Disable DTP  Hardcode everything.  Unused ports shall be configured as access (untagged) ports.  Native VLAN segregation.  Management VLAN segregation.  Don’t use VLAN 1 for *anything*.
PVLAN Attacks  Community ports can communicate between themselves & promiscuous ports.  This logic can be bypassed using a proxy server or a Layer 3 Device on a promiscuous port.  L3 device will overwrite destination mac on frame & then sends frame back.  Unidirectional attack can be leveraged to a bidirectional attack by compromising hosts.  Tools of Trade : Scapy / Ostinato
PVLAN Attacks – Mitigation  Configure ACL on Layer 3 device.
Bonus : SNMP Snarfing  Simple Network Management Protocol (SNMP) is used to monitor and manage devices.  Vendor agonistic , has 3 versions, version 1.0 & version 2.0 most commonly used.  Plain text authentication.  Community strings can be bruteforced , fuzzed & hacked.  Wreak havoc using read write community.  Tools of Trade : Ettercap, dsniff.
SNMP Snarfing – Mitigation  Use SNMPv3 *only*, don’t use it in backwards compatible mode.  Don’t use community strings with write access.  Be SNMP Aware, don’t let it become “Security is Not My Problem”.
Switch Configuration Review  What to look in a sample Switch configuration dump.  Best Practices.  Looking at the big picture.
Conclusion  Ensure Switches are managed in a secured manner.  Hardcode everything.  Ensure there is a Change Management process for any Network and Security Changes.  Disable protocols which are not in use (CDP/VTP).  All unused ports should be shut by default.  Use Port-Security.  Use Root Guard/BPDU guard.  Be careful about SNMP community strings.
Questions? Reach me out at admin@theprohack.com
Thank You!

Empfohlen

Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Storm-Control
Storm-ControlStorm-Control
Storm-ControlNetProtocol Xpert
 
Chapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingteknetir
 
Network types & its topology
Network types & its topologyNetwork types & its topology
Network types & its topologyDEVI NATARAJAN
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 

Empfohlen

Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Storm-Control
Storm-ControlStorm-Control
Storm-ControlNetProtocol Xpert
 
Chapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingteknetir
 
Network types & its topology
Network types & its topologyNetwork types & its topology
Network types & its topologyDEVI NATARAJAN
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Switch
SwitchSwitch
SwitchMLG College of Learning, Inc
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notesKrunal Shah
 
wifi
wifiwifi
wifiAmmar WK
 
Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall NetProtocol Xpert
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
Chapter#14
Chapter#14Chapter#14
Chapter#14Syed Muhammad ALi Shah
 
Port forwarding
Port forwardingPort forwarding
Port forwardingRonak Mehta
 
CCNAv5 - S3: Chapter2 Lan Redundancy
CCNAv5 - S3: Chapter2 Lan RedundancyCCNAv5 - S3: Chapter2 Lan Redundancy
CCNAv5 - S3: Chapter2 Lan RedundancyVuz Dở Hơi
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Data Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesData Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesStudent1989
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
14 palo alto quality of service(qos) concept
14 palo alto quality of service(qos) concept14 palo alto quality of service(qos) concept
14 palo alto quality of service(qos) conceptMostafa El Lathy
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPNetProtocol Xpert
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
Firewall
FirewallFirewall
FirewallMuhammad Sohaib Afzaal
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configurationWahyu Nasution
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptxSulSya
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)Netwax Lab
 
Lecture 5 - Agent communication
Lecture 5 - Agent communicationLecture 5 - Agent communication
Lecture 5 - Agent communicationAntonio Moreno
 

Weitere ähnliche Inhalte

Was ist angesagt?

Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall NetProtocol Xpert
 
CCNAv5 - S3: Chapter2 Lan Redundancy
CCNAv5 - S3: Chapter2 Lan RedundancyCCNAv5 - S3: Chapter2 Lan Redundancy
CCNAv5 - S3: Chapter2 Lan RedundancyVuz Dở Hơi
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Data Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesData Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesStudent1989
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
14 palo alto quality of service(qos) concept
14 palo alto quality of service(qos) concept14 palo alto quality of service(qos) concept
14 palo alto quality of service(qos) conceptMostafa El Lathy
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPNetProtocol Xpert
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configurationWahyu Nasution
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptxSulSya
 

Was ist angesagt? (20)

Firewall
FirewallFirewall
Firewall
 
Switch
SwitchSwitch
Switch
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
 
wifi
wifiwifi
wifi
 
Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall
 
Vpn ppt
Vpn pptVpn ppt
Vpn ppt
 
Chapter#14
Chapter#14Chapter#14
Chapter#14
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
 
CCNAv5 - S3: Chapter2 Lan Redundancy
CCNAv5 - S3: Chapter2 Lan RedundancyCCNAv5 - S3: Chapter2 Lan Redundancy
CCNAv5 - S3: Chapter2 Lan Redundancy
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
Data Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesData Packets, Routers and IP Addresses
Data Packets, Routers and IP Addresses
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
14 palo alto quality of service(qos) concept
14 palo alto quality of service(qos) concept14 palo alto quality of service(qos) concept
14 palo alto quality of service(qos) concept
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAP
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configuration
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptx
 

Andere mochten auch

STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)Netwax Lab
 
Lecture 5 - Agent communication
Lecture 5 - Agent communicationLecture 5 - Agent communication
Lecture 5 - Agent communicationAntonio Moreno
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree ProtocolManoj Gharate
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolArash Foroughi
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and routerAkmal Cikmat
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devicesRajesh Sadhukha
 

Andere mochten auch (6)

STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
 
Lecture 5 - Agent communication
Lecture 5 - Agent communicationLecture 5 - Agent communication
Lecture 5 - Agent communication
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and router
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devices
 

Ähnlich wie Introduction to layer 2 attacks & mitigation

The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoTran Thanh Song
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
ccna presentation 2013
ccna presentation 2013ccna presentation 2013
ccna presentation 2013RoHit VashIsht
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2Juli Yaret
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...PROIDEA
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1Chaing Ravuth
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesVamsi Krishna Kalavala
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 

Ähnlich wie Introduction to layer 2 attacks & mitigation (20)

Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
 
Lec21 22
Lec21 22Lec21 22
Lec21 22
 
ccna presentation 2013
ccna presentation 2013ccna presentation 2013
ccna presentation 2013
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2
 
CCNA 1
CCNA 1CCNA 1
CCNA 1
 
CCNA 2
CCNA 2 CCNA 2
CCNA 2
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
 
Switching
SwitchingSwitching
Switching
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 

Mehr von Rishabh Dangwal

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue TeamingRishabh Dangwal
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNETRishabh Dangwal
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security failsRishabh Dangwal
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesRishabh Dangwal
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalRishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalRishabh Dangwal
 

Mehr von Rishabh Dangwal (9)

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue Teaming
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNET
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration Devices
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
 

Kürzlich hochgeladen

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Kürzlich hochgeladen (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Introduction to layer 2 attacks & mitigation

  • 1. An Introduction to Layer 2 Attacks & Mitigation Rishabh Dangwal www.TheProhack.com | Twitter @prohack
  • 2. Agenda  Layer 2 Security - The What, Why and What Now ?  Switching Basics  Quick Knowledge Check  The Attacks & their mitigation.  ARP based  Cisco Specific  STP & VLAN Attacks  Switch Configuration Review – What to look  Question Answer session.
  • 3. Layer 2 Security The What, Why and What Now ?  OSI is a layered model and if one layer gets hacked, all layers are compromised.  Layer 2 Attacks are still very much relevant today.  Poorly configured Network environments.  Information gap between Network and Security Personnel (refer next slide).  Different architectures , same protocols; henceforth same weaknesses.  Security is only as strong as your weakest link.
  • 4. Switching Basics  What is a Switch exactly ?  How does it function ?  VLAN basics.  Tagged and Untagged ports (also called as edge/access and Trunk ports).  Spanning Tree Basics.  Layer 3 Switching ?  More Layer 2 Switching Vendor specific technologies.
  • 5. Quick Knowledge Check Kind questions to ask to your Network & Security Admins 1. How do they handle Network Security issues? 2. Is their network segmented by VLANs ? 3. Are their networked VLANs secure by design ? 4. What is the process of IP Segment allocation ? 5. Is there a formal Change Process in place ?
  • 6. Flooding & Spoofing Attacks Attacks which utilize either flooding or resource starvation  ARP Poisoning  DHCP Starvation  CAM Table overflow
  • 7. ARP Attacks  ARP Poisoning : can be easily carried out.  Stateless protocol.  NO inbuilt authentication  Limited to local network segments.  Can be escalated/exploited to MITM , SSH Interception , DOS, session hijacking attacks.  Tools of Trade : Ettercap, Cain & Abel , Dsniff
  • 8. DHCP Starvation  DHCP Scope exhaustion by installing a rogue DHCP server.  Spoofed MAC requests broadcast/flood network.  Resource starvation occurs which may make a rogue server more effective.  Tools of Trade : Yersinia
  • 9. CAM Table Overflow  Content Addressable Memory (CAM) is used in highly efficient search based environments.  Cisco switches use CAM to make MAC & interface mapping tables.  One can flood MAC in network which can fill CAM & thereby make a switch act like a hub.  Tools of Trade : Dsniff, Ettercap, Cain & Abel and more..
  • 10. Flooding & Spoofing Attacks − Mitigation  Ensure Port Security is enabled (static ARP entries)  Enable Port Security  Enable DHCP Snooping.  Question Network admin on requirement of PARP / GARP if present in configuration.  Dynamic Arp Inspection .
  • 11. Cisco Specific Attacks  CDP attacks − Applicable to Cisco IOS based devices.  VTP attacks − Applicable to Cisco Switches.  DTP Attack − Applicable to Cisco IOS based devices.  HSRP Abuse − Applicable to Cisco IOS based devices.
  • 12. Cisco − CDP Attacks  Cisco Discovery Protocol (CDP) allows Cisco Devices to communicate with each other.  CDP communicates is unencrypted , unauthenticated & carries a ton of information.  CDP can be exploited to   CDP DOS (Even WLCs are vulnerable)  Overflow / Pollution / Corruption of CDP Cache  Raking up power bills (POE abuse)  Tools to Use : Yersinia
  • 13. CDP Attacks − Mitigation  Turn CDP Off.  Check with Network guys for any specific requirement of CDP (VOIP phones/Tshoot).  All unused ports shall be shut by default.  BONUS : Different vendors have similar protocols −  Juniper / Huawei LLDP (LLDP Attack Framework)  Brocade FDP  Maipu MDSP
  • 14. Cisco − VTP Attack  Virtual Trunking Protocol (VTP) is used by Cisco to propagate VLAN information.  VTP uses a versioning system with a client server architecture.  Clients sync their configuration with Server to maintain current VLAN database revision.  Attack involves DOS by sending VTP messages in the network.  Tools of Trade : Yersinia
  • 15. VTP Attack − Mitigation  Check with admin if VTP is required, if NO, recommend them to configure switches in transparent mode.  If Yes, check if following parameters are configured correctly   VTP password should be there and shall be md5 encrypted (Service Password Encryption)  Non participating switches should be configured in transparent mode.  VTP pruning should be enabled.  All unused ports shall be shut by default.
  • 16. DTP Attack  Dynamic Trunking Protocol (DTP) negotiates port states between 2 devices.  By default an interface is negotiated to become a Trunk (Tagged) port, hence its name.  One can send RAW DTP packets on Access interface & can make it trunk.  Trunk interface can then be used to escalate/exploit STP/VTP/VLAN based attacks.  Tools of Trade : Yersinia
  • 17. DTP Attack − Mitigation  Turn of DTP by enabling no more auto-negotiation.  Refer below configuration for access (untagged) port, settings are hardcoded , nothing is auto.  All unused ports shall be shut by default.
  • 18. HSRP Abuse  Hot Standby Router Protocol (HSRP) is used for achieving HA between Cisco devices.  Functions in Active/Passive mode, UDP 1985.  Uses multicast, by default password configured in plain text.  Attacker can send raw HSRP packet.  Compromise and become Active device with real or spoofed IP.  Tool to use : Yersinia
  • 19. HSRP Abuse − Mitigation  Use MD5 authentication.  Hardcode everything.
  • 20. Spanning Tree Attacks  Invented by Dr Radia Perlman, Spanning Tree Protocol (STP) is used for providing a loop free topology for a LAN or bridged network.  An attacker can disrupt STP topology by  Masquerading as a rogue switch.  Introducing a real switch in network.  Spoofing Root Switch  Sending malicious BPDU’s  Claiming roles in topology  Tools of Trade : Yersinia
  • 21. Spanning Tree Attacks − Mitigation  Enable Root Guard on Cisco Switches, Root Protection on Juniper Switches.  Enable BPDU Guard on Cisco Switches, BPDU Protection on Juniper Switches.  All unused ports shall be shut by default.
  • 22. Multicast Brute force  Switch receives a number of multicast frames in rapid succession.  Frames to leak into other VLAN instead of containing it on original VLAN.  May lead to DOS.  Rare nowadays.
  • 23. Multicast Brute Force Attack − Mitigation  Buy switches with better queues/buffer and memory support.  Upgrade your supervisors (4500X and above , Cisco Only).
  • 24. VLAN Based Attacks • VLAN Hopping − 802.1Q abuse. • PVLAN − Bypassing Layer 2 segregation logic.
  • 25. VLAN Hopping  VLAN Hopping refers to emulation of a network switch & send frames (802.1Q/ISL).  An attacker can also send double tagged frames on trunk / access interface.  First frame will be stripped by switch and it will forward the frame to outgoing interface.  Since the frame is having one more tag, it will be forwarded as it is to next unintended VLAN.  Tools of Trade : Scapy, Ostinato
  • 26. VLAN Hopping Attack − Mitigation  Disable DTP  Hardcode everything.  Unused ports shall be configured as access (untagged) ports.  Native VLAN segregation.  Management VLAN segregation.  Don’t use VLAN 1 for *anything*.
  • 27. PVLAN Attacks  Community ports can communicate between themselves & promiscuous ports.  This logic can be bypassed using a proxy server or a Layer 3 Device on a promiscuous port.  L3 device will overwrite destination mac on frame & then sends frame back.  Unidirectional attack can be leveraged to a bidirectional attack by compromising hosts.  Tools of Trade : Scapy / Ostinato
  • 28. PVLAN Attacks – Mitigation  Configure ACL on Layer 3 device.
  • 29. Bonus : SNMP Snarfing  Simple Network Management Protocol (SNMP) is used to monitor and manage devices.  Vendor agonistic , has 3 versions, version 1.0 & version 2.0 most commonly used.  Plain text authentication.  Community strings can be bruteforced , fuzzed & hacked.  Wreak havoc using read write community.  Tools of Trade : Ettercap, dsniff.
  • 30. SNMP Snarfing – Mitigation  Use SNMPv3 *only*, don’t use it in backwards compatible mode.  Don’t use community strings with write access.  Be SNMP Aware, don’t let it become “Security is Not My Problem”.
  • 31. Switch Configuration Review  What to look in a sample Switch configuration dump.  Best Practices.  Looking at the big picture.
  • 32. Conclusion  Ensure Switches are managed in a secured manner.  Hardcode everything.  Ensure there is a Change Management process for any Network and Security Changes.  Disable protocols which are not in use (CDP/VTP).  All unused ports should be shut by default.  Use Port-Security.  Use Root Guard/BPDU guard.  Be careful about SNMP community strings.
  • 33. Questions? Reach me out at admin@theprohack.com