SlideShare una empresa de Scribd logo

Layer 2 Hackery

Security B-Sides
Security B-Sides

Todor Genov ZaCon 2009 http://www.zacon.org.za/Archives/2009/slides/

TecnologíaEmpresariales
1 de 23
Descargar para leer sin conexión
Layer 2 hackery Todor Genov todor@subnet.co.za ZaCon 2009
Why bring up this old topic? Best practices are still being ignored. Compromise on layer 2 == Game Over ZaCon is the perfect place to rekindle awareness ZaCon 2009
Means to an end Getting the upper hand -STP trickery -DTP/VTP trickery -CAM table and DHCP abuse -ARP poisoning Using the tactical advantage -Passive sniffing -DNS spoofing -MiTM ZaCon 2009
STP Avoiding topology loops Single ROOT device in a topology BPDUs By sending crafted BPDUs an attacker can become the root bridge ZaCon 2009
ZaCon 2009
STP attack mitigation Disable STP in a loop-less topology sw1(config)#no spanning-tree vlan 1-1024 Enable bpduguard/bpdufilter on access ports sw1(config)#int Fa0/1 sw1(config-if)#spanning-tree bpdufilter or sw1(config-if)#spanning-tree bpduguard Enable root guard on known STP root ports sw1(config)#int GigabitEthernet 0/1 sw1(config-if)#spanning-tree guard root ZaCon 2009
DTP/VTP Proprietary to Cisco DTP automates trunk port negotiation VTP manages VLANs accross the switching domain
ZaCon 2009
DTP/VTP attack mitigation Disable trunk negotiation on user ports sw1(config)#int Fa0/1 sw1(config-if)#switchport mode access Explicitly specify allowed VLANs on a trunk sw1(config)#int Fa0/1 sw1(config-if)#switchport mode trunk sw1(config-if)#switchport trunk allowed vlan 3,5-7,11 Disable VTP (or at least set a domain password!) sw1(config)#vtp mode transparent or sw1(config)#vtp password T0P53KR3T ZaCon 2009
CAM flood & DHCP attacks CAM tables contain MAC-to-port mappings Switch without CAM table == HUB Fail close vs Fail open DHCP starvation (DoS) ZaCon 2009
CAM flood and DHCP starvation mitigation Port security -Static MAC addresses where possible sw1(config)#int Fa0/1 sw1(config-if)#switchport port-security mac-address 000d.60ce.3c00 -Limit number of dynamic MAC addresses per port sw1(config)#int Fa0/1 sw1(config-if)#switchport port-security maximum 1 sw1(config-if)#switchport port-security { protect | restrict | shutdown } ZaCon 2009
Rogue DHCP Very effective following a DHCP starvation Guess what gateway/DNS info an attacker would supply :) ZaCon 2009
DHCP snooping Blocks rogue DHCP servers sw1(config)#ip dhcp snooping sw1(config)#ip dhcp snooping information option sw1(config)#int Fa0/1 sw1(config-if)#ip dhcp snooping trust Rate-limit DHCP requests on untrusted ports sw1(config-if)#ip dhcp snooping limit 10 ZaCon 2009
ARP poisoning ARP spoofing Gratuitous ARP ZaCon 2009
ZaCon 2009
Dynamic ARP inspection Verifies IP-to-MAC bindings Requires a trusted database of such bindings -DHCP (with snooping enabled) sw1(config)#ip arp inspection vlan 2,3 -Static ACLs sw1(config)#arp access-list laptop-todor sw1(config-arp-nacl)#permit ip host 192.168.0.164 mac host 0023.1206.a634 sw1(config)#ip arp inspection filter todor-laptop vlan 2 ZaCon 2009
Things to keep in mind Virtual environments Zombie computers 802.11 networks (public or otherwise) ZaCon 2009
Using the tactical advantage Sniffing traffic -Ridiculous amounts of unencrypted data is still seen on the network -Information gathering is more than just getting auth credentials -dsniff, Wireshark, tcpdump etc. etc. etc. DNS spoofing -Technically an MiTM attack -DNSSEC does not address client <-> cache security ZaCon 2009
ZaCon 2009
ZaCon 2009
Using the tactical advantage Man in the Middle (MitM) attacks In SSL we trust Humans are often the weakest link ZaCon 2009
ZaCon 2009
References http://seanconvery.com/SEC-2002.pdf http://www.sanog.org/resources/sanog7/yusuf-L2-attack-mitigation.pdf http://www.yesrinia.net/ http://ettercap.sourceforge.net/ http://ettercap.sourceforge.net/ http://www.thoughtcrime.org/ http://www.cisco.com/ http://www.google.com ZaCon 2009

Recomendados

Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2aghacrom
 
1unit2ndpart
1unit2ndpart1unit2ndpart
1unit2ndpartprksh89
 
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...PROIDEA
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with LinuxMaximilan Wilhelm
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacksCyber Security Alliance
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco NexusРазвитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco NexusCisco Russia
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 

Recomendados

Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2Expl sw chapter_02_switches_part_2
Expl sw chapter_02_switches_part_2aghacrom
 
1unit2ndpart
1unit2ndpart1unit2ndpart
1unit2ndpartprksh89
 
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...PROIDEA
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with LinuxMaximilan Wilhelm
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacksCyber Security Alliance
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco NexusРазвитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco NexusCisco Russia
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoTran Thanh Song
 
netfilter programming
netfilter programmingnetfilter programming
netfilter programmingGopi Krishnan S
 
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochKernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochAnne Nicolas
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricksJim MacLeod
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Papers We Love - FaRM distributed transactions (Henry Robinson)
Papers We Love - FaRM distributed transactions (Henry Robinson)Papers We Love - FaRM distributed transactions (Henry Robinson)
Papers We Love - FaRM distributed transactions (Henry Robinson)HenryRobinson
 
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley KuoCODE BLUE
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) Naoto MATSUMOTO
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackMaximilan Wilhelm
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"abend_cve_9999_0001
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK
 
Embedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 PresentationEmbedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 PresentationManish Jaggi
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Maximilan Wilhelm
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 
Basic dns-mod
Basic dns-modBasic dns-mod
Basic dns-modHarry Potter
 
CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands MohamedZiadi5
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 

Más contenido relacionado

La actualidad más candente

FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoTran Thanh Song
 
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochKernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochAnne Nicolas
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricksJim MacLeod
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Papers We Love - FaRM distributed transactions (Henry Robinson)
Papers We Love - FaRM distributed transactions (Henry Robinson)Papers We Love - FaRM distributed transactions (Henry Robinson)
Papers We Love - FaRM distributed transactions (Henry Robinson)HenryRobinson
 
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley KuoCODE BLUE
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) Naoto MATSUMOTO
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackMaximilan Wilhelm
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"abend_cve_9999_0001
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK
 
Embedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 PresentationEmbedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 PresentationManish Jaggi
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Maximilan Wilhelm
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 

La actualidad más candente (20)

FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみた
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
 
netfilter programming
netfilter programmingnetfilter programming
netfilter programming
 
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochKernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricks
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
Papers We Love - FaRM distributed transactions (Henry Robinson)
Papers We Love - FaRM distributed transactions (Henry Robinson)Papers We Love - FaRM distributed transactions (Henry Robinson)
Papers We Love - FaRM distributed transactions (Henry Robinson)
 
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo
[CB21] NAS as Not As Secure by Ta-Lun Yen and Shirley Kuo
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IO
 
Embedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 PresentationEmbedded Systems Conference 2014 Presentation
Embedded Systems Conference 2014 Presentation
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
 
Basic dns-mod
Basic dns-modBasic dns-mod
Basic dns-mod
 

Similar a Layer 2 Hackery

CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands MohamedZiadi5
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part iiKrunal Shah
 
Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingMarton Kiss
 
Understanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksUnderstanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksTien Dung
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksMartin Holovský
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Krunal Shah
 
Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
 
Dhcp security #netseckh
Dhcp security #netseckhDhcp security #netseckh
Dhcp security #netseckhHEM Sothon
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiMackenzie Morgan
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017Juan De Bravo
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
 
Seminariode Seguridad L2
Seminariode Seguridad L2Seminariode Seguridad L2
Seminariode Seguridad L2christian nieto
 
How to configure frame realy
How to configure frame realyHow to configure frame realy
How to configure frame realyNetProtocol Xpert
 

Similar a Layer 2 Hackery (20)

CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands CCNA R&S 2 3 4 All Commands
CCNA R&S 2 3 4 All Commands
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
 
Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programming
 
Understanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 AttacksUnderstanding and Preventing Layer 2 Attacks
Understanding and Preventing Layer 2 Attacks
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigation
 
Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2Topic 5 nx os management-ver 0.2
Topic 5 nx os management-ver 0.2
 
Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your Network
 
Introduction to PROFINET - Derek Lane of Wago
Introduction to PROFINET - Derek Lane of WagoIntroduction to PROFINET - Derek Lane of Wago
Introduction to PROFINET - Derek Lane of Wago
 
Dhcp security #netseckh
Dhcp security #netseckhDhcp security #netseckh
Dhcp security #netseckh
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFi
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
 
Demuxed 2020
Demuxed 2020Demuxed 2020
Demuxed 2020
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat Defense
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
 
Seminariode Seguridad L2
Seminariode Seguridad L2Seminariode Seguridad L2
Seminariode Seguridad L2
 
How to configure frame realy
How to configure frame realyHow to configure frame realy
How to configure frame realy
 

Más de Security B-Sides

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c Security B-Sides
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Security B-Sides
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity B-Sides
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Security B-Sides
 
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineThe Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineSecurity B-Sides
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsSecurity B-Sides
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldSecurity B-Sides
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?Security B-Sides
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the faceSecurity B-Sides
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Security B-Sides
 

Más de Security B-Sides (20)

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atl
 
The road to hell v0.6
The road to hell v0.6The road to hell v0.6
The road to hell v0.6
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
 
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineThe Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource tools
 
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the face
 
Make Tea Not War
Make Tea Not WarMake Tea Not War
Make Tea Not War
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP Proxy
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
 
Exploitation
ExploitationExploitation
Exploitation
 

Último

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Último (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Layer 2 Hackery

  • 1. Layer 2 hackery Todor Genov todor@subnet.co.za ZaCon 2009
  • 2. Why bring up this old topic? Best practices are still being ignored. Compromise on layer 2 == Game Over ZaCon is the perfect place to rekindle awareness ZaCon 2009
  • 3. Means to an end Getting the upper hand -STP trickery -DTP/VTP trickery -CAM table and DHCP abuse -ARP poisoning Using the tactical advantage -Passive sniffing -DNS spoofing -MiTM ZaCon 2009
  • 4. STP Avoiding topology loops Single ROOT device in a topology BPDUs By sending crafted BPDUs an attacker can become the root bridge ZaCon 2009
  • 6. STP attack mitigation Disable STP in a loop-less topology sw1(config)#no spanning-tree vlan 1-1024 Enable bpduguard/bpdufilter on access ports sw1(config)#int Fa0/1 sw1(config-if)#spanning-tree bpdufilter or sw1(config-if)#spanning-tree bpduguard Enable root guard on known STP root ports sw1(config)#int GigabitEthernet 0/1 sw1(config-if)#spanning-tree guard root ZaCon 2009
  • 7. DTP/VTP Proprietary to Cisco DTP automates trunk port negotiation VTP manages VLANs accross the switching domain
  • 9. DTP/VTP attack mitigation Disable trunk negotiation on user ports sw1(config)#int Fa0/1 sw1(config-if)#switchport mode access Explicitly specify allowed VLANs on a trunk sw1(config)#int Fa0/1 sw1(config-if)#switchport mode trunk sw1(config-if)#switchport trunk allowed vlan 3,5-7,11 Disable VTP (or at least set a domain password!) sw1(config)#vtp mode transparent or sw1(config)#vtp password T0P53KR3T ZaCon 2009
  • 10. CAM flood & DHCP attacks CAM tables contain MAC-to-port mappings Switch without CAM table == HUB Fail close vs Fail open DHCP starvation (DoS) ZaCon 2009
  • 11. CAM flood and DHCP starvation mitigation Port security -Static MAC addresses where possible sw1(config)#int Fa0/1 sw1(config-if)#switchport port-security mac-address 000d.60ce.3c00 -Limit number of dynamic MAC addresses per port sw1(config)#int Fa0/1 sw1(config-if)#switchport port-security maximum 1 sw1(config-if)#switchport port-security { protect | restrict | shutdown } ZaCon 2009
  • 12. Rogue DHCP Very effective following a DHCP starvation Guess what gateway/DNS info an attacker would supply :) ZaCon 2009
  • 13. DHCP snooping Blocks rogue DHCP servers sw1(config)#ip dhcp snooping sw1(config)#ip dhcp snooping information option sw1(config)#int Fa0/1 sw1(config-if)#ip dhcp snooping trust Rate-limit DHCP requests on untrusted ports sw1(config-if)#ip dhcp snooping limit 10 ZaCon 2009
  • 14. ARP poisoning ARP spoofing Gratuitous ARP ZaCon 2009
  • 16. Dynamic ARP inspection Verifies IP-to-MAC bindings Requires a trusted database of such bindings -DHCP (with snooping enabled) sw1(config)#ip arp inspection vlan 2,3 -Static ACLs sw1(config)#arp access-list laptop-todor sw1(config-arp-nacl)#permit ip host 192.168.0.164 mac host 0023.1206.a634 sw1(config)#ip arp inspection filter todor-laptop vlan 2 ZaCon 2009
  • 17. Things to keep in mind Virtual environments Zombie computers 802.11 networks (public or otherwise) ZaCon 2009
  • 18. Using the tactical advantage Sniffing traffic -Ridiculous amounts of unencrypted data is still seen on the network -Information gathering is more than just getting auth credentials -dsniff, Wireshark, tcpdump etc. etc. etc. DNS spoofing -Technically an MiTM attack -DNSSEC does not address client <-> cache security ZaCon 2009
  • 21. Using the tactical advantage Man in the Middle (MitM) attacks In SSL we trust Humans are often the weakest link ZaCon 2009
  • 23. References http://seanconvery.com/SEC-2002.pdf http://www.sanog.org/resources/sanog7/yusuf-L2-attack-mitigation.pdf http://www.yesrinia.net/ http://ettercap.sourceforge.net/ http://ettercap.sourceforge.net/ http://www.thoughtcrime.org/ http://www.cisco.com/ http://www.google.com ZaCon 2009